registration.php

<?php
    // Create database connection
    require_once("./includes/db_connection.php");
    $db_connection = new mysqli($server, $user, $password, $dbname);
?>
<?php
    // The form submits to itself
    require_once("./includes/general_functions.php");
    require_once("./includes/validation_functions.php");
    require_once("./includes/contact.php");

    $contact = new Contact();

    // Global variables
    $errors = array();
    $missing = array();
    $fields_expected = array("firstname", "lastname", "address1", "address2", "city", "state", "zipcode", "phone", "email");
    $fields_required = array("firstname", "lastname", "address1", "city", "state", "zipcode", "phone", "email", "captcha_result");
    $fields_max_lengths = array("firstname" => 50, "lastname"  => 50, "address1" => 50, "address2"  => 50, "city" => 50, "state" => 50, "zipcode"  => 10, "phone" => 20, "email"  => 60);

    // Check to see if the form was submited
    if (isset($_POST["submit"])) {
        // Form was submitted.

        // Sanitize:
        // Strip possible scripts from the form fields, and then trim for possible white spaces.
        foreach($fields_expected as $field){
            $contact->$field = trim(strip_tags($_POST[$field]));
        }

        // Begin Validations:
        $contact->gender = isset($_POST["gender"]) ? $_POST["gender"] : "";
        $contact->accept = isset($_POST["accept"]) ? $_POST["accept"] : "";
        if (!has_presence($contact->gender)){
            $missing[] = "gender";
        }
        if (!has_presence($contact->accept)){
            $missing[] = "accept";
        }

        // Validate presence of required fields
        foreach($fields_required as $field){
            $value = trim($_POST[$field]);
            if (!has_presence($value)) {
                $missing[] = $field;
            }
        }

        // Validate Maximum Length
        foreach($fields_max_lengths as $field => $max) {
            $value = trim($_POST[$field]);
            if (!has_maximum_length($value, $max)) {
                $errors[$field] = ucfirst($field) . " is too long.";
            }
        }

        // Check Captcha
        $captcha_result = trim(strip_tags($_POST["captcha_result"]));
        $first_number = $_POST["first_number"];
        $second_number = $_POST["second_number"];
        $check_total = $first_number + $second_number;

        if ($captcha_result != $check_total) {
            $errors["captcha"] = "The answer to the captcha was not correct, please try agian.";
        }


        // If there are no errors or any missing fields, then prepare form data for database insert.
        if (empty($errors) && empty($missing)) {
            // Insert record into the database

            // Escape all strings
            $firstname = $db_connection->real_escape_string($contact->firstname);
            $lastname = $db_connection->real_escape_string($contact->lastname);
            $address1 = $db_connection->real_escape_string($contact->address1);
            $address2 = $db_connection->real_escape_string($contact->address2);
            $city = $db_connection->real_escape_string($contact->city);
            $state = $db_connection->real_escape_string($contact->state);
            $zipcode = $db_connection->real_escape_string($contact->zipcode);
            $phone = $db_connection->real_escape_string($contact->phone);
            $email = $db_connection->real_escape_string($contact->email);
            $gender = $db_connection->real_escape_string($contact->gender);
            $accept = $db_connection->real_escape_string($contact->accept);


            // Build the insert query
            $query  = "INSERT INTO tbl_request_info (";
            $query .= "  firstname, lastname, address1, address2, city, state, zipcode, phone, email, gender, accept";
            $query .= ") VALUES (";
            $query .= "  '{$firstname}', '{$lastname}', '{$address1}', '{$address2}', '{$city}', '{$state}', '{$zipcode}', '{$phone}', '{$email}', '{$gender}', '{$accept}' ";
            $query .= ")";

            // Perform database insert query
            $result = $db_connection->query($query);

            if ($result) {
                // Success
                redirect_to("thankyou.php");
            } else {
                // Failure
                die("Database query failed. " . mysqli_error($connection));
            }

        }

    } else {
        // Form was not submitted by the submit button
        $contact->resetform();
    }
?>
<!doctype html>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="main.css" type="text/css" media="screen">
<title>Placidus: Request Information</title>
</head>

