From f0a950530aa6a870952849d7d19090b28fff3254 Mon Sep 17 00:00:00 2001
From: Eric Bollengier <eric@eb.homelinux.org>
Date: Thu, 6 Mar 2008 16:22:27 +0000
Subject: [PATCH] ebl  Add javascript verification code

---
 docs/home-page/en/pages/testimonial.php | 281 ++++++++++++++++--------
 1 file changed, 195 insertions(+), 86 deletions(-)

diff --git a/docs/home-page/en/pages/testimonial.php b/docs/home-page/en/pages/testimonial.php
index eaa9c410..d81420bf 100644
--- a/docs/home-page/en/pages/testimonial.php
+++ b/docs/home-page/en/pages/testimonial.php
@@ -3,7 +3,7 @@
 $dat_dir = '/tmp/testimonials';
 
 $org_type_lst = array(
-       '0'   => "SELECT ONE",
+       'empty'   => "SELECT ONE",
        '15'  => "Church / Religious Organization",
        '3'   => "Corporation",
        '14'  => "Educational Institution",
@@ -15,7 +15,7 @@ $org_type_lst = array(
 );
 
 $version_lst = array(
-       '0'   => "SELECT ONE",
+       'empty'   => "SELECT ONE",
        '1'   => "1.36.x",
        '2'   => "1.38.x",
        '3'   => "2.0.x",
@@ -24,57 +24,57 @@ $version_lst = array(
 );
 
 $catalog_lst = array(
-       '0'   => "SELECT ONE",
+       'empty'   => "SELECT ONE",
        '1'   => "MySQL",
        '2'   => "PostgreSQL",
        '3'   => "SqLite"
 );
 
 $org_industry_lst = array(
-   '0'   => 'SELECT ONE',                               '25'  => 'Aerospace / Aeronautical',
-   '11'  => 'Agriculture / Farming',                    '38'  => 'Architecture / Design',
-   '44'  => 'Arts',                                     '5'   => 'ASP',
-   '54'  => 'Banking',
-   '42'  => 'Church / Religious Organization',          '45'  => 'Coaching',
-   '10'  => 'Construction',                             '22'  => 'Consulting (General)',
-   '21'  => 'Consulting (Information Technology)',      '31'  => 'Defense Industry',
-   '51'  => 'Education / Training',                     '37'  => 'Energy Industry',
-   '46'  => 'Engineering',                              '35'  => 'Entertainment (Film)',
-   '34'  => 'Entertainment (Music)',                    '36'  => 'Entertainment (Other)',
-   '47'  => 'Event Management / Conferences',           '7'   => 'Finance / Banking / Accounting',
-   '12'  => 'Food Service Industry',                    '29'  => 'Government',
-   '3'   => 'Healthcare / Medicine',                    '8'   => 'Higher Education',
-   '6'   => 'Insurance',                                '4'   => 'Internet Service Provider',
-   '2'   => 'K-12 Education',                           '48'  => 'Law Enforcement / Emergency Management',
-   '14'  => 'Legal',                                    '24'  => 'Manufacturing (Computer Equipment)',
-   '23'  => 'Manufacturing (General)',                  '53'  => 'Media (Publishing, Broadcasting, etc)',
-   '30'  => 'Military',                                 '9'   => 'Mining',
-   '18'  => 'Natural Resources / Environment',          '15'  => 'Pharmaceuticals',
-   '49'  => 'Public Relations / Advertising',           '13'  => 'Real Estate',
-   '41'  => 'Retail / Consumer Goods',                  '52'  => 'Sales / Marketing',
-   '32'  => 'Scientific Research',                      '33'  => 'Sports / Recreation',
-   '43'  => 'Technical College / Trade School',         '40'  => 'Telecommunications',
-   '27'  => 'Transportation Industry (Air)',            '28'  => 'Transportation Industry (General)',
-   '26'  => 'Transportation Industry (Marine)',         '50'  => 'Travel / Tourism / Lodging',
-   '17'  => 'Travel Industry',                          '39'  => 'Utilities / Public Works',
-   '16'  => 'Other'                             
+ 'empty'   => 'SELECT ONE',                      '25'  => 'Aerospace / Aeronautical',
+ '11'  => 'Agriculture / Farming',               '38'  => 'Architecture / Design',
+ '44'  => 'Arts',                                '5'   => 'ASP',
+ '54'  => 'Banking',
+ '42'  => 'Church / Religious Organization',     '45'  => 'Coaching',
+ '10'  => 'Construction',                        '22'  => 'Consulting (General)',
+ '21'  => 'Consulting (Information Technology)', '31'  => 'Defense Industry',
+ '51'  => 'Education / Training',                '37'  => 'Energy Industry',
+ '46'  => 'Engineering',                         '35'  => 'Entertainment (Film)',
+ '34'  => 'Entertainment (Music)',               '36'  => 'Entertainment (Other)',
+ '47'  => 'Event Management / Conferences',      '7'   => 'Finance / Banking / Accounting',
+ '12'  => 'Food Service Industry',               '29'  => 'Government',
+ '3'   => 'Healthcare / Medicine',               '8'   => 'Higher Education',
+ '6'   => 'Insurance',                           '4'   => 'Internet Service Provider',
+ '2'   => 'K-12 Education',                      '48'  => 'Law Enforcement / Emergency Management',
+ '14'  => 'Legal',                               '24'  => 'Manufacturing (Computer Equipment)',
+ '23'  => 'Manufacturing (General)',             '53'  => 'Media (Publishing, Broadcasting, etc)',
+ '30'  => 'Military',                            '9'   => 'Mining',
+ '18'  => 'Natural Resources / Environment',     '15'  => 'Pharmaceuticals',
+ '49'  => 'Public Relations / Advertising',      '13'  => 'Real Estate',
+ '41'  => 'Retail / Consumer Goods',             '52'  => 'Sales / Marketing',
+ '32'  => 'Scientific Research',                 '33'  => 'Sports / Recreation',
+ '43'  => 'Technical College / Trade School',    '40'  => 'Telecommunications',
+ '27'  => 'Transportation Industry (Air)',       '28'  => 'Transportation Industry (General)',
+ '26'  => 'Transportation Industry (Marine)',    '50'  => 'Travel / Tourism / Lodging',
+ '17'  => 'Travel Industry',                     '39'  => 'Utilities / Public Works',
+ '16'  => 'Other'                             
 );
 
