section of the code. #This file determines the registration page for BUSINESS users on ChurchMapped. Note that this file uses AJAX, and so we should create a corresponding JavaScript file too. We should use AJAX technology to check for the following: # Whether the email is already in the database # Whether the handle is already in the database # That the business trading name #This part deals with the HTML and styling. In local testing, be sure to remove this because it will connect to the production server. echo ''; echo ''; echo ''; echo 'ChurchMapped Registration - Business account'; echo ' '; echo ' '; echo ' '; echo ' '; echo ''; echo ''; echo ''; echo ''; echo ''; echo ' '; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ' '; echo ''; echo ' '; echo ''; echo ''; echo ''; $errors = array(); #The errors array contains all the issues that might arise during registration of the form. If there are no issues, we enter the data into the database. # Use parameterised queries for cybersecurity purposes. echo '
'; echo '
'; echo 'Please see our privacy policy for information on how we manage your data. By registering on the ChurchMapped platform, you confirm that you have read the privacy policy, agree with it, and give us your consent into how we manage your data as outlined in the privacy policy.'; echo '
'; echo '* indicates required'; echo '
'; echo '
'; echo '
'; #This begins the form for the personal user. We leave the action field blank because we want it to be the case that the user still remains on the page. if(!isset($_POST['officialNameOfBusiness'])){ echo 'Official name of business*:' . ' '; echo ''; #This asks the user for the official name of the business. It is a required field. It has a minimum length of 1 character and a maximum length of 100 characters (this is longer than the fields for names for users registering for a PERSONAL account owing to the fact that business names are typically longer. However, if for whatever reason a business has a longer official name, we should communicate in the $errors array that they should contact support@churchmapped.com so that we can assist them in their registration - this would involve manually inserting the company into the database. Note that when validating input for the official name of the business, it is more "liberal" (i.e. less stringent) than validating names on the personal registration form because business names can really be anything. }else{ echo 'Official name of business*:' . ' '; echo ''; #This asks the user for the official name of the business. It is a required field. It has a minimum length of 1 character and a maximum length of 100 characters (this is longer than the fields for names for users registering for a PERSONAL account owing to the fact that business names are typically longer. However, if for whatever reason a business has a longer official name, we should communicate in the $errors array that they should contact support@churchmapped.com so that we can assist them in their registration - this would involve manually inserting the company into the database. Note that when validating input for the official name of the business, it is more "liberal" (i.e. less stringent) than validating names on the personal registration form because business names can really be anything. } echo '
'; echo '
'; if(!isset($_POST['tradingNameOfBusiness'])){ echo 'Business trading name:' . ' '; echo ''; #This asks the user for the trading name of the business. It sometimes happens that a business has two names - it's legal name, which we asked for above, and a trading name. This field asks the user for a trading name -- if they have one. Because a trading name is not always used, this field is *optional*. Note that when validating input for the trading name of the business, it is more "liberal" (i.e. less stringent) than validating names on the personal registration form because business names can really be anything. }else{ echo 'Business trading name:' . ' '; echo ''; #This asks the user for the trading name of the business. It sometimes happens that a business has two names - it's legal name, which we asked for above, and a trading name. This field asks the user for a trading name -- if they have one. Because a trading name is not always used, this field is *optional*. Note that when validating input for the trading name of the business, it is more "liberal" (i.e. less stringent) than validating names on the personal registration form because business names can really be anything. } echo '
'; echo '
'; if(!isset($_POST['emailOfBusiness'])){ echo 'Business e-mail address for your account on ChurchMapped*:' . ' '; echo ''; #This asks the user for a valid e-mail address. Like the personal registration form, this is a required field and the minlength is 1 character and the maxlength is 40 characters. However, we use a size of 60 which dictates the visual appearance of this field. }else{ echo 'Business e-mail address for your account on ChurchMapped*:' . ' '; echo ''; #This asks the user for a valid e-mail address. Like the personal registration form, this is a required field and the minlength is 1 character and the maxlength is 40 characters. However, we use a size of 60 which dictates the visual appearance of this field. } echo '
'; echo '
'; if(!isset($_POST['transactionRelatedEmailOfBusiness'])){ echo 'E-mail address where you want us to send transaction-related information:'; echo '
'; echo 'If you intend to sell an item on the ChurchMapped platform, you can enter an e-mail address here. Transaction-related information will be sent to this e-mail, leaving your primary e-mail free from what might turn out to be frequent sales e-mails. If this field is blank, we will send all transaction-related e-mails to your primary business e-mail address. This is not the e-mail address you use to log in to your account'; echo '
'; echo ''; #This is an *optional* field. This field has a minlength of 1 and a maxlength of 40. We make it optional because some users might want transaction-related emails to be sent to their primary e-mail address. } else{ echo 'E-mail address where you want us to send transaction-related information:'; echo '
'; echo 'If you intend to sell an item on the ChurchMapped platform, you can enter an e-mail address here. Transaction-related information will be sent to this e-mail, leaving your primary e-mail free from what might turn out to be frequent sales e-mails. If this field is blank, we will send all transaction-related e-mails to your primary business e-mail address. This is not the e-mail address you use to log in to your account'; echo '
'; echo ''; #This is an *optional* field. This field has a minlength of 1 and a maxlength of 40. We make it optional because some users might want transaction-related emails to be sent to their primary e-mail address. } echo '
'; echo '
'; echo 'Password*:' . ' '; #We do not use sticky values for passwords. echo '
'; echo 'Your password must contain between 6 characters and 15 characters (all inclusive). They must also contain at least one letter, one number and one special character. Furthermore, they may not contain consecutive characters - for example, "123" or "abc".'; echo '
'; echo ''; echo '
'; echo '
'; echo 'Confirm Password*:'; #We do not use sticky values for passwords. echo '
'; echo 'Please ensure the information entered into this field is the same as the Password field.'; echo '
'; echo ''; echo '
'; echo '
'; if(!isset($_POST['handleOfBusinessOnChurchMapped'])){ #We use this if() clause for a sticky value for the business' handle on ChurchMapped. echo 'Please choose a handle to use on the ChurchMapped platform*:'; #The handle for the business is a required field on the ChurchMapped platform echo '
