Jump to content

Recommended Posts

I'm having problems using parentheses with the GET method.  Here's what's going on:

 

I wrote a custom registration script for a PHP-Fusion site.  The script itself works fine.  Upon successful submission, the user is redirected to a success page (unoriginally named success.php) that has a "Thank you, $user, for registering for the following event: $event" message.  Those variables are passed via GET to that page.

 

The page works fine, unless parentheses are used in the $event string.  In those cases, I get a blank screen.

 

I am escaping the input with mysql_real_escape_string(), so that shouldn't be an issue.  Any ideas?

Link to comment
https://forums.phpfreaks.com/topic/57436-solved-get-with-parentheses/
Share on other sites

show us some code, but this sounds dangerous to pass all that info in GET get is designed for variables that the user can see for SEO reasons/linking purposes

 

Nothing critical is being sent via GET.  Only a user name and the event name.  One must be logged into the system to even get that far.  It's not dangerous.

 

In any event, my registration form:

<?php

require_once "maincore.php";
require_once "subheader.php";
require_once "side_left.php";

function myEscape($string){
return get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string);
}

if(file_exists(INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php")) {
include INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php";
} else {
include INFUSIONS."aw_ecal_panel/locale/German.php";
}

if(!iMEMBER){
   fallback();
}

if(isset($_GET['evid'])){
   $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id=". $_GET['evid']);
   $event = dbarray($ev);

   $ev_id = myEscape($event['ev_id']);
   $user_id = myEscape($userdata['user_id']);
   $ev_title = myEscape($event['ev_title']);
   $ev_start = myEscape($event['ev_start']);
   $ev_end = myEscape($event['ev_end']);
}

$errMessage = NULL;

if(isset($_POST['submit'])){   
   $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id=". $_POST['evid']);
   $event = dbarray($ev);

   $ev_id = myEscape($event['ev_id']);
   $user_id = myEscape($userdata['user_id']);
   $ev_title = myEscape($event['ev_title']);
   $ev_start = myEscape($event['ev_start']);
   $ev_end = myEscape($event['ev_end']);

   if(!empty($_POST['regAgent']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regAgent'])){
      $regAgent = myEscape($_POST['regAgent']);
      $ra = TRUE;
   }

   else{
      $errMessage .= "Please enter your name!<br />\n";
   }

   if(!empty($_POST['agentWritingNum']) && preg_match("/^[0-9a-zA-Z]*$/i", $_POST['agentWritingNum'])){
      $agentWritingNum = myEscape($_POST['agentWritingNum']);
      $awn = TRUE;
   }

   else{
      $errMessage .= "Please enter your writing number!<br />\n";
   }

   if(!empty($_POST['phoneNum'])){
      $phoneNum = $_POST['phoneNum'];

      if(preg_match("/^[0-9]{3}$/i", $phoneNum[0]) && preg_match("/^[0-9]{3}$/i", $phoneNum[1]) && preg_match("/^[0-9]{4}$/i", $phoneNum[2])){
         $areaCode = myEscape($phoneNum[0]);
         $firstPart = myEscape($phoneNum[1]);
         $secondPart = myEscape($phoneNum[2]);
         $phoneText = "$areaCode-$firstPart-$secondPart";
         $phone = TRUE;
      }

      else{
         $errMessage .= "Please enter your correct phone number!<br />\n";
      }
   }

   else{
      $errMessage .= "Please enter your phone number!<br />\n";
   }

   if(!empty($_POST['emailAddress']) && preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/i", $_POST['emailAddress'])){
      $email = myEscape($_POST['emailAddress']);
      $e = TRUE;
   }

   else{
      $errMessage .= "Please enter your e-mail address!<br />\n";
   }

   if(!empty($_POST['regionalSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regionalSales'])){
      $regSales = myEscape($_POST['regionalSales']);
      $rs = TRUE;
   }

   else{
      $errMessage .= "Please enter the name of your regional sales coordinator!<br />\n";
   }

   if(!empty($_POST['districtSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['districtSales'])){
      $disSales = myEscape($_POST['districtSales']);
      $ds = TRUE;
   }

   else{
      $errMessage .= "Please enter the name of your district sales coordinator!<br />\n";
   }

   if($ra && $awn && $phone && $email && $rs && $ds){ //start the big process of updating tables and e-mailing results
      $timestamp = strtotime("now");

      $aflacQuery = "INSERT INTO ".DB_PREFIX."aflac (registering_agent, agent_writing_number, phone, email, regional_sales_coordinator, district_sales_coordinator, ev_id, user_id, ev_title, ev_start, ev_end, login_timestamp, login_status) VALUES ('". $regAgent ."', '". $agentWritingNum ."', '". $phoneText ."', '". $email ."', '". $regSales ."', '". $disSales ."', '". $ev_id ."', '". $user_id ."', '". $ev_title ."', '". $ev_start ."', '". $ev_end ."', '". $timestamp ."', '1')";
      $aflacResult = dbquery($aflacQuery);

      $eventQuery = "UPDATE ".DB_PREFIX."aw_ec_events SET ev_allow_logins='1' WHERE ev_id='".$ev_id."'";
      $eventResult = dbquery($eventQuery);

      $loginsQuery = "INSERT INTO ".DB_PREFIX."aw_ec_logins (ev_id, user_id, login_comment, login_status, login_timestamp) VALUES ('". $ev_id ."', '". $user_id ."', 'Definitely Agreed', '1', '". $timestamp ."')";
      $loginsResult = dbquery($loginsQuery);

      if($aflacResult && $eventResult && $loginsResult){
         $eventTimestamp = strtotime($ev_start);
         $eventDate = date("m-d-Y h:i:s T", $eventTimestamp);
         $userName = $userdata['user_name'];