 $os_lst = array(
-   '0'  =>  'SELECT ONE',                       '20' =>  'AIX',
-   '21' =>  'FreeBSD',                          '14' =>  'HP-UX',
-   '2'  =>  'Linux (Debian)',                   '27' =>  'Linux (Fedora)',
-   '25' =>  'Linux (Gentoo)',                   '4'  =>  'Linux (Mandrake)',
-   '5'  =>  'Linux (Other)',                    '1'  =>  'Linux (RedHat)',
-   '26' =>  'Linux (Slackware)',                '3'  =>  'Linux (Suse)',
-   '18' =>  'Mac OS X',                         '22' =>  'NetBSD',
-   '23' =>  'OpenBSD',                          '24' =>  'Other',
-   '13' =>  'Solaris',                          '15' =>  'Windows 2000',
-   '16' =>  'Windows 2003',                     '17' =>  'Windows XP'
+   'empty'  =>  'SELECT ONE',          '20' =>  'AIX',
+   '21' =>  'FreeBSD',                 '14' =>  'HP-UX',
+   '2'  =>  'Linux (Debian)',          '27' =>  'Linux (Fedora)',
+   '25' =>  'Linux (Gentoo)',          '4'  =>  'Linux (Mandrake)',
+   '5'  =>  'Linux (Other)',           '1'  =>  'Linux (RedHat)',
+   '26' =>  'Linux (Slackware)',       '3'  =>  'Linux (Suse)',
+   '18' =>  'Mac OS X',                '22' =>  'NetBSD',
+   '23' =>  'OpenBSD',                 '24' =>  'Other',
+   '13' =>  'Solaris',                 '15' =>  'Windows 2000',
+   '16' =>  'Windows 2003',            '17' =>  'Windows XP'
 ); 
 
