<?
define ("LEVEL", '');
include_once(LEVEL."inc/include.php");
// Capitalizes first letter on each word, added on 12-15-09
$arr = array("First_Name", "Last_Name", "Spouse_Name", "Address", "City", "Province", "Country", "Name_on_card");
foreach ($arr as $field)
{
$_POST[$field] = strip_tags(strtolower(stripslashes($_POST[$field])));
$_POST["$field"] = ucwords($_POST["$field"]);
}
// End capitalizing
// Sanitizing inputs suggested by Ray Paseur
/*$db_post = $_POST;
$db_post = array_map('mysql_real_escape_string', $db_post);
$em_post = $_POST;
$em_post = array_map('stripslashes', $em_post);
$em_post = array_map('striptags', $em_post); */
//Sanitation suggested by Dave Baldwin
/*$Price = max(0,floor($_POST["Price"] ));
$check__fields = $_POST["check__fields"];
$check__fields = substr($check__fields,0,64);
$check__fields = mysql_real_escape_string( $check__fields);
$status = $_POST["status"];
$status = substr($status,0,12);
$status = mysql_real_escape_string( $status);
$First_Name = $_POST["First_Name"];
$First_Name = substr($First_Name,0,12);
$First_Name = mysql_real_escape_string( $First_Name);
$Last_Name = $_POST["Last_Name"];
$Last_Name = substr($Last_Name,0,12);
$Last_Name = mysql_real_escape_string( $Last_Name);
$Spouse_Name = $_POST["Spouse_Name"];
$Spouse_Name = substr($Spouse_Name,0,12);
$Spouse_Name = mysql_real_escape_string( $Spouse_Name);
$Marital_Status = $_POST["Marital_Status"];
$Marital_Status = substr($Marital_Status,0,12);
$Marital_Status = mysql_real_escape_string( $Marital_Status);
$Address = $_POST["Address"];
$Address = substr($input,0,48);
$Address = mysql_real_escape_string( $Address);
$City = $_POST["City"];
$City = substr($City,0,20);
$City = mysql_real_escape_string( $City);
$Province = $_POST["Province"];
$Province = substr($Province,0,64);
$Province = mysql_real_escape_string( $Province);
$Zip_Code = $_POST["Zip_Code"];
$Zip_Code = substr($Zip_Code,0,9);
$Zip_Code = mysql_real_escape_string( $Zip_Code);
$Country = $_POST["Country"];
$Country = substr($Country,0,64);
$Country = mysql_real_escape_string( $Country);
$Day_Phone = $_POST["Day_Phone"];
$Day_Phone = substr($Day_Phone,0,20);
$Day_Phone = mysql_real_escape_string( $Day_Phone);
$Night_Phone = $_POST["Night_Phone"];
$Night_Phone = substr($Night_Phone,0,20);
$Night_Phone = mysql_real_escape_string( $Night_Phone);
$Fax = $_POST["Fax"];
$Fax = substr($Fax,0,20);
$Fax = mysql_real_escape_string( $Fax);
$Email = $_POST["Email"];
$Email = substr($Email,0,64);
$Email = mysql_real_escape_string( $Email);
$Best_Time_to_Call = $_POST["Best_Time_to_Call"];
$Best_Time_to_Call = substr($Best_Time_to_Call,0,9);
$Best_Time_to_Call = mysql_real_escape_string( $Best_Time_to_Call);
$Age = $_POST["Age"];
$Age = substr($Age,0,2);
$Age = mysql_real_escape_string( $Age);
$Income = $_POST["Income"];
$Income = substr($Income,0,9);
$Income = mysql_real_escape_string( $Income);
$Card_Number = $_POST["Card_Number"];
$Card_Number = substr($Card_Number,0,16);
$Card_Number = mysql_real_escape_string( $Card_Number);
$Card_Expiration = $_POST["Card_Expiration"];
$Card_Expiration = substr($Card_Expiration,0,32);
$Card_Expiration = mysql_real_escape_string( $Card_Expiration);
$Name_on_card = $_POST["Name_on_card"];
$Name_on_card = substr($Name_on_card,0,64);
$Name_on_card = mysql_real_escape_string( $Name_on_card);
$Card_Type = $_POST["Card_Type"];
$Card_Type = substr($Card_Type,0,64);