'; echo 'A handle must be a minimum of 1 character and a maximum of 20 characters. They may contain alphanumeric characters and an underscore. Handles must contain at least one alphabetical character. Lastly, they may not contain the words "ChurchMapped", "Admin" or "Null"'; #Here we communicate to the user the requirements of a ChurchMapped handle, namely, that it must contain at least one alphabetical character and they may contain alphanumeric characters and an underscore. We also prohibit the handles "ChurchMapped", "Admin" and "Null". Interestingly, we omit "God" because some users that register for a business account - e.g. charitable organisations - might legitimately have God's name in their name. echo '
'; echo '@' . ' '; } else{ echo 'Please choose a handle to use on the ChurchMapped platform*:'; #The handle for the business is a required field on the ChurchMapped platform echo '
'; echo 'A handle must be a minimum of 1 character and a maximum of 20 characters. They may contain alphanumeric characters and an underscore. Handles must contain at least one alphabetical character. Lastly, they may not contain the words "ChurchMapped", "Admin" or "Null"'; #Here we communicate to the user the requirements of a ChurchMapped handle, namely, that it must contain at least one alphabetical character and they may contain alphanumeric characters and an underscore. We also prohibit the handles "ChurchMapped", "Admin" and "Null". Interestingly, we omit "God" because some users that register for a business account - e.g. charitable organisations - might legitimately have God's name in their name. echo '
'; echo '@' . ' '; } echo '
'; echo '
'; # This segment deals with the primary sector the business operates in. if(isset($_POST['primarySectorOfBusiness'])){ #Here we check to see if the user has already submitted the sector in which their business operates in echo 'Primary sector that the business operates in*:' . ' '; $queryToSelectVariousSectorsOfBusiness = "SELECT * FROM churchma_USERS_ON_CHURCHMAPPED.business_type_by_sic_code"; #We use this statement to retrieve the various sector types that a business can be. $resultOfQueryToSelectVariousSectorsOfBusiness = mysqli_query($conn, $queryToSelectVariousSectorsOfBusiness); $maximumNumberOfVariousSectorsOfBusiness = mysqli_num_rows($resultOfQueryToSelectVariousSectorsOfBusiness); #We get the number of rows returned by the query for later input validation. If the value entered is greater than this value, then we know it is spurious. echo ''; #This ends the select statement that fetches for the rows of what sector the business is in. } else{ echo 'Primary sector that the business operates in*:' . ' '; $queryToSelectVariousSectorsOfBusiness = "SELECT * FROM churchma_USERS_ON_CHURCHMAPPED.business_type_by_sic_code"; #We use this statement to retrieve the various sector types that a business can be. $resultOfQueryToSelectVariousSectorsOfBusiness = mysqli_query($conn, $queryToSelectVariousSectorsOfBusiness); $maximumNumberOfVariousSectorsOfBusiness = mysqli_num_rows($resultOfQueryToSelectVariousSectorsOfBusiness); #We get the number of rows returned by the query for later input validation. If the value entered is greater than this value, then we know it is spurious. echo ''; #This ends the select statement that fetches for the rows of what sector the business is in. } # This ends the segment of the primary sector the business is in. echo '
'; echo '
'; #This begins the segment of the secondary sector that the business operates in if(isset($_POST['secondarySectorOfBusiness'])){ #This creates a sticky value for the secondary sector that the business operates in. echo 'Secondary sector that the business operates in:' . ' '; #We use this statement to retrieve the various sector types that a business can be. Note that unlike the primary sector, the secondary sector is an optional field because some businesses might just operate in a single (i.e. primary) sector. $queryToSelectVariousSectorsOfBusiness = "SELECT * FROM churchma_USERS_ON_CHURCHMAPPED.business_type_by_sic_code"; #We use this statement to retrieve the various sector types that a business can be. $resultOfQueryToSelectVariousSectorsOfBusiness = mysqli_query($conn, $queryToSelectVariousSectorsOfBusiness); echo ''; #This ends the select statement that fetches for the rows of what sector the business is in. } else{ echo 'Secondary sector that the business operates in:' . ' '; #We use this statement to retrieve the various sector types that a business can be. Note that unlike the primary sector, the secondary sector is an optional field because some businesses might just operate in a single (i.e. primary) sector. $queryToSelectVariousSectorsOfBusiness = "SELECT * FROM churchma_USERS_ON_CHURCHMAPPED.business_type_by_sic_code"; #We use this statement to retrieve the various sector types that a business can be. $resultOfQueryToSelectVariousSectorsOfBusiness = mysqli_query($conn, $queryToSelectVariousSectorsOfBusiness); echo ''; #This ends the select statement that fetches for the rows of what sector the business is in. } # This ends the segment of the secondary sector that the business operates in echo '
'; echo '
'; #This begins the segment for the first line of address for the headquarters of the business. if(!isset($_POST['addressLineOneOfHeadquartersForBusiness'])){ #We use this if(){} clause to create a sticky value. If the first line of address for the headquarters is not submitted, we echo out the following line of code without any user-submitted data. Otherwise, we echo out the form with user-submitted data. echo 'Headquarters address line 1*:' . ' '; #This segment determines the first line of address of the headquarters of the business. This is a *required* field because, among other things, we might need it for legal notices. echo ''; #The minlength of the first line of the address is 1 and the maxlength is 50. This is based on the same requirements for the ChurchMapped registration form for PERSONAL accounts. }else{ echo 'Headquarters address line 1*:' . ' '; #This segment determines the first line of address of the headquarters of the business. This is a *required* field because, among other things, we might need it for legal notices. echo ''; #The minlength of the first line of the address is 1 and the maxlength is 50. This is based on the same requirements for the ChurchMapped registration form for PERSONAL accounts. } echo '
'; echo '
'; #This begins the segment for the second line of address for the headquarters of the business. if(!isset($_POST['addressLineTwoOfHeadquartersForBusiness'])){ #This creates a sticky value for the second line of the address for the headquarters of the business. echo 'Headquarters address line 2:' . ' '; #This segment determines the second line of address of the business. It is an optional field - as such, it doesn't have a minlength. echo ''; echo '
'; echo '
'; }else{ echo 'Headquarters address line 2:' . ' '; #This segment determines the second line of address of the business. It is an optional field - as such, it doesn't have a minlength. echo ''; echo '
'; echo '
'; } #This begins the segment for the third line of address for the headquarters of the business. if(!isset($_POST['addressLineThreeOfHeadquartersForBusiness'])){ echo 'Headquarters address line 3:' . ' '; #This segment determines the third line of address - it is used for the state/province/county/canton, etc of where the business is based. echo ''; #Because address line three of the headquarters of the business is optional, we do not set a minlength of 1 (we leave minlength out completely). echo '