 $country_lst = array(
-   '0'   =>  'SELECT ONE',              '1'   =>  'Afghanistan',
+   'empty'   =>  'SELECT ONE',          '1'   =>  'Afghanistan',
    '2'   =>  'Albania',                 '3'   =>  'Algeria',
    '4'   =>  'American Samoa',          '5'   =>  'Andorra',
    '6'   =>  'Angola',                  '7'   =>  'Anguilla',
@@ -193,14 +193,122 @@ $country_lst = array(
    '229' =>  'Zambia',                  '230' =>  'Zimbabwe'
 );
 
-if ($_REQUEST['btnSubmit'] == 'Add' or $_REQUEST['btnSubmit'] == 'Modify')
+if ($_REQUEST['action'] == 'Add' or $_REQUEST['action'] == 'Modify')
 {
 
 ?>
+
+<script type="text/javascript" language="JavaScript">
+
+function validate_testimonial (form) {
+    var alertstr = '';
+    var invalid  = 0;
+    var invalid_fields = new Array();
+    var ok;
+    // email: standard text, hidden, password, or textarea box
+    var email = form.elements['email_address'].value;
+    if (email == null || ! email.match(/^[\w\-\+\._]+\@[a-zA-Z0-9][-a-zA-Z0-9\.]*\.[a-zA-Z]+$/)) {
+        alertstr += '- Invalid entry for the "Email" field\n';
+        invalid++;
+        invalid_fields.push('email_address');
+    }
+
+    // contact_name: standard text, hidden, password, or textarea box
+    var contact_name = form.elements['contact_name'].value;
+    if (contact_name == null || ! contact_name.match(/^[a-zA-Z]+[- ]?[a-zA-Z]+\s*,?([a-zA-Z]+|[a-zA-Z]+\.)?$/)) {
+        alertstr += '- Invalid entry for the "Contact Name" field\n';
+        invalid++;
+        invalid_fields.push('contact_name');
+    }
+
+    // org_name: standard text, hidden, password, or textarea box
+    var org_name = form.elements['org_name'].value;
+    if (org_name == null || ! org_name.match(/^[a-zA-Z0-9();@%, :!\/]+$/)) {
+        alertstr += '- Invalid entry for the "Organization Name" field\n';
+        invalid++;
+        invalid_fields.push('org_name');
+    }
+    var number = form.elements['orgtype_id'].value;
+    if (number == null || ! number.match(/^[0-9]+$/)) {
+        alertstr += '-  Choose one of the "Organization type" options\n';
+        invalid_fields.push('orgtype_id');
+        invalid++;
+    } 
+    number = form.elements['orgindustry_id'].value;
+    if (number == null || ! number.match(/^[0-9]+$/)) {
+        alertstr += '- Choose one of the "Organization industry type" options\n';
+        invalid_fields.push('orgindustry_id');
+        invalid++;
+    }
+    var org_size = form.elements['org_size'].value;
+    if (org_size == null || ! org_size.match(/^[0-9,\.]+$/)) {
+        alertstr += '- Invalid entry for the "Organization size" field\n';
+        invalid_fields.push('org_size');
+        invalid++;
+    }
+
+    var bacula_version = form.elements['bacula_version'].value;
+    if (bacula_version == null || ! bacula_version.match(/^[0-9]+$/)) {
+        alertstr += '- Invalid entry for the "Bacula version" field\n';
+        invalid_fields.push('bacula_version');
+        invalid++;
+    }
+    var ostype = form.elements['ostype_id'].value;
+    if (ostype == null || ! ostype.match(/^[0-9]+$/)) {
+        alertstr += '-  Choose one of the "Director OS" field\n';
+        invalid_fields.push('ostype_id');
+        invalid++;
+    }
+    var catalog = form.elements['catalog_id'].value;
+    if (catalog == null || ! catalog.match(/^[0-9]+$/)) {
+        alertstr += '-  Choose one of the "Catalog type" field\n';
+        invalid_fields.push('catalog_id');
+        invalid++;
+    }
+    var number = form.elements['number_fd'].value;
+    if (number == null || ! number.match(/^[0-9]+$/)) {
+        alertstr += '-  Invalid entry for the "Number of Client" field\n';
+        invalid_fields.push('number_fd');
+        invalid++;
+    } 
+    number = form.elements['number_sd'].value;
+    if (number == null || ! number.match(/^[0-9]+$/)) {
+        alertstr += '-  Invalid entry for the "Number of Storage" field\n';
+        invalid_fields.push('number_sd');
+        invalid++;
+    } 
+    number = form.elements['number_dir'].value;
+    if (number == null || ! number.match(/^[0-9]+$/)) {
+        alertstr += '-  Invalid entry for the "Number of Director" field\n';
+        invalid_fields.push('number_dir');
+        invalid++;
+    } 
+    number = form.elements['month_gb'].value;
+    if (number == null || ! number.match(/^[0-9]+$/)) {
+        alertstr += '-  Invalid entry for the "Number GB/month" field\n';
+        invalid_fields.push('month_gb');
+        invalid++;
+    } 
+    number = form.elements['number_files'].value;
+    if (number == null || ! number.match(/^[0-9]+$/)) {
+        alertstr += '-  Invalid entry for the "File number" field\n';
+        invalid_fields.push('number_files');
+        invalid++;
+    } 
+    if (invalid > 0 || alertstr != '') {
+        if (! invalid) invalid = 'The following';   // catch for programmer error
+        alert(''+invalid+' error(s) were encountered with your submission:'+'\n\n'
+                +alertstr+'\n'+'Please correct these fields and try again.');
+        return false;
+    }
+    return true;  // all checked ok
+}
+
+</script>
 <table>
 <tr>
         <td class="contentTopic">
-                <? echo $_REQUEST['btnSubmit'] ?> Testimonial
+                <? echo $_REQUEST['action'] ?> Testimonial
         </td>
 </tr>
 <tr>
@@ -222,7 +330,7 @@ information about how this data will be used.
 