$Card_Type = mysql_real_escape_string( $Card_Type);
$Comments = $_POST["Comments"];
$Comments = substr($Comments,0,64);
$Comments = mysql_real_escape_string( $Comments);
$form_type = $_POST["form_type"];
$form_type = substr($form_type,0,64);
$form_type = mysql_real_escape_string( $form_type);
$Resort = $_POST["Resort"];
$Resort = substr($Resort,0,64);
$Resort = mysql_real_escape_string( $Resort);
$Hotel = $_POST["Hotel"];
$Hotel = substr($Hotel,0,64);
$Hotel = mysql_real_escape_string( $Hotel);
$Room_Type = $_POST["Room_Type"];
$Room_Type = substr($Room_Type,0,24);
$Room_Type = mysql_real_escape_string( $Room_Type);
$Arrival_Month = $_POST["Arrival_Month"];
$Arrival_Month = substr($Arrival_Month,0,20);
$Arrival_Month = mysql_real_escape_string( $Arrival_Month);
$Arrival_Date = $_POST["Arrival_Date"];
$Arrival_Date = substr($Arrival_Date,0,2);
$Arrival_Date = mysql_real_escape_string( $Arrival_Date);
$Arrival_Year = $_POST["Arrival_Year"];
$Arrival_Year = substr($Arrival_Year,0,4);
$Arrival_Year = mysql_real_escape_string( $Arrival_Year);
$Checkin_Date = $_POST["Checkin_Date"];
$Checkin_Date = substr($Checkin_Date,0,64);
$Checkin_Date = mysql_real_escape_string( $Checkin_Date);
$Checkout_Date = $_POST["Checkout_Date"];
$Checkout_Date = substr($Checkout_Date,0,64);
$Checkout_Date = mysql_real_escape_string( $Checkout_Date);
$Nights = $_POST["Nights"];
$Nights = substr($Nights,0,7);
$Nights = mysql_real_escape_string( $Nights);
$Tickets = $_POST["Tickets"];
$Tickets = substr($Tickets,0,64);
$Tickets = mysql_real_escape_string( $Tickets);
$Adults = $_POST["Adults"];
$Adults = substr($Adults,0,10);
if(!is_numeric($Adults)) $Adults = 0; or whatever value you want for a bad input
$Adults = mysql_real_escape_string( $Adults);
$Juniors = $_POST["Juniors"];
$Juniors = substr($Juniors,0,7);
$Juniors = mysql_real_escape_string( $Juniors);
$Children = $_POST["Children"];
$Children = substr($Children,0,7);
$Children = mysql_real_escape_string( $Children);*/
/*$check__fields = htmlentities($_POST["check__fields"],ENT_QUOTES); Suggested by Yodercm
$status = htmlentities($_POST["status"],ENT_QUOTES);
$Price = htmlentities($_POST["Price"],ENT_QUOTES);
$First_Name = htmlentities($_POST["First_Name"],ENT_QUOTES);
$Last_Name = htmlentities($_POST["Last_Name"],ENT_QUOTES);
$Spouse_Name = htmlentities($_POST["Spouse_Name"],ENT_QUOTES);
$Marital_Status = htmlentities($_POST["Marital_Status"],ENT_QUOTES);
$Address = htmlentities($_POST["Address"],ENT_QUOTES);
$City = htmlentities($_POST["City"],ENT_QUOTES);
$Province = htmlentities($_POST["Province"],ENT_QUOTES);
$Zip_Code = htmlentities($_POST["Zip_Code"],ENT_QUOTES);
$Country = htmlentities($_POST["Country"],ENT_QUOTES);
$Day_Phone = htmlentities($_POST["Day_Phone"],ENT_QUOTES);
$Night_Phone = htmlentities($_POST["Night_Phone"],ENT_QUOTES);
$Fax = htmlentities($_POST["Fax"],ENT_QUOTES);
$Email = htmlentities($_POST["Email"],ENT_QUOTES);
$Best_Time_to_Call = htmlentities($_POST["Best_Time_to_Call"],ENT_QUOTES);
$Age = htmlentities($_POST["Age"],ENT_QUOTES);
$Income = htmlentities($_POST["Income"],ENT_QUOTES);
$Card_Number = htmlentities($_POST["Card_Number"],ENT_QUOTES);
$Card_Expiration = htmlentities($_POST["Card_Expiration"],ENT_QUOTES);
$Name_on_card = htmlentities($_POST["Name_on_card"],ENT_QUOTES);
$Comments = htmlentities($_POST["Comments"],ENT_QUOTES);