'; echo '
'; } else{ echo 'Headquarters address line 3:' . ' '; #This segment determines the third line of address - it is used for the state/province/county/canton, etc of where the business is based. echo ''; #Because address line three of the headquarters of the business is optional, we do not set a minlength of 1 (we leave minlength out completely). echo '
'; echo '
'; } #This segment relates to the postcode of the headquarters of the business. if(!isset($_POST['postcodeOfHeadquartersForBusiness'])){ #This if(){} clause relates to creating a sticky value for the postcode of the headquarters of the business. echo 'Headquarters postcode:' . ' '; echo ''; echo '
'; echo '
'; }else{ echo 'Headquarters postcode:' . ' '; echo ''; echo '
'; echo '
'; } #This segment deals with the country that the headquarters is based in. if(!isset($_POST['countryOfHeadquartersForBusiness'])){ echo 'Country that headquarters is in*:' . ' '; #We use this segment to find out the country the headquarters of the business is in. We access the database churchma_USERS_ON_CHURCHMAPPED and the table countries (we could also access the database churchma_GEOGRAPHY and the table countries). Note that the value actually stored in the database is a number of SMALLINT type. Therefore, the option value should be a number but for obvious stylistic purposes, the actual name of the country should be displayed. This is a required field for a number of reasons, not least for legal reasons. For input validation reasons, we should also ensure the number submitted does not exceed the maximum number of rows actually in the table. echo ''; }else{ echo 'Country that headquarters is in*:' . ' '; #We use this segment to find out the country the headquarters of the business is in. We access the database churchma_USERS_ON_CHURCHMAPPED and the table countries (we could also access the database churchma_GEOGRAPHY and the table countries). Note that the value actually stored in the database is a number of SMALLINT type. Therefore, the option value should be a number but for obvious stylistic purposes, the actual name of the country should be displayed. This is a required field for a number of reasons, not least for legal reasons. For input validation reasons, we should also ensure the number submitted does not exceed the maximum number of rows actually in the table. echo ''; } echo '
'; echo '
'; #This segment deals with the continent that the headquarters the business is in. if(!isset($_POST['continentOfHeadquarters'])){ echo 'Continent that headquarters is in*:' . ' '; #We use this segment to find out the continent the headquarters of the business is in. We do this by accessing the database churchma_USERS_ON_CHURCHMAPPED and the table continents (we could also access the database churchma_GEOGRAPHY and the table continents). Note that the value actually stored in the database is a number of SMALLINT type. This is a required field for a number of reasons, not least for legal reasons. For input validation reasons, we should also ensure the number submitted does not exceed the maximum number of rows actually in the table. echo ''; #This ends the ' . ' '; $queryToSelectVariousContinents = "SELECT * FROM churchma_USERS_ON_CHURCHMAPPED.continents"; #We use this MySQL statement to retrieve the information from the database for the continents that we have. $resultOfQueryToSelectVariousContinents = mysqli_query($conn, $queryToSelectVariousContinents); $maximumNumberOfContinents = mysqli_num_rows($resultOfQueryToSelectVariousContinents); #We get the number of rows returned from the query of selecting the continents in the database in order to use this later for input validation - if the value entered is somehow bigger than this, we know it is a spurious value. while($row = mysqli_fetch_array($resultOfQueryToSelectVariousContinents, MYSQLI_ASSOC)){ if($row['continent_id'] == $_POST['continentOfHeadquarters']){ echo ''; }else{ echo ''; } } echo ''; #This ends the ' . ' ' . '' . ' ' . ''; #We hardcode the minimum year as being "705" because according to reports, the oldest business in the world was formed this year. Unlikely we will ever have to deal with this, but still good to account for. } elseif(!isset($_POST['dayOfFormationOfBusiness']) && !isset($_POST['monthOfFormationOfBusiness'])){ #Here we deal with the situation where neither the day of formation and month of formation has been entered, in order to create a sticky value for year of formation echo 'Date of business formation or incorporation*:'; #This asks the business user the year the business was formed. We also inform the user if they are registering as a self-employed user, it is acceptable to give an approximate date. Unlike the birthday for a personal user, there is really no need to detect for the minimum age. However, we should have a maximum age, and that is determined by the year of business formation or incorporation being no later than the current year (i.e. we don't accept businesses that will be formed in the future - e.g. if we are in 2021, it is spurious data to be enter data for the year 2045!). However, one slight technical issue is that if a user is in a future timezone and they have only just registered their business on January 1st whilst we in Britain are still on New Year's Eve (December 31st), it is possible our code will throw an error because the date is determined by the date on the server. Whilst this is a possibility, I think I am safe enough in overlooking this. echo '
'; echo 'If you are registering as a self-employed user, it is acceptable to give an approximate date'; echo '
'; echo '' . ' ' . '' . ' ' . ''; #We hardcode the minimum year as being "705" because according to reports, the oldest business in the world was formed this year. Unlikely we will ever have to deal with this, but still good to account for. } elseif(!isset($_POST['dayOfFormationOfBusiness']) && !isset($_POST['yearOfFormationOfBusiness'])){ #Here we deal with the situation where neither the day of formation and year of formation has been entered, in order to create a sticky value for month of formation echo 'Date of business formation or incorporation*:'; #This asks the business user the year the business was formed. We also inform the user if they are registering as a self-employed user, it is acceptable to give an approximate date. Unlike the birthday for a personal user, there is really no need to detect for the minimum age. However, we should have a maximum age, and that is determined by the year of business formation or incorporation being no later than the current year (i.e. we don't accept businesses that will be formed in the future - e.g. if we are in 2021, it is spurious data to be enter data for the year 2045!). However, one slight technical issue is that if a user is in a future timezone and they have only just registered their business on January 1st whilst we in Britain are still on New Year's Eve (December 31st), it is possible our code will throw an error because the date is determined by the date on the server. Whilst this is a possibility, I think I am safe enough in overlooking this. echo '
'; echo 'If you are registering as a self-employed user, it is acceptable to give an approximate date'; echo '