 <tr>
         <td class="content">
-<form name='form1' enctype="multipart/form-data" method='post' action='?page=testimonial'>
+<form name='form1' enctype="multipart/form-data" method='post' onsubmit="return validate_testimonial(this)" action='?page=testimonial'>
 <input type='hidden' name='page' value='testimonial'>
 <table border='0' class='Content'>
 
@@ -383,6 +491,12 @@ while(list ($key, $val) = each ($catalog_lst))
 </select></td>
 </tr>
 
+<tr><td class='ItemName'><font color='red'>*</font>Number of Director (Running bacula-dir):</td>
+<td class='ItemValue'>
+<input type='text' class='ItemValue' id='number_dir' name='number_dir' 
+ size='5' maxlength='10' value=''></td>
+</tr>
+
 <tr><td class='ItemName'><font color='red'>*</font>Number of Clients (Running bacula-fd):</td>
 <td class='ItemValue'>
 <input type='text' class='ItemValue' id='number_fd' name='number_fd' 
@@ -437,14 +551,14 @@ Nics:
 
 <tr><td></td><td>
 <?
- if ($_REQUEST['btnSubmit'] == 'Modify') {
+ if ($_REQUEST['action'] == 'Modify') {
   echo "<input type='text' title='testimonial id' id='id' name='id' class='ItemValue' value=''>";
-  echo "<input type='submit' name='btnSubmit' class='ItemValue' value='Save'>";
-  echo "<input type='submit' name='btnSubmit' class='ItemValue' onclick='confirm(\"Are you sure ?\");' value='Delete'><br>";
+  echo "<input type='submit' name='action' class='ItemValue' value='Save'>";
+  echo "<input type='submit' name='action' class='ItemValue' onclick='confirm(\"Are you sure ?\");' value='Delete'><br>";
   echo "<input type='hidden' name='page' class='ItemValue' value='testimonial'><br>";
 
 } else {  
-  echo "<input type='submit' name='btnSubmit' class='ItemValue' value='Review Profile Submission'>";
+  echo "<input type='submit' name='action' class='ItemValue' value='Review Profile Submission'>";
 }
 ?>
 
@@ -468,14 +582,9 @@ we find the need.
 
 
 </table>
-<script type="text/javascript" language="JavaScript">
- 
-</script>
 <?
 