$form_type = htmlentities($_POST["form_type"],ENT_QUOTES);
$Resort = htmlentities($_POST["Resort"],ENT_QUOTES);
$Hotel = htmlentities($_POST["Hotel"],ENT_QUOTES);
$Room_Type = htmlentities($_POST["Room_Type"],ENT_QUOTES);
$Arrival_Month = htmlentities($_POST["Arrival_Month"],ENT_QUOTES);
$Arrival_Date = htmlentities($_POST["Arrival_Date"],ENT_QUOTES);
$Arrival_Year = htmlentities($_POST["Arrival_Year"],ENT_QUOTES);
$Checkin_Date = htmlentities($_POST["Checkin_Date"],ENT_QUOTES);
$Checkout_Date = htmlentities($_POST["Checkout_Date"],ENT_QUOTES);
$Nights = htmlentities($_POST["Nights"],ENT_QUOTES);
$Tickets = htmlentities($_POST["Tickets"],ENT_QUOTES);
$Adults = htmlentities($_POST["Adults"],ENT_QUOTES);
$Juniors = htmlentities($_POST["Juniors"],ENT_QUOTES);
$Children = htmlentities($_POST["Children"],ENT_QUOTES);
End sanitizing */
$user = new user();
$reservation = new reservation();
$form_type = $reservation->loadFields($_REQUEST["form_type"]);
$step = ($_REQUEST["step"]) ? ($_REQUEST["step"]) : ("1");
switch($step) {
case "1":
$_REQUEST["form_type"] = $form_type;
$_REQUEST["yes_no"] = 1;
$order = array("check__fields", "form_type", "Resort", "Hotel", "Room_Type", "Arrival_Month", "Arrival_Date", "Arrival_Year",
"Nights", "Tickets", "Adults", "Juniors", "Children");
$res = sort_res($reservation->showRecord($_REQUEST,$reservation->lists), $order);
for($i = 0; $i < sizeof($res); ++$i){
if(in_array($res[$i]["name"], array("Resort", "Hotel", "Arrival_Month", "Arrival_Date", "Arrival_Year", "Room_Type", "Nights", "Tickets"))){
if (isset($_REQUEST[$res[$i]["name"]])) {
$res[$i]["type"] = "static";
}
}
}
$smarty->assign("reservation", $res);
break;
case "cc":
$order = array("check__fields", "form_type", "Resort", "Hotel", "Room_Type", "Arrival_Month", "Arrival_Date", "Arrival_Year", "Checkin_Date", "Checkout_Date", "Nights", "Tickets", "Adults", "Juniors", "Children", "Number_of_Guest", "Price",
"First_Name", "Last_Name", "Spouse_Name", "Marital_Status", "Address", "City", "State",
"Province", "Country", "Zip_Code", "Day_Phone", "Night_Phone", "Email", "Fax",
"Best_Time_to_Call", "Age", "Income", "Card_Number",
"Card_Expiration", "Name_on_card", "Comments", "agreement");
$price = CalculatePrice($_POST);
$_POST["Price"] = $price["txt"];
$_POST["Country"] = "United States";
$guests = 0;
foreach (array("Adults", "Juniors", "Children") as $type){
if(isset($_POST[$type])){
$guests += $_POST[$type];
}
}
$_POST["Number_of_Guest"] = $guests;
unset($_POST["check__fields"]);
$res = $reservation->showRecord($_POST,$reservation->lists);
for($i = 0; $i < sizeof($res); ++$i) {
if ($res[$i]["name"] == "Checkout_Date") {
$res[$i]["type"] = "static";
$res[$i]["check"] = "Check";
$res[$i]["title"] = "Checkout Date";
$res[$i]["value"] = date("l F jS Y", strtotime("+ $_POST[Nights] days", strtotime($_POST["Arrival_Month"] . " " . $_POST["Arrival_Date"] . " " . $_POST["Arrival_Year"])));
}
if ($res[$i]["name"] == "Checkin_Date") {
$res[$i]["type"] = "static";
$res[$i]["check"] = "Check";
$res[$i]["title"] = "Check In Date";
$res[$i]["value"] = date("l F jS Y", strtotime($_POST["Arrival_Month"] . " " . $_POST["Arrival_Date"] . " " . $_POST["Arrival_Year"]));
}
}
$res[] = array(
'type' => 'checkbox',
'check' => 'Check',
'name' => 'agreement',
'title' => 'I Agree to the Terms & Conditions',
'value' => 'To submit the form you must accept the Terms and Conditions.'