'; echo '' . ' ' . '' . ' ' . ''; #We hardcode the minimum year as being "705" because according to reports, the oldest business in the world was formed this year. Unlikely we will ever have to deal with this, but still good to account for. } elseif(!isset($_POST['monthOfFormationOfBusiness']) && !isset($_POST['yearOfFormationOfBusiness'])){ #Here we deal with the situation where neither the month of the formation or the year of formation has been filled in, in order to create a sticky value for day of formation. echo 'Date of business formation or incorporation*:'; #This asks the business user the year the business was formed. We also inform the user if they are registering as a self-employed user, it is acceptable to give an approximate date. Unlike the birthday for a personal user, there is really no need to detect for the minimum age. However, we should have a maximum age, and that is determined by the year of business formation or incorporation being no later than the current year (i.e. we don't accept businesses that will be formed in the future - e.g. if we are in 2021, it is spurious data to be enter data for the year 2045!). However, one slight technical issue is that if a user is in a future timezone and they have only just registered their business on January 1st whilst we in Britain are still on New Year's Eve (December 31st), it is possible our code will throw an error because the date is determined by the date on the server. Whilst this is a possibility, I think I am safe enough in overlooking this. echo '
'; echo 'If you are registering as a self-employed user, it is acceptable to give an approximate date'; echo '
'; echo '' . ' ' . '' . ' ' . ''; #We hardcode the minimum year as being "705" because according to reports, the oldest business in the world was formed this year. Unlikely we will ever have to deal with this, but still good to account for. } elseif(!isset($_POST['dayOfFormationOfBusiness'])){ #Here we deal with the situation where the day of formation has not been filled in, in order to create a sticky value for the month of formation and year of formation. echo 'Date of business formation or incorporation*:'; #This asks the business user the year the business was formed. We also inform the user if they are registering as a self-employed user, it is acceptable to give an approximate date. Unlike the birthday for a personal user, there is really no need to detect for the minimum age. However, we should have a maximum age, and that is determined by the year of business formation or incorporation being no later than the current year (i.e. we don't accept businesses that will be formed in the future - e.g. if we are in 2021, it is spurious data to be enter data for the year 2045!). However, one slight technical issue is that if a user is in a future timezone and they have only just registered their business on January 1st whilst we in Britain are still on New Year's Eve (December 31st), it is possible our code will throw an error because the date is determined by the date on the server. Whilst this is a possibility, I think I am safe enough in overlooking this. echo '
'; echo 'If you are registering as a self-employed user, it is acceptable to give an approximate date'; echo '
'; echo '' . ' ' . '' . ' ' . ''; #We hardcode the minimum year as being "705" because according to reports, the oldest business in the world was formed this year. Unlikely we will ever have to deal with this, but still good to account for. } elseif(!isset($_POST['monthOfFormationOfBusiness'])){ #Here we deal with the situation where the month of formation has not been filled in, in order to create a sticky value for the day of formation and year of formation. echo 'Date of business formation or incorporation*:'; #This asks the business user the year the business was formed. We also inform the user if they are registering as a self-employed user, it is acceptable to give an approximate date. Unlike the birthday for a personal user, there is really no need to detect for the minimum age. However, we should have a maximum age, and that is determined by the year of business formation or incorporation being no later than the current year (i.e. we don't accept businesses that will be formed in the future - e.g. if we are in 2021, it is spurious data to be enter data for the year 2045!). However, one slight technical issue is that if a user is in a future timezone and they have only just registered their business on January 1st whilst we in Britain are still on New Year's Eve (December 31st), it is possible our code will throw an error because the date is determined by the date on the server. Whilst this is a possibility, I think I am safe enough in overlooking this. echo '
'; echo 'If you are registering as a self-employed user, it is acceptable to give an approximate date'; echo '
'; echo '' . ' ' . '' . ' ' . ''; #We hardcode the minimum year as being "705" because according to reports, the oldest business in the world was formed this year. Unlikely we will ever have to deal with this, but still good to account for. } elseif(!isset($_POST['yearOfFormationOfBusiness'])){ echo 'Date of business formation or incorporation*:'; #This asks the business user the year the business was formed. We also inform the user if they are registering as a self-employed user, it is acceptable to give an approximate date. Unlike the birthday for a personal user, there is really no need to detect for the minimum age. However, we should have a maximum age, and that is determined by the year of business formation or incorporation being no later than the current year (i.e. we don't accept businesses that will be formed in the future - e.g. if we are in 2021, it is spurious data to be enter data for the year 2045!). However, one slight technical issue is that if a user is in a future timezone and they have only just registered their business on January 1st whilst we in Britain are still on New Year's Eve (December 31st), it is possible our code will throw an error because the date is determined by the date on the server. Whilst this is a possibility, I think I am safe enough in overlooking this. echo '
'; echo 'If you are registering as a self-employed user, it is acceptable to give an approximate date'; echo '
'; echo '' . ' ' . '' . ' ' . ''; #We hardcode the minimum year as being "705" because according to reports, the oldest business in the world was formed this year. Unlikely we will ever have to deal with this, but still good to account for. } elseif(isset($_POST['dayOfFormationOfBusiness']) && isset($_POST['monthOfFormationOfBusiness']) && isset($_POST['yearOfFormationOfBusiness'])){ #This segment determines the situation where all the information has been inserted for the business. echo '
'; echo 'If you are registering as a self-employed user, it is acceptable to give an approximate date'; echo '
'; echo '' . ' ' . '' . ' ' . ''; } echo '
'; echo '
'; # This segment deals with the trading address line one for the business if(!isset($_POST['tradingAddressLineOneForBusiness'])){ #This if(){} clause is set to create a sticky value. echo 'Business trading address line 1:'; #The trading address line 1 is optional because some businesses effectively operate just out of their headquarters address. echo '
'; echo 'If the address at which you usually trade at is different from the headquarters or official address, please fill this in. Otherwise, you can leave this field blank or enter the same information as you entered in the business headquarters address'; echo '
'; echo ''; #Because the trading address line 1 is optional, we do not set a minlength. We set a maxlength of 50 to ensure consistency with the headquarters address line 1. }else{ echo 'Business trading address line 1:'; #The trading address line 1 is optional because some businesses effectively operate just out of their headquarters address. echo '
'; echo 'If the address at which you usually trade at is different from the headquarters or official address, please fill this in. Otherwise, you can leave this field blank or enter the same information as you entered in the business headquarters address'; echo '