-}
-
-if ($_REQUEST['btnSubmit'] == 'Modify') {
+} elseif ($_REQUEST['action'] == 'Modify') {
    $filename = get_file_from_id();
 
    if (!$filename) {
@@ -501,7 +610,7 @@ if ($_REQUEST['btnSubmit'] == 'Modify') {
 
    echo "</script>\n";
 
-} elseif ($_REQUEST['btnSubmit'] == 'Review Profile Submission') {
+} elseif ($_REQUEST['action'] == 'Review Profile Submission') {
 
         $form = get_formul();
         if (!$form) {
@@ -515,11 +624,11 @@ if ($_REQUEST['btnSubmit'] == 'Modify') {
                 save_formul($form);
 
                 send_email($form['id'], $form['email_address']);
-                echo "You can modify your profile <a href='?page=testimonial&btnSubmit=Modify&id=" . $form['id'] . "'>here</a> (keep this link as bookmark)<br><br>";
+                echo "You can modify your profile <a href='?page=testimonial&action=Modify&id=" . $form['id'] . "'>here</a> (keep this link as bookmark)<br><br>";
                 print_formul($form);
         }
 
-} elseif ($_REQUEST['btnSubmit'] == 'View') {
+} elseif ($_REQUEST['action'] == 'View') {
         
         $file = get_file_from_id();
 
@@ -527,7 +636,7 @@ if ($_REQUEST['btnSubmit'] == 'Modify') {
              print_formul_file($filename,true);
         }
 
-} elseif ($_REQUEST['btnSubmit'] == 'Delete') {
+} elseif ($_REQUEST['action'] == 'Delete') {
 
         $filename = get_file_from_id();
 
@@ -545,7 +654,7 @@ if ($_REQUEST['btnSubmit'] == 'Modify') {
             echo "Profile deleted";
         }
 
-} elseif ($_REQUEST['btnSubmit'] == 'Accept' && is_admin()) {
+} elseif ($_REQUEST['action'] == 'Accept' && is_admin()) {
 
         $filename = get_file_from_id();
         
@@ -566,7 +675,7 @@ if ($_REQUEST['btnSubmit'] == 'Modify') {
         echo $form['id'] . " is now " . ($hide?"un":"") . "visible";
         print_formul($form);
 
-} elseif ($_REQUEST['btnSubmit'] == 'Save') {
+} elseif ($_REQUEST['action'] == 'Save') {
         
         $filename = get_file_from_id();
 
@@ -590,43 +699,43 @@ if ($_REQUEST['btnSubmit'] == 'Modify') {
         echo "Your profile has been modified.<br>";
         print_formul($form);
 
-} elseif ($_REQUEST['btnSubmit'] == 'Admin' && is_admin()) {
+} elseif ($_REQUEST['action'] == 'Admin' && is_admin()) {
 
 
     $pass = $_REQUEST['passwd']; // passwd is clean
     $waiting = $_REQUEST['waiting'];
     
     if ($waiting) {
-       print '<a href="?page=testimonial&btnSubmit=Admin&passwd=' . $pass . '"> View all</a><br>';
+       print '<a href="?page=testimonial&action=Admin&passwd=' . $pass . '"> View all</a><br>';
        print "<h1>View all waiting testimonials</h1>";
     } else {
-       print '<a href="?page=testimonial&btnSubmit=Admin&waiting=1&passwd=' . $pass . '"> View Waiting</a><br>';
+       print '<a href="?page=testimonial&action=Admin&waiting=1&passwd=' . $pass . '"> View Waiting</a><br>';
        print "<h1>View all testimonials</h1>";
     }
 