         $to = "rebecca_dunkle@us.aflac.com";

         $subject = "Event Registration ($ev_title)";

         $mailMessage = "<html>\n<head>\n<title>Event Registration Information</title>\n</head>\n\n<body>";
         $mailMessage .= "Below is the registration information:<br />\n<br />\n";
         $mailMessage .= "Event Name: $ev_title<br />\nEvent Date: $eventDate<br />\nRegistering Agent: $regAgent<br />\nUser Name: $userName<br />\n";
         $mailMessage .= "Agent Writing Number: $agentWritingNum<br />\nPhone Number: $phoneText<br />\n";
         $mailMessage .= "E-mail Address: $email<br />\nRegional Sales Coordinator: $regSales<br />\n";
         $mailMessage .= "District Sales Coordinator: $disSales<br />\n</body>\n</html>";

         $headers = 'MIME-Version: 1.0' . "\r\n";
         $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

         mail($to, $subject, $mailMessage, $headers);

         header("Location: success.php?user=$userName&event=$ev_title");
      }

      else{
         echo "<br />Something went wrong with the insert!<br /><br />\n\n";
      }
   }

   else{
      echo "<div style='color: red;'>$errMessage</div><br />";
   }
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Registration Form</title>
<link rel="stylesheet" type="text/css" href="formstyles.css">
</head>

<body style="text-align: center;">

<div style="width: 400px; margin: 0 auto;">
Registration Form<br /><br />
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?evid=<?php echo $ev_id; ?>" method="post">
<fieldset class="narrow"><legend>Please input your information</legend>
	<p><label for="regAgent">Registering Agent:</label><input type="text" name="regAgent" value="<?php if(isset($_POST['regAgent'])){echo $_POST['regAgent'];} ?>" /></p>
	<p><label for="agentWritingNum">Agent Writing Number:</label><input type="text" name="agentWritingNum" value="<?php if(isset($_POST['agentWritingNum'])){echo $_POST['agentWritingNum'];} ?>" /></p>
	<p><label for="phoneNum">Phone Number:</label>(<input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][0];} ?>" />) - <input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][1];} ?>" /> - <input type="text" name="phoneNum[]" size="4" maxlength="4" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][2];} ?>" /></p>
	<p><label for="emailAddress">E-mail Address:</label><input type="text" name="emailAddress" value="<?php if(isset($_POST['emailAddress'])){echo $_POST['emailAddress'];} ?>" /></p>
	<p><label for="regionalSales">Regional Sales Coordinator:</label><input type="text" name="regionalSales" value="<?php if(isset($_POST['regionalSales'])){echo $_POST['regionalSales'];} ?>" /></p>
	<p><label for="districtSales">District Sales Coordinator:</label><input type="text" name="districtSales" value="<?php if(isset($_POST['districtSales'])){echo $_POST['districtSales'];} ?>" /></p>
</fieldset>
        <input type="hidden" name="evid" value="<?php echo $ev_id; ?>" />
        <p><input type="submit" name="submit" value="Submit" /></p>
</form>
</div>

</body>
</html>

<?php

require_once "side_right.php";
require_once "footer.php";

?>

 

The success page:

<?php

require_once "maincore.php";
require_once "subheader.php";
require_once "side_left.php";

if(!iMEMBER){
   fallback();
}

if(isset($_GET['user'])){
   $userName = $_GET['user'];
}

if(isset($_GET['event'])){
   $eventName = $_GET['event'];
}

$text = "Thank you $userName for registering for the following event:<br />\n";
$text .= "$eventName<br />\n<br />\n<a href='".BASEDIR."/news.php'>Please click here to return home</a>";

echo $text;

require_once "side_right.php";
require_once "footer.php";

?>

if(isset($_GET['evid'])){
   $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id=". $_GET['evid']);

 

That line could screw you, your not escaping the $_GET['evid'] before you query it...

 

Here is that part corrected for you:

 

   $ev_id = myEscape($_GET['evid']);
   $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id=". $ev_id);
   $event = dbarray($ev);

   $user_id = $userdata['user_id'];
   $ev_title = $event['ev_title'];
   $ev_start = $event['ev_start'];
   $ev_end = $event['ev_end'];

 

You only need to escape data going INTO the db, not coming out (IE $_GET['evid'] is going into the db)

Unfortunately, success.php is still choking on parentheses.  My code:

 

registration.php

<?php

require_once "maincore.php";
require_once "subheader.php";
require_once "side_left.php";

function myEscape($string){
return get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string);
}

if(file_exists(INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php")) {
include INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php";
} else {
include INFUSIONS."aw_ecal_panel/locale/German.php";
}

if(!iMEMBER){
   fallback();
}

if(isset($_GET['evid'])){
   $ev_id = myEscape($_GET['evid']);
   $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id='$ev_id'");
   $event = dbarray($ev);

   $ev_id = $event['ev_id'];
   $user_id = $userdata['user_id'];
   $ev_title = $event['ev_title'];
   $ev_start = $event['ev_start'];
   $ev_end = $event['ev_end'];
}

$errMessage = NULL;

if(isset($_POST['submit'])){
   $ev_id = myEscape($_POST['evid']);   
   $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id='$ev_id'");
   $event = dbarray($ev);