'; echo ''; #Because the trading address line 1 is optional, we do not set a minlength. We set a maxlength of 50 to ensure consistency with the headquarters address line 1. } echo '
'; echo '
'; #This segment deals with the trading address line two for the business if(!isset($_POST['tradingAddressLineTwoForBusiness'])){ #This if(){} clause helps us create a sticky value for this part of the form. echo 'Business trading address line 2:'; #The trading address line 2 is optional because some businesses effectively operate just out of their headquarters address. echo '
'; echo 'If the address at which you usually trade at is different from the headquarters or official address, please fill this in. Otherwise, you can leave this field blank or enter the same information as you entered in the business headquarters address'; echo '
'; echo ''; #Because the trading address line 2 is optional, we do not set a minlength. }else{ echo 'Business trading address line 2:'; #The trading address line 2 is optional because some businesses effectively operate just out of their headquarters address. echo '
'; echo 'If the address at which you usually trade at is different from the headquarters or official address, please fill this in. Otherwise, you can leave this field blank or enter the same information as you entered in the business headquarters address'; echo '
'; echo ''; #Because the trading address line 2 is optional, we do not set a minlength. } echo '
'; echo '
'; #This segment deals with the trading address line three for the business if(!isset($_POST['tradingAddressLineThreeForBusiness'])){ #This if(){} clause helps create a sticky value echo 'Business trading address line 3:'; #The trading address line 3 is optional because some businesses effectively operate just out of their headquarters address. echo '
'; echo 'If the address at which you usually trade at is different from the headquarters or official address, please fill this in. Otherwise, you can leave this field blank or enter the same information as you entered in the business headquarters address'; echo '
'; echo ''; }else{ echo 'Business trading address line 3:'; #The trading address line 3 is optional because some businesses effectively operate just out of their headquarters address. echo '
'; echo 'If the address at which you usually trade at is different from the headquarters or official address, please fill this in. Otherwise, you can leave this field blank or enter the same information as you entered in the business headquarters address'; echo '
'; echo ''; } echo '
'; echo '
'; #This segment deals with the postcode of the trading address of the business if(!isset($_POST['postcodeOfTradingAddressOfBusiness'])){ #This if(){} clause helps create a sticky value for the postcode of the trading address of the business. echo 'Business trading address postcode:' . ' '; echo '
'; echo 'If the address at which you usually trade at is different from the headquarters or official address, please fill this in. Otherwise, you can leave this field blank or enter the same information as you entered in the business headquarters address'; echo '
'; echo ''; }else{ echo 'Business trading address postcode:' . ' '; echo '
'; echo 'If the address at which you usually trade at is different from the headquarters or official address, please fill this in. Otherwise, you can leave this field blank or enter the same information as you entered in the business headquarters address'; echo '
'; echo ''; } echo '
'; echo '
'; #This segment deals with the country of the trading address if(!isset($_POST['countryOfTradingAddress'])){ echo 'Country of trading address:' . ' '; #The country of the trading address is optional because some businesses effectively operate just out of their headquarters address. echo ''; }else{ echo 'Country of trading address:' . ' '; #The country of the trading address is optional because some businesses effectively operate just out of their headquarters address. echo ''; } echo '
'; echo '
'; # This segment deals with the continent of the trading address. if(!isset($_POST['continentOfTradingAddress'])){ #This helps create a sticky value for the continent of the trading address. echo 'Continent of trading address:' . ' '; echo ''; #This ends the ' . ' '; $queryToSelectVariousContinents = "SELECT * FROM churchma_USERS_ON_CHURCHMAPPED.continents"; #We use this MySQL statement to retrieve the information from the database for the continents that we have. $resultOfQueryToSelectVariousContinents = mysqli_query($conn, $queryToSelectVariousContinents); $maximumNumberOfContinents = mysqli_num_rows($resultOfQueryToSelectVariousContinents); #We get the number of rows returned from the query of selecting the continents in the database in order to use this later for input validation - if the value entered is somehow bigger than this, we know it is a spurious value. while($row = mysqli_fetch_array($resultOfQueryToSelectVariousContinents, MYSQLI_ASSOC)){ if($row['continent_id'] == $_POST['continentOfTradingAddress']){ echo ''; }else{ echo ''; } } echo ''; #This ends the '; #We set the maxlength to 100 to account for the possibility of multiple owners. When validating our code through PHP, we should communicate to the user that if they are seeing this because of an error, they should send an email to support@churchmapped.com }else{ #This segment deals with the directors of the business in question. echo 'Name of director(s) of business*:'; #Here we ask the user/registrant of the name(s) of the director of the business. We need this for information purposes and potentially legal reasons too. echo '
'; echo'Please enter the name of the legal owner of the business. If there are multiple, please separate their names by a comma'; echo '
'; echo ''; #We set the maxlength to 100 to account for the possibility of multiple owners. When validating our code through PHP, we should communicate to the user that if they are seeing this because of an error, they should send an email to support@churchmapped.com } echo '
'; echo '
'; #This segment deals with whether the business is VAT registered or not. We have to ask this for tax and legal reasons. if(!isset($_POST['isBusinessVATRegistered'])){ #We use this if(){} clause to create a sticky value for whether the business is or is not VAT registered. echo 'Is the business VAT-registered (VAT means Value Added Tax)?*:'; #This asks whether the business is VAT-registered or not. This is a required field for tax and legal reasons. We use a radio button which simply asks: "Yes" or "No". However, the values for this are 1 (not VAT-registered) and 2 (VAT-registered). This is because the type of the value for whether the business is VAT-registered is TINYINT. echo '
'; echo '' . ''; echo '
'; echo '' . ''; }elseif($_POST['isBusinessVATRegistered'] == 2){ #If the user has already selected 2, then we edit the code and mark the radio button with the value of 2 as checked. echo 'Is the business VAT-registered (VAT means Value Added Tax)?*:'; #This asks whether the business is VAT-registered or not. This is a required field for tax and legal reasons. We use a radio button which simply asks: "Yes" or "No". However, the values for this are 1 (not VAT-registered) and 2 (VAT-registered). This is because the type of the value for whether the business is VAT-registered is TINYINT. echo '
'; echo '' . ''; echo '