<body>
<!-- Global Header and Logo -->
<header id="page-header" role="banner">
   <h1 id="main-logo-text"><a href="landing.html">Placidus</a></h1>
</header>


<!-- Site Navigation -->
<nav id="main-navigation" role="navigation">
   <h2>Site Navigation</h2>
   <!-- used for html5 outline marking -->
   <a href="#main-content" title="skip to main content" class="skip">Skip to main content</a> <!-- accessibility option to skip navigation -->
   <ul>
      <li><a href="landing.html" title="Home" >Home</a></li>
      <li><a href="registration.php" title="Request Information" class="current">Request Information</a></li>
      <li><a href="" title="Healthcare Professionals">Healthcare Professionals</a></li>
   </ul>
</nav>


<!-- Main Content -->
<main role="main" id="main-content">
   <article>
    <section class="solo">
      <h2>Request Information for Placidus</h2>

      <form method="post" action="registration.php">
            <p class="formnotes" style="text-align: right;">* indicates a required field</p>
         <?php if ($errors || $missing) : ?>
                <p class="warning">Please fix the item(s) indicated</p>
            <?php
                echo form_errors($errors);
                endif; ?>

         <!-- First Name -->
         <label for="fd-fristname">First Name*:
            <?php if ($missing && in_array("firstname", $missing)) : ?>
                <span class="warning">Please enter your first name.</span>
            <?php endif; ?>
            </label>
         <input type="text" name="firstname" id="fd-firstname" maxlength="50" placeholder="First Name" class="formfullwidth" value="<?php echo htmlspecialchars($contact->firstname); ?>" required /><br />

         <!-- Last Name -->
         <label for="fd-lastname">Last Name*:
            <?php if ($missing && in_array("lastname", $missing)) : ?>
                <span class="warning">Please enter your last name.</span>
            <?php endif; ?></label>
        <input type="text" name="lastname" id="fd-lastname" maxlength="50" placeholder="Last Name" class="formfullwidth"  value="<?php echo htmlspecialchars($contact->lastname); ?>" required /><br />

         <!-- Address1 -->
         <label for="fd-address1">Street Address*:
            <?php if ($missing && in_array("address1", $missing)) : ?>
                <span class="warning">Please enter your street address.</span>
            <?php endif; ?></label>
        <input type="text" name="address1" id="fd-address1" maxlength="50" placeholder="1234 My Street" class="formfullwidth" value="<?php echo htmlspecialchars($contact->address1); ?>" required /><br />

         <!-- Address2 (optional) -->
         <label for="fd-address2">Address Line 2:</label>
        <input type="text" name="address2" id="fd-address2" maxlength="50" placeholder="(optional)" class="formfullwidth" value="<?php echo htmlspecialchars($contact->address2); ?>" /><br />

         <!-- City -->
         <label for="fd-city">City*:
            <?php if ($missing && in_array("city", $missing)) : ?>
                <span class="warning">Please enter the name of your city.</span>
            <?php endif; ?></label>
        <input type="text" name="city" id="fd-city" maxlength="50" placeholder="City" class="formfullwidth" value="<?php echo htmlspecialchars($contact->city); ?>" required /><br />

         <!-- State -->
         <label for="fd-state">State*:
            <?php if ($missing && in_array("state", $missing)) : ?>
                <span class="warning">Please enter the name of your state.</span>
            <?php endif; ?></label>
        <input type="text" name="state" id="fd-state" maxlength="50" placeholder="State" class="formfullwidth" value="<?php echo htmlspecialchars($contact->state); ?>" required /><br />

         <!-- Zip Code -->
         <label for="fd-zipcode">Zip Code*:
            <?php if ($missing && in_array("zipcode", $missing)) : ?>
                <span class="warning">Please enter the zipcode of your address.</span>
            <?php endif; ?></label>
        <input type="text" name="zipcode" id="fd-zipcode" maxlength="10" placeholder="12345" class="formfullwidth" value="<?php echo htmlspecialchars($contact->zipcode); ?>" required /><br />