   $ev_id = $event['ev_id'];
   $user_id = $userdata['user_id'];
   $ev_title = $event['ev_title'];
   $ev_start = $event['ev_start'];
   $ev_end = $event['ev_end'];

   if(!empty($_POST['regAgent']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regAgent'])){
      $regAgent = myEscape($_POST['regAgent']);
      $ra = TRUE;
   }

   else{
      $errMessage .= "Please enter your name!<br />\n";
   }

   if(!empty($_POST['agentWritingNum']) && preg_match("/^[0-9a-zA-Z]*$/i", $_POST['agentWritingNum'])){
      $agentWritingNum = myEscape($_POST['agentWritingNum']);
      $awn = TRUE;
   }

   else{
      $errMessage .= "Please enter your writing number!<br />\n";
   }

   if(!empty($_POST['phoneNum'])){
      $phoneNum = $_POST['phoneNum'];

      if(preg_match("/^[0-9]{3}$/i", $phoneNum[0]) && preg_match("/^[0-9]{3}$/i", $phoneNum[1]) && preg_match("/^[0-9]{4}$/i", $phoneNum[2])){
         $areaCode = myEscape($phoneNum[0]);
         $firstPart = myEscape($phoneNum[1]);
         $secondPart = myEscape($phoneNum[2]);
         $phoneText = "$areaCode-$firstPart-$secondPart";
         $phone = TRUE;
      }

      else{
         $errMessage .= "Please enter your correct phone number!<br />\n";
      }
   }

   else{
      $errMessage .= "Please enter your phone number!<br />\n";
   }

   if(!empty($_POST['emailAddress']) && preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/i", $_POST['emailAddress'])){
      $email = myEscape($_POST['emailAddress']);
      $e = TRUE;
   }

   else{
      $errMessage .= "Please enter your e-mail address!<br />\n";
   }

   if(!empty($_POST['regionalSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regionalSales'])){
      $regSales = myEscape($_POST['regionalSales']);
      $rs = TRUE;
   }

   else{
      $errMessage .= "Please enter the name of your regional sales coordinator!<br />\n";
   }

   if(!empty($_POST['districtSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['districtSales'])){
      $disSales = myEscape($_POST['districtSales']);
      $ds = TRUE;
   }

   else{
      $errMessage .= "Please enter the name of your district sales coordinator!<br />\n";
   }

   if($ra && $awn && $phone && $email && $rs && $ds){ //start the big process of updating tables and e-mailing results
      $timestamp = strtotime("now");

      $aflacQuery = "INSERT INTO ".DB_PREFIX."aflac (registering_agent, agent_writing_number, phone, email, regional_sales_coordinator, district_sales_coordinator, ev_id, user_id, ev_title, ev_start, ev_end, login_timestamp, login_status) VALUES ('". $regAgent ."', '". $agentWritingNum ."', '". $phoneText ."', '". $email ."', '". $regSales ."', '". $disSales ."', '". $ev_id ."', '". $user_id ."', '". $ev_title ."', '". $ev_start ."', '". $ev_end ."', '". $timestamp ."', '1')";
      $aflacResult = dbquery($aflacQuery);

      $eventQuery = "UPDATE ".DB_PREFIX."aw_ec_events SET ev_allow_logins='1' WHERE ev_id='".$ev_id."'";
      $eventResult = dbquery($eventQuery);

      $loginsQuery = "INSERT INTO ".DB_PREFIX."aw_ec_logins (ev_id, user_id, login_comment, login_status, login_timestamp) VALUES ('". $ev_id ."', '". $user_id ."', 'Definitely Agreed', '1', '". $timestamp ."')";
      $loginsResult = dbquery($loginsQuery);

      if($aflacResult && $eventResult && $loginsResult){
         $eventTimestamp = strtotime($ev_start);
         $eventDate = date("m-d-Y h:i:s T", $eventTimestamp);
         $userName = $userdata['user_name'];

         $to = "kevinmajor1@gmail.com";

         $subject = "Event Registration ($ev_title)";

         $mailMessage = "<html>\n<head>\n<title>Event Registration Information</title>\n</head>\n\n<body>";
         $mailMessage .= "Below is the registration information:<br />\n<br />\n";
         $mailMessage .= "Event Name: $ev_title<br />\nEvent Date: $eventDate<br />\nRegistering Agent: $regAgent<br />\nUser Name: $userName<br />\n";
         $mailMessage .= "Agent Writing Number: $agentWritingNum<br />\nPhone Number: $phoneText<br />\n";
         $mailMessage .= "E-mail Address: $email<br />\nRegional Sales Coordinator: $regSales<br />\n";
         $mailMessage .= "District Sales Coordinator: $disSales<br />\n</body>\n</html>";

         $headers = 'MIME-Version: 1.0' . "\r\n";
         $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

         mail($to, $subject, $mailMessage, $headers);

	 $userName = htmlentities(rawurlencode($userName));
	 $ev_title = htmlentities(rawurlencode($ev_title));

         header("Location: success.php?user=$userName&event=$ev_title");
      }

      else{
         echo "<br />Something went wrong with the insert!<br /><br />\n\n";
      }
   }

   else{
      echo "<div style='color: red;'>$errMessage</div><br />";
   }
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Registration Form</title>
<link rel="stylesheet" type="text/css" href="formstyles.css">
</head>