     if ($handle = opendir($dat_dir)) {
     /* Ceci est la facon correcte de traverser un dossier. */
-            while (false !== ($file = readdir($handle))) {
-                if (preg_match("/profile.[a-z0-9\.]+/", $file)) {
-                     $form = load_formul("$dat_dir/$file") ;
-                        // on affiche ceux qui sont en attente ou bien tous
-                     if (!$waiting || !$form['visible']) {
-                        print_formul($form);
-                        if ($form['visible']) {
-                           print "<a href=\"?page=testimonial&btnSubmit=Accept&hide=1&passwd=" . $pass . "&id=" . $form['id'] . "\"> Hide </a> | \n";
-                        } else {
-                           print "<a href=\"?page=testimonial&btnSubmit=Accept&passwd=" . $pass . "&id=" . $form['id'] . "\"> Accept </a> | \n";
-                        }
-                        print "<a href=\"?page=testimonial&btnSubmit=Modify&id=" . $form['id'] . "\"> Modify </a> | \n";
-                        print "<a href=\"?page=testimonial&btnSubmit=AdminExport&passwd=" . $pass . "&id=" . $form['id'] . "\"> Export </a><br><br>\n";
-
-                     }
+       while (false !== ($file = readdir($handle))) {
+           if (preg_match("/profile.[a-z0-9\.]+/", $file)) {
+                $form = load_formul("$dat_dir/$file") ;
+                   // on affiche ceux qui sont en attente ou bien tous
+                if (!$waiting || !$form['visible']) {
+                   print_formul($form);
+                   if ($form['visible']) {
+                      print "<a href=\"?page=testimonial&action=Accept&hide=1&passwd=" . $pass . "&id=" . $form['id'] . "\"> Hide </a> | \n";
+                   } else {
+                      print "<a href=\"?page=testimonial&action=Accept&passwd=" . $pass . "&id=" . $form['id'] . "\"> Accept </a> | \n";
+                   }
+                   print "<a href=\"?page=testimonial&action=Modify&id=" . $form['id'] . "\"> Modify </a> | \n";
+                   print "<a href=\"?page=testimonial&action=AdminExport&passwd=" . $pass . "&id=" . $form['id'] . "\"> Export </a><br><br>\n";
+
                 }
-            } 
-            closedir($handle);
+           }
+       } 
+       closedir($handle);
     } 
 
-} elseif (!$_REQUEST['btnSubmit'] || $_REQUEST['btnSubmit'] == 'ViewAll') {
+} elseif (!$_REQUEST['action'] || $_REQUEST['action'] == 'ViewAll') {
 
     $limit = $_REQUEST['limit'];
     $offset = $_REQUEST['offset'];
@@ -638,7 +747,7 @@ if ($_REQUEST['btnSubmit'] == 'Modify') {
 
     if ($limit > 20) { $limit = 20 ;}
 
-    echo "<a href='?page=testimonial&btnSubmit=Add'>Add a testimonial</a><br><br>";
+    echo "<a href='?page=testimonial&action=Add'>Add a testimonial</a><br><br>";
 
     if ($handle = opendir($dat_dir)) {
     /* Ceci est la facon correcte de traverser un dossier. */
@@ -657,7 +766,7 @@ if ($_REQUEST['btnSubmit'] == 'Modify') {
             closedir($handle);
     }
 
-} elseif ($_REQUEST['btnSubmit'] == 'AdminExport' && is_admin()) {
+} elseif ($_REQUEST['action'] == 'AdminExport' && is_admin()) {
 
    $file = get_file_from_id();
    if (!$file) {
@@ -668,7 +777,7 @@ if ($_REQUEST['btnSubmit'] == 'Modify') {
         export_form($form);
    }
 } else {
-        print "Invalid btnSubmit<br>";
+        print "Invalid action <br>";
 }
 
 function export_form($formul)
@@ -725,7 +834,7 @@ function send_email($id, $email)
 
         // The message
         $message = "Hello, 
-You can modify your new testimonial at http://www.bacula.org/?page=testimonial&btnSubmit=Modify&id=$id
+You can modify your new testimonial at http://www.bacula.org/?page=testimonial&action=Modify&id=$id
 
 Best regards.
 ";
@@ -865,7 +974,7 @@ function print_formul_file($filename, $admin) {
                         return 0;
                 }
         } else {
-                print "<a href=\"?page=testimonial&btnSubmit=Modify&id=" . $formul['id'] . "\">Modify</a><br>\n";
+                print "<a href=\"?page=testimonial&action=Modify&id=" . $formul['id'] . "\">Modify</a><br>\n";
         }
 
         return print_formul($formul);
-- 
2.39.5