NCPA - National Center for Policy Analysis

TRUE){ include("admin/include/functions.php"); //validation $errorbegin = "

"; $errorend = "

\n"; $cleancc = array("-","_"," ","/",".","(",")",","); $cleanphone = array("-","_"," ","/",".","(",")",","); $cleanamount = array("$","_"," ","/","(",")",","); $cleanname = array("'","\""); //change in Recurring if($CC_Recurring_Length>0) $CC_Bill_Type="Recurring"; if(!$CC_Recurring_Length) $CC_Recurring_Length=0; // $Amount = trim($Amount); $Amount = str_replace($cleanamount,"",$Amount); $CC_Type = trim($CC_Type); $CC_Name = trim($CC_Name); $CC_Num = trim($CC_Num); $CC_Num = str_replace($cleancc,"",$CC_Num); $Last_Name = trim($Last_Name); $Last_Name = str_replace($cleanname,"",$Last_Name); $First_Name = trim($First_Name); $First_Name = str_replace($cleanname,"",$First_Name); $Street = trim($Street); $Street = str_replace($cleanname,"",$Street); $City = trim($City); $State = trim($State); $Zip = trim($Zip); $Phone = str_replace($cleanphone,"",$Phone); $Phone = trim($Phone); $Fax = str_replace($cleanphone,"",$Fax); $Fax = trim($Fax); $Email = trim($Email); if($Amount=="Other") $Amount = $Other_Amount; //check text boxes for information if(!is_numeric($Amount)) $dontprocess .= "$errorbegin The Donation Amount is not valid! $errorend"; if($Title == "...") $dontprocess .= "$errorbegin Please select a valid Title! $errorend"; if($First_Name == "") $dontprocess .= "$errorbegin Please enter a valid First Name! $errorend"; if($Last_Name == "") $dontprocess .= "$errorbegin Please enter a valid Last Name! $errorend"; if(!check_email_address($Email)) $dontprocess .= "$errorbegin Please enter a valid Email Address! $errorend"; if($Street == "") $dontprocess .= "$errorbegin Please enter a valid Street Address! $errorend"; if($City == "") $dontprocess .= "$errorbegin Please enter a valid Town or City! $errorend"; if($State == "") $dontprocess .= "$errorbegin Please select a valid State/Province! $errorend"; //if(!is_numeric($Zip) or strlen($Zip) < 4) $dontprocess .= "$errorbegin Please enter a valid Zip/Postcode! $errorend"; //if(!is_numeric($Phone)) $dontprocess .= "$errorbegin Please enter a valid Telephone Number! $errorend"; if($CC_Name == "") $dontprocess .= "$errorbegin Please enter a valid Name on Card! $errorend"; if($CC_Type == "") $dontprocess .= "$errorbegin Please select a valid Card Type! $errorend"; //check admin options if CCV should be turned on $doselect = "select Option_Value from admin_options where Option_Name ='Use_CCV'"; $query = mysql_query($doselect) or die('SELECT error: '.mysql_errno().', '.mysql_error()); $info = mysql_fetch_array($query); if($info['Option_Value']==1){ if(strlen($CC_CCV) < 3) $dontprocess .= "$errorbegin Please enter a valid Card CCV! $errorend"; }else $CC_CCV = ""; //CC check expiration date $currentyear = date("y", time()); $currentmonth = date("m", time()); $currenttime = $currentyear . "-" . $currentmonth; $CC_Time = $CC_Year . "-" . $CC_Month; if($CC_Time < $currenttime) $dontprocess .= "$errorbegin Please enter a valid Card Expiration! $errorend"; //CC number validation $chars = preg_split('//', $CC_Num, -1, PREG_SPLIT_NO_EMPTY); if($CC_Type == "Visa"){ if($chars[0] <> 4) $badcc = "TRUE"; } if($CC_Type == "Mastercard"){ if($chars[0] <> 5) $badcc = "TRUE"; } if($CC_Type == "AMEX"){ if($chars[0] <> 3) $badcc = "TRUE"; } //Luhn formula CC Num checksum $cardnumber=$CC_Num; $cardnumber=preg_replace("/\D|\s/", "", $cardnumber); # strip any non-digits $cardlength=strlen($cardnumber); $parity=$cardlength % 2; $sum=0; for ($i=0; $i<$cardlength; $i++) { $digit=$cardnumber[$i]; if ($i%2==$parity) $digit=$digit*2; if ($digit>9) $digit=$digit-9; $sum=$sum+$digit; } $valid=($sum%10==0); if($valid<>1) $badcc = "TRUE"; if(!is_numeric($CC_Num) or $badcc) $dontprocess .