);
$res = sort_res($res, $order);
for($i = 0; $i < sizeof($res); ++$i){
if(in_array($res[$i]["name"], array("Resort", "Hotel", "Room_Type", "Arrival_Month", "Arrival_Date", "Arrival_Year", "Checkin_Date", "Checkout_Date",
"Nights", "Tickets", "Adults", "Juniors", "Children", "Number_of_Guest", "Price"))){
$res[$i]["type"] = "static";
$res[$i]["check"] = '';
}
if ($res[$i]["name"] == "check__fields") {
$res[$i]["value"] .= ",agreement,Check";
}
}
$smarty->assign("reservation", $res);
break;
case "2":
$order = array("check__fields", "form_type", "Resort", "Hotel", "Room_Type", "Arrival_Month", "Arrival_Date", "Arrival_Year", "Checkin_Date", "Checkout_Date", "Nights", "Tickets", "Adults", "Juniors", "Children", "Number_of_Guest", "Price",
"First_Name", "Last_Name", "Spouse_Name", "Marital_Status", "Address", "City", "State",
"Province", "Country", "Zip_Code", "Day_Phone", "Night_Phone", "Email", "Fax",
"Best_Time_to_Call", "Age", "Income", "Card_Number", "Card_Type",
"Card_Expiration", "Name_on_card", "Comments");
$price = CalculatePrice($_POST);
$_POST["Price"] = $price["txt"];
$guests = 0;
foreach (array("Adults", "Juniors", "Children") as $type){
if(isset($_POST[$type])){
$guests += $_POST[$type];
}
}
$_POST["Number_of_Guest"] = $guests;
$_POST["Card_Number"] = ereg_replace("[^0-9]", "", $_POST["Card_Number"]);
if($_POST["Card_Number"][0] == "5"){
$_POST["Card_Type"] = "Master Card";
}
else if ($_POST["Card_Number"][0] == "4"){
$_POST["Card_Type"] = "Visa";
}
else if (substr($_POST["Card_Number"],0, 2) == "34" or substr($_POST["Card_Number"],0, 2) == "37"){
$_POST["Card_Type"] = "American Express";
}
else if (substr($_POST["Card_Number"], 0, 4) == "6011"){
$_POST["Card_Type"] = "Discover";
}
else{
$_POST["Card_Type"] = "Unknown";
}
// Format the phone numbers
$_POST['Day_Phone'] = formatPhone($_POST['Day_Phone']);
$_POST['Night_Phone'] = formatPhone($_POST['Night_Phone']);
$_POST['Fax'] = formatPhone($_POST['Fax']);
$res = sort_res($reservation->showRecord($_POST,$reservation->lists), $order);
$newres = array();
foreach($res as $item){
if($item["name"] == "Card_Number"){
$item["type"] = "hidden";
$newres[] = $item;
$newres[] = array(
'type' => 'Juniors',
'check' => '#',
'name' => '',
'title' => 'Card Number',
'value' => substr("****************", 0, strlen($item["value"]) - 4) . substr($item["value"], strlen($item["value"]) - 4, 4)
);
}
else{
$newres[] = $item;
}
}
$smarty->assign("reservation", $newres);
break;
}
function sort_res($res, $order) {
$newres = array();
foreach($order as $row) {
foreach($res as $item) {
if ($item["name"] == $row) {
$newres[] = $item;
}
}
}
return $newres;
}
$smarty->assign("content", "reservation".$step.".html");
$smarty->display("form_".$form_type.".html");
?>