'; echo '' . ''; } elseif($_POST['isBusinessVATRegistered'] == 1){ #If the user has already selected 1 (i.e. the business is *not* VAT-registered), then we edit the code and mark the radio button with the value of 1 as checked. echo 'Is the business VAT-registered (VAT means Value Added Tax)?*:'; #This asks whether the business is VAT-registered or not. This is a required field for tax and legal reasons. We use a radio button which simply asks: "Yes" or "No". However, the values for this are 1 (not VAT-registered) and 2 (VAT-registered). This is because the type of the value for whether the business is VAT-registered is TINYINT. echo '
'; echo '' . ''; echo '
'; echo '' . ''; } echo '
'; echo '
'; #This segment deals with the telephone number of the business. if(!isset($_POST['telephoneNumberForBusiness'])){ #We use this if(){} clause to create a sticky value for the user if they have entered information for their telephone. echo 'Telephone number of business:'; echo '
'; echo ''; #The input for the telephone number for business has been given a maxlength of 20 as there's no real reason why it should be longer than this. This is an optional field. }else{ echo 'Telephone number of business:'; echo '
'; echo ''; #The input for the telephone number for business has been given a maxlength of 20 as there's no real reason why it should be longer than this. This is an optional field. } echo '
'; echo '
'; #This segment deals with the mobile phone number for the business. if(!isset($_POST['mobilePhoneNumberForBusiness'])){ #We use this if(){} clause to create a sticky value for the information entered into the mobile phone field. echo 'Mobile phone number of business:'; echo '
'; echo ''; #The input for the mobile phone number for business has been given a maxlength of 20 as there's no real reason why it should be longer than this. This is an optional field. }else{ echo 'Mobile phone number of business:'; echo '
'; echo ''; #The input for the mobile phone number for business has been given a maxlength of 20 as there's no real reason why it should be longer than this. This is an optional field. } echo '
'; echo '
'; #This segment deals with the website of the business. if(!isset($_POST['websiteForBusiness'])){ echo 'Website of business:' . ' '; #This is an optional field because not every business that registers for an account will have a website. echo '
'; echo 'Upon registration, you will also have a profile on the ChurchMapped platform as well'; echo '
'; echo ''; #We use a text input type rather than url because the url input expects the protocol in front of www (e.g. http:// or https:// ) but it's unrealistic to expect a user to enter this in themselves. We will not validate the integrity of the website itself because PHP's in-built url validator has a number of issues. }else{ echo 'Website of business:' . ' '; #This is an optional field because not every business that registers for an account will have a website. echo '
'; echo 'Upon registration, you will also have a profile on the ChurchMapped platform as well'; echo '
'; echo ''; #We use a text input type rather than url because the url input expects the protocol in front of www (e.g. http:// or https:// ) but it's unrealistic to expect a user to enter this in themselves. We will not validate the integrity of the website itself because PHP's in-built url validator has a number of issues. } echo '
'; echo '
'; #This segment deals with the revenue earned by the business in the previous year if(!isset($_POST['revenueOfBusinessForPreviousYear'])){ echo 'Revenue of business for previous year (British Pound Sterling):' . ' '; echo '£' . ' ' . ''; #We use the value of 922337203685477500 as this is approximately the maximum size that BIGINT can store and we use this here to prevent buffer overflow attacks. On the database, the column revenue_of_business_for_previous_year is of BIGINT type. We do not think at this stage a business will have a revenue larger than this, but if they do, we will communicate to them that if they think they are seeing this in error, they should contact support@churchmapped.com. (I doubt we will have this issue too often, haha!) }else{ #This segment deals with the revenue earned by the business in the previous year echo 'Revenue of business for previous year (British Pound Sterling):' . ' '; echo '£' . ' ' . ''; #We use the value of 922337203685477500 as this is approximately the maximum size that BIGINT can store and we use this here to prevent buffer overflow attacks. On the database, the column revenue_of_business_for_previous_year is of BIGINT type. We do not think at this stage a business will have a revenue larger than this, but if they do, we will communicate to them that if they think they are seeing this in error, they should contact support@churchmapped.com. (I doubt we will have this issue too often, haha!) } echo '
'; echo '
'; #This segment deals with the profit earned by the business in the previous year. if(!isset($_POST['profitOfBusinessForPreviousYear'])){ echo 'Profit of business for previous year (British Pound Sterling):' . ' '; echo '£' . ' ' . ''; #We use the value of 922337203685477500 as this is approximately the maximum size that BIGINT can store and we use this here to prevent buffer overflow attacks. On the database, the column profit_of_business_for_previous_year is of BIGINT type. We do not think at this stage a business will have a profit larger than this, but if they do, we will communicate to them that if they think they are seeing this in error, they should contact support@churchmapped.com. (I doubt we will have this issue too often, haha!) }else{ echo 'Profit of business for previous year (British Pound Sterling):' . ' '; echo '£' . ' ' . ''; #We use the value of 922337203685477500 as this is approximately the maximum size that BIGINT can store and we use this here to prevent buffer overflow attacks. On the database, the column profit_of_business_for_previous_year is of BIGINT type. We do not think at this stage a business will have a profit larger than this, but if they do, we will communicate to them that if they think they are seeing this in error, they should contact support@churchmapped.com. (I doubt we will have this issue too often, haha!) } echo '
'; echo '
'; #This segment deals with the number of employees if(!isset($_POST['numberOfEmployeesAtBusiness'])){ echo 'Number of employees at business (including any owners or directors)*:' . ' '; echo ''; #We use the input type number because we expect a number for this field. Furthermore, we have set a step of 1 because the number of employees is a discrete number. Furthermore, we have set a minimum value of 1 because a company or business by definition must have at least 1 employee (if we are counting owners and directors in this number too). Interestingly, we have set the maximum number to 6000000 (6 million). Why is this? It's because we have sourced the largest employers in the world, and they have employees in the range of 2-3 million. Therefore, if we receive a number larger than 6 million, we know something is wrong. By the way, we have used 6 million as a number to create a healthy "buffer" so that our code doesn't have to keep changing because of population growth. }else{ echo 'Number of employees at business (including any owners or directors)*:' . ' '; echo ''; #We use the input type number because we expect a number for this field. Furthermore, we have set a step of 1 because the number of employees is a discrete number. Furthermore, we have set a minimum value of 1 because a company or business by definition must have at least 1 employee (if we are counting owners and directors in this number too). Interestingly, we have set the maximum number to 6000000 (6 million). Why is this? It's because we have sourced the largest employers in the world, and they have employees in the range of 2-3 million. Therefore, if we receive a number larger than 6 million, we know something is wrong. By the way, we have used 6 million as a number to create a healthy "buffer" so that our code doesn't have to keep changing because of population growth. } echo '