<body style="text-align: center;">

<div style="width: 400px; margin: 0 auto;">
Registration Form<br /><br />
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?evid=<?php echo $ev_id; ?>" method="post">
<fieldset class="narrow"><legend>Please input your information</legend>
	<p><label for="regAgent">Registering Agent:</label><input type="text" name="regAgent" value="<?php if(isset($_POST['regAgent'])){echo $_POST['regAgent'];} ?>" /></p>
	<p><label for="agentWritingNum">Agent Writing Number:</label><input type="text" name="agentWritingNum" value="<?php if(isset($_POST['agentWritingNum'])){echo $_POST['agentWritingNum'];} ?>" /></p>
	<p><label for="phoneNum">Phone Number:</label>(<input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][0];} ?>" />) - <input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][1];} ?>" /> - <input type="text" name="phoneNum[]" size="4" maxlength="4" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][2];} ?>" /></p>
	<p><label for="emailAddress">E-mail Address:</label><input type="text" name="emailAddress" value="<?php if(isset($_POST['emailAddress'])){echo $_POST['emailAddress'];} ?>" /></p>
	<p><label for="regionalSales">Regional Sales Coordinator:</label><input type="text" name="regionalSales" value="<?php if(isset($_POST['regionalSales'])){echo $_POST['regionalSales'];} ?>" /></p>
	<p><label for="districtSales">District Sales Coordinator:</label><input type="text" name="districtSales" value="<?php if(isset($_POST['districtSales'])){echo $_POST['districtSales'];} ?>" /></p>
</fieldset>
        <input type="hidden" name="evid" value="<?php echo $ev_id; ?>" />
        <p><input type="submit" name="submit" value="Submit" /></p>
</form>
</div>

</body>
</html>

<?php

require_once "side_right.php";
require_once "footer.php";

?>

 

success.php (nothing changed)

<?php

require_once "maincore.php";
require_once "subheader.php";
require_once "side_left.php";

if(!iMEMBER){
   fallback();
}

if(isset($_GET['user'])){
   $userName = $_GET['user'];
}

if(isset($_GET['event'])){
   $eventName = $_GET['event'];
}

$text = "Thank you $userName for registering for the following event:<br />\n";
$text .= "$eventName<br />\n<br />\n<a href='".BASEDIR."/news.php'>Please click here to return home</a>";

echo $text;

require_once "side_right.php";
require_once "footer.php";

?>

 

I tried urlencode, but it didn't work.  I also tried it with htmlentities to no avail.  It looks like the combination of htmlentities and rawurlencode should work, as I'm getting the familiar %-something entities in the place of spaces and parentheses, but success.php still won't display properly.  In all tests, I get the following HTML:

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY></BODY></HTML>

 

Event titles without parentheses still work correctly.

I really need help with this, so here's a recap of what's going on.

 

I've made a custom registration script for a PHP-Fusion site. This form acts in conjunction with a 3rd party event calendar addon. It's a pretty straightforward sticky form. Upon successful submission of this form, the data is saved to the database, an e-mail is sent to the site administrator, and the user is redirected to a success page telling them that they've been successfully registered for that particular event.

 

My problem is with the success page. The header call which redirects the user to that page passes the username and event title to it via GET (so something like header("Location: http://www.nightslyr.com/success.php?user=admin&ev_title=Some%20Event")). This works in most cases, but fails when the event title contains parentheses. Hyphens and spaces both work.

 

I've tried, at the suggestion of Thorpe, using urlencode(). That didn't work. Neither did using it in conjunction with htmlentities(). Rawurlencode() - both with and without htmlentities() - fails, too. No matter what I try, I get the same barebones and blank HTML page. Again, this only happens when I use parentheses in an event title. All other tests without parentheses, to this point, work fine. Below is the code in question:

 

edit_event.php - this is the script that creates/edits a calendar event. It came from a 3rd party, but I modified some of it (namely, I added the 'is_reference_date' bits and the myEscape() function):

<?php
/***************************************************************************
*   awEventCalendar                                                       *
*                                                                         *
*   Copyright (C) 2006-2007 Artur Wiebe                                   *
*   wibix@gmx.de                                                          *
*                                                                         *
*   This program is free software; you can redistribute it and/or modify  *
*   it under the terms of the GNU General Public License as published by  *
*   the Free Software Foundation; either version 2 of the License, or     *
*   (at your option) any later version.                                   *
***************************************************************************/
require_once("../../maincore.php");
require_once(BASEDIR."subheader.php");
require_once(BASEDIR."side_left.php");

function myEscape($string){
return get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string);
}

if(!iMEMBER) {
fallback("calendar.php");
}

require_once("include/common.php5");

if(!iEC_ADMIN && !ec_check_access($ec_settings['post_group'])) {
fallback("calendar.php");
}


if(isset($_GET['id']) && isNum($_GET['id'])) {
$id = $_GET['id'];
} else {
unset($id);
}

if(iEC_ADMIN) {
$user_access = "";
} else {
$user_access = "AND user_id='".$userdata['user_id']."'";
}

$title = "";
$access = 0;
$body = "";
$disable_smilies = 1;
$ev_start = getdate(time());
//
$allow_logins = 0;
$max_logins = 0;
$login_access = 101;
//
$ev_repeat = 0;
$is_private = 0;

$errors = 0;
if(isset($_GET['errno']) && isNum($_GET['errno'])) {
$errno = $_GET['errno'];
} else {
unset($errno);
}