= "$errorbegin Please enter a valid Card Number! $errorend"; //no errors, process if(!$dontprocess){ //get and seperate issues by number $issues = $_POST['Issue_Num']; $Issue_Num = ""; for($i=0;$i= $admin_fraud_count or $banned_count >0){ $banned_timestamp = date('Y-m-d H:i:s', time() + $admin_fraud_banned); $dolog = "insert into log (IP, Timestamp, Banned_Timestamp) values ('$ip', '$Date', '$banned_timestamp')"; $query = mysql_query($dolog) or die('Insert error: '.mysql_errno().', '.mysql_error()); $dontprocess = "$errorbegin You have exceeded the number of retries. Please contact the NCPA at 972-386-6272. $errorend"; } if(!$dontprocess){ //log this attempt $dolog = "insert into log (IP, Timestamp) values ('$ip', '$Date')"; $query = mysql_query($dolog) or die('Insert error: '.mysql_errno().', '.mysql_error()); } } } //check which processing method to use if(!$dontprocess){ $docheck = "select Option_Value from admin_options where Option_Name = 'Use_CC'"; $query = mysql_query($docheck) or die('Select error: '.mysql_errno().', '.mysql_error()); $info = mysql_fetch_array($query); if($info['Option_Value']==1){ //use a cc processor $Use_CC = 1; if($CC_Bill_Type=="Recurring") include("admin/include/ccrecurprocess.php"); else include("admin/include/ccprocess.php"); }else{ //no cc processor, split card in db and email other half $CC_Insert = "$CC_Beg" . "$CC_End"; $CC_Exp = "$CC_Month" . "/" . "$CC_Year"; //insert Donation info $doinsert = "insert into donation (Title, Last_Name, First_Name, Middle_Name, Suffix, Company, Position, Street, City, State, Zip, Phone, Fax, Email, Issue_Num, Amount, Date, CC_Name, CC_Num, CC_Exp, CC_Type, CC_CCV, CC_Bill_Type, CC_Recurring_Length, gif_Title, gif_First_Name, gif_Last_Name, gif_Street, gif_City, gif_State, gif_Zip, Promo) values('$Title','".mysql_real_escape_string($Last_Name)."', '".mysql_real_escape_string($First_Name)."', '".mysql_real_escape_string($Middle_Name)."', '".mysql_real_escape_string($Suffix)."', '".mysql_real_escape_string($Company)."', '".mysql_real_escape_string($Position)."', '".mysql_real_escape_string($Street)."', '".mysql_real_escape_string($City)."', '".mysql_real_escape_string($State)."', '".mysql_real_escape_string($Zip)."', '".mysql_real_escape_string($Phone)."', '".mysql_real_escape_string($Fax)."', '".mysql_real_escape_string($Email)."', '$Issue_Num', $Amount, '$Date', '$CC_Name', $CC_Insert, '$CC_Exp', '$CC_Type', '$CC_CCV', '$CC_Bill_Type', '$CC_Recurring_Length', '".mysql_real_escape_string($gif_Title)."', '".mysql_real_escape_string($gif_First_Name)."', '".mysql_real_escape_string($gif_Last_Name)."', '".mysql_real_escape_string($gif_Street)."', '".mysql_real_escape_string($gif_City)."', '".mysql_real_escape_string($gif_State)."', '".mysql_real_escape_string($gif_Zip)."', '".mysql_real_escape_string($Promo)."')"; }//end check for cc processor } if(!$dontprocess){ $query = mysql_query($doinsert) or die('INSERT error: '.mysql_errno().', '.mysql_error()); //get donation ID for Email $Donation_Num = mysql_insert_id(); //unlock the donation table $dolock = "unlock tables"; $Result = mysql_query($dolock) or die ( "Could Not UnLock Table: " . mysql_error() ); //email the users defined by admin include("admin/include/email_template.php"); unset($doonce); $_SESSION["Donated"] = TRUE; } else{ //unlock the donation table $dolock = "unlock tables"; $Result = mysql_query($dolock) or die ( "Could Not UnLock Table: " . mysql_error() ); } }//end of dontprocess }//end if donated submitted ?> NCPA - National Center for Policy Analysis