         <!-- Phone -->
         <label for="fd-phone">Phone*:
            <?php if ($missing && in_array("phone", $missing)) : ?>
                <span class="warning">Please enter your prefered phone number.</span>
            <?php endif; ?></label>
        <input type="tel" name="phone" id="fd-phone" maxlength="30" placeholder="1234567890" class="formfullwidth" value="<?php echo htmlspecialchars($contact->phone); ?>" required /><br />

         <!-- Email -->
         <label for="fd-email">E-mail*:
            <?php if ($missing && in_array("email", $missing)) : ?>
                <span class="warning">Please enter your main e-mail address.</span>
            <?php endif; ?></label>
        <input type="email" name="email" id="fd-email" maxlength="50" placeholder="name@email.com" class="formfullwidth" value="<?php echo htmlspecialchars($contact->email); ?>" required /><br />

         <!-- Gender Radio Group -->
         <fieldset>
            <legend>Gender*:
                <?php if ($missing && in_array("gender", $missing)) : ?>
                    <span class="warning">Please select a gender.</span>
                <?php endif; ?></legend>
            <p>
                <!-- Female option -->
                <input type="radio" name="gender" id="fd-gender_f" value="female"
                <?php
                            if ($_POST && $contact->gender == "female") {
                                echo "checked ";
                            }
                        ?>
               required >
                <label for="fd-gender_f">Female</label><br/>

               <!-- Male option -->
                <input type="radio" name="gender" id="fd-gender_m" value="male" <?php
                            if ($_POST && $contact->gender == "male") {
                                echo "checked ";
                            }
                        ?>
               required >
                <label for="fd-gender_m">Male</label><br/>
            </p>
         </fieldset>

         <!-- Marketing Agreement -->
        <p class="formnotes">In order to recieve information for Placidus you must agree to the following terms: You are 18 years of age or older. By providing your name an other personal information above you agree to permit PharmaObscuro to use this informaiton to provide you with information and materials associated with Placidus.</p>

         <!-- Agreement Checkbox -->
         <label for="fd-accept">I accept the above terms: <?php if ($missing && in_array("accept", $missing)) : ?>
                    <span class="warning">Agreement to the terms is required.</span>
                <?php endif; ?></label>

         <input type="checkbox" name="accept" id="fd-accept" value="agreed" <?php
                            if ($_POST && $contact->accept == "agreed") {
                                echo "checked ";
                            }
                        ?> required><br />
                  <br />
        <!-- Math Captcha -->
         <fieldset>
         <legend>Captcha:
            <?php if ($missing && in_array("captcha_result", $missing)) : ?>
                <span class="warning">Please answer the captcha.</span>
            <?php endif; ?></legend>
         <?php  //Generate numbers for captcha.
                $min_number = 1;
                $max_number = 15;

                $random_number1 = mt_rand($min_number, $max_number);
                $random_number2 = mt_rand($min_number, $max_number);
            ?>
            <p>What is <?php echo $random_number1 . ' + ' . $random_number2 . ' = '; ?><input name="captcha_result" type="text" /></p><br />
            <input name="first_number" type="hidden" value="<?php echo $random_number1; ?>" />
                <input name="second_number" type="hidden" value="<?php echo $random_number2; ?>" />
         </fieldset>

         <!-- Form Button -->
         <input type="submit" name="submit" value="Request Information" class="formbutton" />
    </form>
        <!-- end of form -->


      </section>
   </article>
</main>
<!-- end of main content -->


<!-- Footer -->
<footer id="page-footer">
   <nav id="footer-navigation" role="contentinfo">
      <h2>Footer Navigation</h2>
      <ul>
         <li><a href="" title="Site Map">Site Map</a></li>
         <li><a href="" title="Privacy Policy" class="skip">Privacy Policy</a></li>
         <li><a href="" title="Terms of Use" class="skip">Terms of Use</a></li>
      </ul>
   </nav>
   <p class="footer-tail">Copyright &copy; 2016, PharmaObscuro LLC. All rights reserved.</p>
</footer>
</body>
</html>
<?php
    // Close the database connection.
    $db_connection->close();
?>