/*
* ACTION
*/
if(isset($_POST['save'])) {
$title = myEscape($_POST['title']);
$body = myEscape($_POST['desc']);
if(empty($title) || empty($body)) {
	$errors++;
}
$access = $_POST['access']+0;
$disable_smilies = (isset($_POST['disable_smileys']) ? "1" : "0");
$ev_start = array(
	"year"		=> $_POST['start_year']+0,
	"mon"		=> $_POST['start_month']+0,
	"mday"		=> $_POST['start_mday']+0,
	"hours"		=> $_POST['start_hours']+0,
	"minutes"	=> $_POST['start_mins']+0,
);
$start = $ev_start['year']."-".$ev_start['mon']
	."-".$ev_start['mday']
	." ".$ev_start['hours'].":".$ev_start['minutes'].":00";
$end = $start; 	// "0000-00-00 00:00:00";	// FIXME

$allow_logins = (isset($_POST['allow_logins']) ? "1" : "0");
$max_logins = $_POST['max_logins']+0;
$login_access = $_POST['login_access']+0;
if(!$login_access || !ec_check_access($login_access)) {
	$login_access = 101;
}

$ev_repeat = $_POST['repeat']+0;
$is_private = (isset($_POST['is_private']) ? "1" : "0");
$is_reference_date = (isset($_POST['is_reference_date']) ? "y" : "n"); /* Kevin Line */

$now = time();
if($is_private || iEC_ADMIN) {
	$status = "0";
} else {
	$status = ($ec_settings['need_admin_ok'] ? "1" : "0");
}


if($is_private) {
	if($allow_logins) {
		$allow_logins = "0";
		$max_logins = "0";
		$login_access = "101";
		$errno = EC_ELOGIN;
	}
	if($access) {
		$access = "0";
		$errno = EC_EACCESS;
	}
}

if($errors==0) {
	if(!isset($id)) {
		$query_id = dbquery("INSERT INTO ".DB_PREFIX."aw_ec_events"
			." SET"
			." user_id='".$userdata['user_id']."',"
			." ev_timestamp='$now',"
			." ev_body=''");
		$id = mysql_insert_id();
	}

	$ok = dbquery("UPDATE ".DB_PREFIX."aw_ec_events"
		." SET"
		." ev_title='$title', ev_body='$body',"
		." ev_start='$start',"
		." ev_end='$end',"
		." ev_repeat='$ev_repeat',"
		." ev_private='$is_private',"
		." ev_status='$status',"
		." ev_no_smileys='$disable_smilies',"
		." ev_allow_logins='$allow_logins',"
		." ev_max_logins='$max_logins',"
		." ev_access='$access',"
		." ev_login_access='$login_access',"
		." is_reference_date='$is_reference_date'" /* Kevin Line */
		." WHERE ev_id='$id' $user_access");
	if(!$ok) {
		$errno = EC_EDB;
	}
	if(!isset($errno)) {
		fallback("edit_event.php?id=$id&errno=0");
	}
}

} elseif(isset($_GET['del']) && isset($id)) {
$ok = dbquery("DELETE FROM ".DB_PREFIX."aw_ec_events"
	." WHERE ev_id='$id' $user_access");
if($ok) {
	$ok = dbquery("DELETE FROM ".DB_PREFIX."aw_ec_logins"
		." WHERE ev_id='$id'");
}
if($ok) {
	if(isset($_GET['back_to'])) {
		fallback("new_events.php");
	} else {
		fallback("calendar.php");
	}
}

} elseif(isset($_GET['status']) && isset($id) && isset($_GET['time'])
&& isNum($_GET['time']) && iEC_ADMIN) {
$ok = dbquery("UPDATE ".DB_PREFIX."aw_ec_events"
	." SET ev_status=MOD(ev_status+1, 2)"
	." WHERE ev_id='$id' AND ev_timestamp='".$_GET['time']."'");
if($ok) {
	if(isset($_GET['back_to'])) {
		fallback("new_events.php");
	} else {
		fallback("edit_event.php?id=$id");
	}
}
}



/*
* GET
*/
if(isset($id)) {
$query_id = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events"
	." WHERE ev_id='$id' $user_access");
if(!dbrows($query_id)) {
	fallback("calendar.php");
}
$event = dbarray($query_id);
$title = $event['ev_title'];
$body = $event['ev_body'];
$ev_repeat = $event['ev_repeat'];
$is_private = $event['ev_private'];
$is_reference_date = (($event['is_reference_date'] == 'y') ? 1 : 0); /* Kevin Line */
$allow_logins = $event['ev_allow_logins'];
$max_logins = $event['ev_max_logins'];
$disable_smilies = $event['ev_no_smileys'];
$access = $event['ev_access'];
//
$ev_start = array(
	"year"		=> substr($event['ev_start'], 0, 4),
	"mon"		=> substr($event['ev_start'], 5, 2),
	"mday"		=> substr($event['ev_start'], 8, 2),
	"hours"		=> substr($event['ev_start'], 11, 2),
	"minutes"	=> substr($event['ev_start'], 14, 2),
);
$end = $ev_start;
//
$login_access = $event['ev_login_access'];
} else {
$event = array(
	"ev_status"	=> "0",
);
}


function ec_make_select($date, $fname) {
global $locale;

$date['mday'] = str_pad($date['mday'], 2, "0", STR_PAD_LEFT);
$date['mon'] = str_pad($date['mon'], 2, "0", STR_PAD_LEFT);
$date['hours'] = str_pad($date['hours'], 2, "0", STR_PAD_LEFT);
$date['minutes'] = str_pad($date['minutes'], 2, "0", STR_PAD_LEFT);

$sel_day = "";
$sel_month = "";
$sel_mins = "";
$sel_hours = "";

// day
for($i=1; $i<=31; ++$i) {
	$sel_day .= "<option value='$i'"
		.($i==$date['mday'] ? " selected" : "").">"
		.$i."</option>\n";
}
// month
for($i=1; $i<=12; ++$i) {
	$sel_month .= "<option value='$i'"
		.($i==$date['mon'] ? " selected" : "").">"
		.$locale['EC900'][$i]."</option>\n";
}
// hours
for($i=0; $i<=23; ++$i) {
	$sel_hours .= "<option value='$i'"
		.($i==$date['hours'] ? " selected" : "").">"
		.$i."</option>\n";
}
// mins
for($i=0; $i<=59; ++$i) {
	$sel_mins .= "<option value='$i'"
		.($i==$date['minutes'] ? " selected" : "").">"
		.$i."</option>\n";
}

return "<select class='textbox' name='${fname}_mday'>"
		.$sel_day."</select>"
	.".<select class='textbox' name='${fname}_month'>"
		.$sel_month."</select>"
	.".<input type='text' class='textbox' name='${fname}_year'"
		." value='".$date['year']."' size='5' maxlength='4'>"
	." / "
	." <select class='textbox' name='${fname}_hours'>"
		.$sel_hours."</select>"
	.":<select class='textbox' name='${fname}_mins'>"
		.$sel_mins."</select>\n";
}


function ec_get_timestamp($fname) {
return mktime($_POST[$fname."_hours"], $_POST[$fname."_mins"], 0,
	$_POST[$fname."_month"], $_POST[$fname."_mday"],
	$_POST[$fname."_year"]);
}



/*
* GUI
*/
$sel_access = "";
$sel_login_access = "";
$fusion_groups = getusergroups();
foreach($fusion_groups as $group) {
list($gid, $gname) = $group;
if(!ec_check_access($gid)) {
	continue;
}

$sel_access .= "<option value='$gid'"
	.($gid==$access ? " selected" : "").">"
	.$gname."</option>\n";

if(!$gid) {
	continue;
}
$sel_login_access .= "<option value='$gid'"
	.($gid==$login_access ? " selected" : "").">"
	.$gname."</option>\n";
}

$sel_repeat = "";
foreach($locale['EC125'] as $rep => $text) {
$sel_repeat .= "<option value='$rep'"
	.($ev_repeat==$rep ? " selected" : "").">"
	."$text</option>\n";
}



/*
* GUI
- <input type='button' value='".EC_BREAK."' class='button' onClick=\"insertText('comment_message', '".EC_BREAK."');\">\n";
*/
opentable(isset($id) ? $locale['EC101'] : $locale['EC100']);
echo ec_get_menu();

$action = FUSION_SELF;
if(isset($id)) {
$action .= "?id=$id";
echo "<div align='right'><a href='view_event.php?id=$id'>"
	.$locale['EC102']."</a>\n";
if(iADMIN) {
	echo " | <a href='$action&status=1'>".($event['ev_status']
		? $locale['EC306']
		: $locale['EC307'])
	."</a>\n";
}
echo "</div>\n";
}


if($errors) {
echo "<p><div style='text-align:center;'><strong>"
	.$locale['EC119']."</strong></div></p>\n";
}
if(isset($errno) && isset($locale['EC113'][$errno])) {
echo "<p><div style='text-align:center;'><strong>"
	.$locale['EC113'][$errno]."</strong></div></p>\n";
}


if($event['ev_status']) {
$status = "<tr>
<td class='forum-caption' height='50' colspan='2' align='center' valign='center'>"
	.$locale['EC113'][EC_ESTATUS]."</td>
</tr>\n";
} else {
$status = "";
}



echo "<p><span class='small2'>".$locale['EC118']."</span>
<form action='$action' method='post' name='inputform'>
<table width='100%' class='tbl-border' cellspacing='1'>
$status
<tr>
<td class='tbl2' width='150'>".$locale['EC103'].": *</td>
<td class='tbl1'><input value='$title' type='text'"
	." name='title' class='textbox' style='width:100%;'></td>
</tr>
<tr>
<td class='tbl2'>".$locale['EC116'].":</td>
<td class='tbl1'><select class='textbox' name='access'>"
	."$sel_access</select></td>
</tr>
<tr>
<td class='tbl2' valign='top'>".$locale['EC104'].": *</td>
<td class='tbl1'><textarea name='desc' rows='8'"
	." class='textbox' style='width:100%;'>".$body
	."</textarea><br>"
	.ec_get_bb_smileys("desc", true, $disable_smilies)."</td>
</tr>
<tr>
<td class='tbl2'>".$locale['EC105'].":</td>
<td class='tbl1'>".ec_make_select($ev_start, "start")
	."<br><span class='small2'>".$locale['EC120']."</span></td>
</tr>
<!-- logins -->
<tr>
<td class='forum-caption' colspan='2'><input type='checkbox'"
	." name='allow_logins'".($allow_logins ? " checked" : "")
	."> ".$locale['EC109']."</td>
</tr>
<tr>
<td class='tbl2'>".$locale['EC110'].":</td>
<td class='tbl1'><input type='text' class='textbox' name='max_logins'"
	." value='$max_logins' size='5' maxlength='5'>"
	." <span class='small2'>".$locale['EC110_1']."</span></td>
</tr>
<tr>
<td class='tbl2'>".$locale['EC116'].":</td>
<td class='tbl2'><select name='login_access' class='textbox'>$sel_login_access</select></td>
</tr>
<!-- misc -->
<tr>
<td class='forum-caption' colspan='2'>".$locale['EC122']."</td>
</tr>
<tr>
<td class='tbl2'>".$locale['EC107'].":</td>
<td class='tbl1'><select class='textbox' name='repeat'>"
	."$sel_repeat</select></td>
</tr>
<tr>
<td class='tbl2' valign='top'>".$locale['EC106'].":</td>
<td class='tbl1'><input type='checkbox' name='is_private'"
	.($is_private ? " checked" : "")." />".$locale['EC108']."<br />
	<input type='checkbox' name='is_reference_date'".($is_reference_date ? " checked" : "")." />Is reference event</td> <!-- Kevin Line -->
</tr>
<tr>
<td class='tbl2' colspan='2' align='center'>"
	."<input type='submit' name='save' class='button'"
		." value='".$locale['EC111']."'></td>
</tr>
</table>
</form>";
closetable();


require_once(BASEDIR."side_right.php");
require_once(BASEDIR."footer.php");
?>

 

registration.php - my custom registration script:

<?php

require_once "maincore.php";
require_once "subheader.php";
require_once "side_left.php";

function myEscape($string){
return get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string);
}

if(file_exists(INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php")) {
include INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php";
} else {
include INFUSIONS."aw_ecal_panel/locale/German.php";
}

if(!iMEMBER){
   fallback();
}

if(isset($_GET['evid'])){
   $ev_id = myEscape($_GET['evid']);
   $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id='$ev_id'");
   $event = dbarray($ev);

   $ev_id = $event['ev_id'];
   $user_id = $userdata['user_id'];
   $ev_title = $event['ev_title'];
   $ev_start = $event['ev_start'];
   $ev_end = $event['ev_end'];
}

$errMessage = NULL;

if(isset($_POST['submit'])){
   $ev_id = myEscape($_POST['evid']);   
   $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id='$ev_id'");
   $event = dbarray($ev);

   $ev_id = $event['ev_id'];
   $user_id = $userdata['user_id'];
   $ev_title = $event['ev_title'];
   $ev_start = $event['ev_start'];
   $ev_end = $event['ev_end'];

   if(!empty($_POST['regAgent']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regAgent'])){
      $regAgent = myEscape($_POST['regAgent']);
      $ra = TRUE;
   }

   else{
      $errMessage .= "Please enter your name!<br />\n";
   }

   if(!empty($_POST['agentWritingNum']) && preg_match("/^[0-9a-zA-Z]*$/i", $_POST['agentWritingNum'])){
      $agentWritingNum = myEscape($_POST['agentWritingNum']);
      $awn = TRUE;
   }

   else{
      $errMessage .= "Please enter your writing number!<br />\n";
   }

   if(!empty($_POST['phoneNum'])){
      $phoneNum = $_POST['phoneNum'];

      if(preg_match("/^[0-9]{3}$/i", $phoneNum[0]) && preg_match("/^[0-9]{3}$/i", $phoneNum[1]) && preg_match("/^[0-9]{4}$/i", $phoneNum[2])){
         $areaCode = myEscape($phoneNum[0]);
         $firstPart = myEscape($phoneNum[1]);
         $secondPart = myEscape($phoneNum[2]);
         $phoneText = "$areaCode-$firstPart-$secondPart";
         $phone = TRUE;
      }

      else{
         $errMessage .= "Please enter your correct phone number!<br />\n";
      }
   }

   else{
      $errMessage .= "Please enter your phone number!<br />\n";
   }

   if(!empty($_POST['emailAddress']) && preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/i", $_POST['emailAddress'])){
      $email = myEscape($_POST['emailAddress']);
      $e = TRUE;
   }

   else{
      $errMessage .= "Please enter your e-mail address!<br />\n";
   }

   if(!empty($_POST['regionalSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regionalSales'])){
      $regSales = myEscape($_POST['regionalSales']);
      $rs = TRUE;
   }

   else{
      $errMessage .= "Please enter the name of your regional sales coordinator!<br />\n";
   }

   if(!empty($_POST['districtSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['districtSales'])){
      $disSales = myEscape($_POST['districtSales']);
      $ds = TRUE;
   }

   else{
      $errMessage .= "Please enter the name of your district sales coordinator!<br />\n";
   }

   if($ra && $awn && $phone && $email && $rs && $ds){ //start the big process of updating tables and e-mailing results
      $timestamp = strtotime("now");

      $aflacQuery = "INSERT INTO ".DB_PREFIX."aflac (registering_agent, agent_writing_number, phone, email, regional_sales_coordinator, district_sales_coordinator, ev_id, user_id, ev_title, ev_start, ev_end, login_timestamp, login_status) VALUES ('". $regAgent ."', '". $agentWritingNum ."', '". $phoneText ."', '". $email ."', '". $regSales ."', '". $disSales ."', '". $ev_id ."', '". $user_id ."', '". $ev_title ."', '". $ev_start ."', '". $ev_end ."', '". $timestamp ."', '1')";
      $aflacResult = dbquery($aflacQuery);

      $eventQuery = "UPDATE ".DB_PREFIX."aw_ec_events SET ev_allow_logins='1' WHERE ev_id='".$ev_id."'";
      $eventResult = dbquery($eventQuery);

      $loginsQuery = "INSERT INTO ".DB_PREFIX."aw_ec_logins (ev_id, user_id, login_comment, login_status, login_timestamp) VALUES ('". $ev_id ."', '". $user_id ."', 'Definitely Agreed', '1', '". $timestamp ."')";
      $loginsResult = dbquery($loginsQuery);

      if($aflacResult && $eventResult && $loginsResult){
         $eventTimestamp = strtotime($ev_start);
         $eventDate = date("m-d-Y h:i:s T", $eventTimestamp);
         $userName = $userdata['user_name'];

         $to = "kevinmajor1@gmail.com";

         $subject = "Event Registration ($ev_title)";

         $mailMessage = "<html>\n<head>\n<title>Event Registration Information</title>\n</head>\n\n<body>";
         $mailMessage .= "Below is the registration information:<br />\n<br />\n";
         $mailMessage .= "Event Name: $ev_title<br />\nEvent Date: $eventDate<br />\nRegistering Agent: $regAgent<br />\nUser Name: $userName<br />\n";
         $mailMessage .= "Agent Writing Number: $agentWritingNum<br />\nPhone Number: $phoneText<br />\n";
         $mailMessage .= "E-mail Address: $email<br />\nRegional Sales Coordinator: $regSales<br />\n";
         $mailMessage .= "District Sales Coordinator: $disSales<br />\n</body>\n</html>";

         $headers = 'MIME-Version: 1.0' . "\r\n";
         $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

         mail($to, $subject, $mailMessage, $headers);

	 $userName = htmlentities(rawurlencode($userName));
	 $ev_title = htmlentities(rawurlencode($ev_title));

         header("Location: success.php?user=$userName&event=$ev_title");
      }

      else{
         echo "<br />Something went wrong with the insert!<br /><br />\n\n";
      }
   }

   else{
      echo "<div style='color: red;'>$errMessage</div><br />";
   }
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Registration Form</title>
<link rel="stylesheet" type="text/css" href="formstyles.css">
</head>

<body style="text-align: center;">

<div style="width: 400px; margin: 0 auto;">
Registration Form<br /><br />
<form action="<?php echo $_SERVER['PHP_SELF']; ?>?evid=<?php echo $ev_id; ?>" method="post">
<fieldset class="narrow"><legend>Please input your information</legend>
	<p><label for="regAgent">Registering Agent:</label><input type="text" name="regAgent" value="<?php if(isset($_POST['regAgent'])){echo $_POST['regAgent'];} ?>" /></p>
	<p><label for="agentWritingNum">Agent Writing Number:</label><input type="text" name="agentWritingNum" value="<?php if(isset($_POST['agentWritingNum'])){echo $_POST['agentWritingNum'];} ?>" /></p>
	<p><label for="phoneNum">Phone Number:</label>(<input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][0];} ?>" />) - <input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][1];} ?>" /> - <input type="text" name="phoneNum[]" size="4" maxlength="4" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][2];} ?>" /></p>
	<p><label for="emailAddress">E-mail Address:</label><input type="text" name="emailAddress" value="<?php if(isset($_POST['emailAddress'])){echo $_POST['emailAddress'];} ?>" /></p>
	<p><label for="regionalSales">Regional Sales Coordinator:</label><input type="text" name="regionalSales" value="<?php if(isset($_POST['regionalSales'])){echo $_POST['regionalSales'];} ?>" /></p>
	<p><label for="districtSales">District Sales Coordinator:</label><input type="text" name="districtSales" value="<?php if(isset($_POST['districtSales'])){echo $_POST['districtSales'];} ?>" /></p>
</fieldset>
        <input type="hidden" name="evid" value="<?php echo $ev_id; ?>" />
        <p><input type="submit" name="submit" value="Submit" /></p>
</form>
</div>

</body>
</html>

<?php

require_once "side_right.php";
require_once "footer.php";

?>

 

success.php - the script that basically just outputs "Yay, you registered correctly!"

<?php

require_once "maincore.php";
require_once "subheader.php";
require_once "side_left.php";

if(!iMEMBER){
   fallback();
}

if(isset($_GET['user'])){
   $userName = $_GET['user'];
}

if(isset($_GET['event'])){
   $eventName = $_GET['event'];
}

$text = "Thank you $userName for registering for the following event:<br />\n";
$text .= "$eventName<br />\n<br />\n<a href='".BASEDIR."/news.php'>Please click here to return home</a>";

echo $text;

require_once "side_right.php";
require_once "footer.php";

?>

 

The resulting HTML of the failed attempts:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY></BODY></HTML>

 

Any ideas? I'd be especially grateful if someone who played around with PHP-Fusion responded. I'm thinking there may be something in maincore.php (Fusion's engine) that may be conflicting with my scripts.

 

EDIT:

 

I'm not a pro at regular expressions, but could the following code in maincore.php be screwing me up?

 

<?php

// Prevent any possible XSS attacks via $_GET.
foreach ($_GET as $check_url) {
if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) ||
	(eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) ||
	(eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) ||
	(eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) ||
	(eregi("\"", $check_url))) {
die ();
}
}

?>

I'm not a pro at regular expressions, but could the following code in maincore.php be screwing me up?

 

<?php

// Prevent any possible XSS attacks via $_GET.
foreach ($_GET as $check_url) {
if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) ||
	(eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) ||
	(eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) ||
	(eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) ||
	(eregi("\"", $check_url))) {
die ();
}
}

?>

 

Apparently this is the problem.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.