'; echo '
'; #This segment deals with the business' short description of itself. if(!isset($_POST['shortDescriptionOfBusiness'])){ #This segment creates the sticky value for the short description for the business. echo 'Give a short description of your business (max 250 characters). This will be displayed underneath your business profile picture:' . ' '; #This segment deals with the business describing themselves in short. It is an optional field. echo '
'; echo 'Providing a short description of your business will lead to an increased chance of approval by ChurchMapped'; echo '
'; echo ''; }else{ echo 'Give a short description of your business (max 250 characters). This will be displayed underneath your business profile picture:' . ' '; #This segment deals with the business describing themselves in short. It is an optional field. echo '
'; echo 'Providing a short description of your business will lead to an increased chance of approval by ChurchMapped'; echo '
'; echo ''; } echo '
'; echo '
'; #This segment deals with the long description of the business. if(!isset($_POST['longDescriptionOfBusiness'])){ #This segment creates the sticky value for the long description of the business. echo 'Give a longer description of your business (max 4000 characters). This will be displayed in your profile:' . ' '; #This segment deals with the business giving an extensive description of themselves. It is an optional field. We have given it a maxlength of 4000 characters to enable businesses to describe themselves extensively - but note, we should be mindful that malicious users might use this area to inject code, so be extra mindful. echo '
'; echo ''; }else{ echo 'Give a longer description of your business (max 4000 characters). This will be displayed in your profile:' . ' '; #This segment deals with the business giving an extensive description of themselves. It is an optional field. We have given it a maxlength of 4000 characters to enable businesses to describe themselves extensively - but note, we should be mindful that malicious users might use this area to inject code, so be extra mindful. echo '
'; echo ''; } echo '
'; echo '
'; # This begins the segment for the Terms & Conditions. We do not use a sticky value for the checkbox for the Terms & Conditions, so as to avoid the possibility echo 'Terms & Conditions:'; echo '
'; echo 'The terms and conditions can also be read on the ChurchMapped legal page here'; #We include a reference here to the Terms & Conditions on the legal page of ChurchMapped because the textarea might be too small for some readers. echo '
'; echo ''; #We use the text "Lorem ipsum, etc" purely for local testing purposes. In production code, we include the actual Terms & Conditions here. echo '
'; echo '
'; echo 'Do you agree to the terms and conditions? Please check the box to indicate agreement (note: in order to register on the ChurchMapped platform, you must agree with our Terms and Conditions)'; echo ''; #This is what we actually use in the PHP code. We have manually added the value of 1. Whenever we add a new Terms and Conditions or Privacy Policy, we have to amend the value of this checkbox manually. Note that unlike the other inputs here, we always echo the checkbox without a check if a user has submitted information that has not passed our validation checks. This is to comply with GDPR requirements (namely, to avoid the accusation that we have opted the user in by default, which is not allowed). echo '
'; echo '
'; echo 'Privacy policy:'; echo '
'; echo 'The privacy policy can also be read on the ChurchMapped legal page here'; echo '
'; echo ''; #We use the text "Lorem ipsum, etc" purely for local testing purposes. In production code, we include the actual Privacy Policy here. echo '
'; echo 'Do you agree to the privacy policy? Please check the box to indicate agreement (note: in order to register on the ChurchMapped platform, you must agree with our privacy policy)'; echo ''; #Note that unlike the other inputs here, we always echo the checkbox without a check if a user has submitted information that has not passed our validation checks. This is to comply with GDPR requirements (namely, to avoid the accusation that we have opted the user in by default, which is not allowed). echo '
'; echo '
'; echo ''; echo '
'; #This ends the form for the BUSINESS user. #Here we create two arrays - one to check for whether the handle is available and the other to check if the email is available. Later on in the code we check if these arrays are empty or not. If they are not empty, this indicates that the handle or the email (whatever the case may be) has already been taken and we therefore issue an errors statement. The first array is called $checkIfChurchMappedHandleIsAvailable. The second array is called $checkIfEmailIsAvailable. $checkIfChurchMappedHandleIsAvailable = array(); $checkIfEmailIsAvailable = array(); #Here we deal with the ChurchMapped handle for the business $stmt = $conn->prepare("SELECT business_handle_on_churchmapped FROM churchma_USERS_ON_CHURCHMAPPED.business_user_details_on_churchmapped WHERE business_handle_on_churchmapped LIKE ?"); #Here we select the column handle_of_user_on_churchmapped from the table business_user_details_on_churchmapped in the database churchma_USERS_ON_CHURCHMAPPED. We use parameterised queries for extra cyber security. However, we should note here that using mysqli_num_rows works somewhat "strangely" when using prepared statements. if(isset($_POST['handleOfBusinessOnChurchMapped'])){ #We use the isset() function to ensure that we do not receive a PHP notice that the index cannot be found $valueOfChurchMappedHandleToSearch = trim("%" . $_POST['handleOfBusinessOnChurchMapped'] . "%"); #This is the actual ChurchMapped handle. } $stmt->bind_param("s", $valueOfChurchMappedHandleToSearch); #The first parameter "s" indicates that we are expecting a string, which is what handleOfBusinessOnChurchMapped is. $stmt->execute(); #This finally executes the prepared statement $stmt_result = $stmt->get_result(); #This is the first step in helping us get the number of rows. if($stmt_result->num_rows>0){ #Here we see if the number of rows is greater than 0. If it is, then this is an indication in the code down below that the handle has already been taken. while($row = $stmt_result->fetch_assoc()){ $checkIfChurchMappedHandleIsAvailable[] = $row['business_handle_on_churchmapped']; #Here, fill up the array $checkIfChurchMappedHandleIsAvailable with all the results that have been found. # We issue an errors statement in the code later down below. } } #Here we deal with the email address to check whether the primary email address has already been used. Accounts are limited to one e-mail address per type of account. $stmtToGetEmail = $conn->prepare("SELECT business_primary_email_address FROM churchma_USERS_ON_CHURCHMAPPED.business_user_details_on_churchmapped WHERE business_primary_email_address LIKE ?"); if(isset($_POST['emailOfBusiness'])){ $valueOfEmailToSearch = trim("%" . $_POST['emailOfBusiness'] . "%"); #This is the email of the business to search } $stmtToGetEmail->bind_param("s", $valueOfEmailToSearch); $stmtToGetEmail->execute(); #This finally executes the prepared statement. $stmt_result_for_email = $stmtToGetEmail->get_result(); #This is the first step in helping us get the number of rows to obtain the email. if($stmt_result_for_email->num_rows > 0){ while($row = $stmt_result_for_email->fetch_assoc()){ $checkIfEmailIsAvailable[] = $row['business_primary_email_address']; #Here we fill up the array $checkIfEmailIsAvailable with all the results that have been found # We issue an errors statement in the code later down below. } } $patternForAlphabeticalOrder = "/[a-zA-Z]+/"; #This is the pattern that we use for fields where we expect to see at least one alphabetical character. To recap, this pattern means any character between a-z and A-Z must occur at least once. $patternForSpecialCharacters = '/\W/'; #This regular expression matches all special characters, such as !, %, £ and so on. $patternForNumbers = '/[0-9]/'; #This pattern matches all numbers. $patternForChurchMappedUserName = '/ChurchMapped/i'; #We declare a pattern for the ChurchMapped username for the line of code later where we use preg_match() to check if the handle entered has the prohibited word "ChurchMapped" (this is reserved only for us). $patternForConsecutiveCharacters = '/(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz|012|123|234|345|456|567|678|789)+/'; #This pattern attempts to detect consecutive characters. We use it to prevent users from using consecutive characters for their password. $patternForExpletives = '/(fuck)|(shit)|(bitch)|(pussyhole)|(wanker)/i'; #This is a pattern for expletives. We do not allow expletives in the ChurchMapped handle. Because the list of expletives constantly grows, we need to constantly add to this list and check the database as well. The i modifier here means we are making case-insensitive regular expression matches. Be mindful, however, because it can sometimes happen that a person's name is also an expletive (e.g. Fanny) so we need to communicate to the user that if they think this is a mistake, they should contact support@churchmapped.com. $patternForProhibitedCharacters = '/([^a-zA-Z0-9_])/'; #This pattern matches all characters except lowercase alphabetical characters and uppercase alphabetical characters, numbers (0-9) and an underscore. We use this to prevent handles on ChurchMapped from containing characters outside of those we permit. echo '
'; #Here we ask the user if they have forgotten their password. If they press or click this, they are directed to forgottenpassword.html (in the local version, this is forgottenpassword.php.) We use the script to redirect the user to Forgotten Password page. This part is powered by the redirectjs script if(isset($_POST['submitRegistrationFormForBusinessUser'])){ #Here we begin the input validation in PHP. if(!isset($_POST['officialNameOfBusiness']) || empty($_POST['officialNameOfBusiness'])){ #This segment deals with whether the user has entered any information into the official name of the business area. This is done because the official name of the business is a required field. $errors[] = 'Please enter the official name of your business'; } elseif(isset($_POST['officialNameOfBusiness']) && (strlen($_POST['officialNameOfBusiness']) < 1 || strlen($_POST['officialNameOfBusiness']) > 100)){ #Here we check to see if the character limit has been breached. Note that we should still communicate to the end user in any event that they should contact support@churchmapped.com if they believe they are seeing this in error because it can sometimes happen that if a business might very well have an official name longer than 100 characters, or they might use a name which has foreign characters, which causes the limit to be approached more quickly. We have chosen 100 characters for the official business name compared to the much shorter character limit for personal names for the Personal user account registration form because businesses tend to have longer official names than personal names. $errors[] = 'The official name of your business appears to be either too short or too long. If you believe you are seeing this in error, please contact support@churchmapped.com'; } elseif(isset($_POST['officialNameOfBusiness']) && (preg_match($patternForChurchMappedUserName, $_POST['officialNameOfBusiness']))){ #Here we check to see if the business user is attempting to use the ChurchMapped name in the official name of business field. We do not permit this (obviously) because, among other reasons, the ChurchMapped name is a protected trademark. $errors[] = 'We do not permit the use of the ChurchMapped name in this field, as it is a protected trademark. Please consider another.'; } elseif(isset($_POST['tradingNameOfBusiness']) && (preg_match($patternForChurchMappedUserName, $_POST['tradingNameOfBusiness']))){ $errors[] = 'We do not permit the use of the ChurchMapped name as a trading name in this field, as it is a protected trademark. Please consider another.'; } elseif(isset($_POST['tradingNameOfBusiness']) && (strlen($_POST['tradingNameOfBusiness']) > 75)){ #Here we check to see if the trading name of the business is longer than 75 characters (the limit that we have set). If it is, we issue an error statement, but we communicate to the user that they should communicate to support@churchmapped.com. Notice how we don't check for the length being less than 1 (i.e. 0). This is because it is not a required field; checking for whether the character limit is less than 1 would have the odd effect of throwing an error even though it is not a required field. The reason the trading name has a marginally lower limit than the official name of the business is because trading names are typically shorter than the official name. $errors[] = 'The trading name of your business appears to be too long. If you believe you are seeing this in error, please contact support@churchmapped.com'; } elseif(!isset($_POST['emailOfBusiness']) || empty($_POST['emailOfBusiness'])){ #Here we check to see that the primary business e-mail field is not empty. If it is, we issue an error statement because it is a mandatory field - we need the business' email to correspond with the business. $errors[] = 'Please enter the primary e-mail address of your business.'; } elseif(isset($_POST['emailOfBusiness']) && (strlen($_POST['emailOfBusiness']) < 1 || strlen($_POST['emailOfBusiness']) > 40)){ #Here we check to see the length of the primary e-mail address of the business. If it is too short (less than 1 character) or too long (more than 40 characters), we issue an error statement. However, and as indicated in our code above, we nevertheless communicate to the user that they should contact support@churchmapped.com if they believe they are seeing this in error because it might happen that the limit has been surpassed because they are using foreign characters, or there might be some other issue. $errors[] = 'The primary e-mail address of your business appears to be either too short or too long. Please review this, or if you think this is an error, please contact support@churchmapped.com'; } elseif(isset($_POST['emailOfBusiness']) && !filter_var($_POST['emailOfBusiness'], FILTER_VALIDATE_EMAIL)){ #Here we check to see that the email submitted is in fact an e-mail. The reason for this is because even if the email address bypasses the requirements set out by prepared statements, it might nevertheless still be a bogus e-mail in the sense that the user might be attempting to use our system to (for example) spam other users. The filter_var(variable, FILTER_VALIDATE_EMAIL) helps prevent this. Nevertheless, we still communicate to the user that they should communicate to support@churchmapped.com if they believe they are seeing this in error; the reason for this is because the FILTER_VALIDATE_EMAIL filter is not perfect. $errors[] = 'This does not appear to be a valid e-mail. Please enter a valid e-mail address for your primary e-mail address. If you believe you are seeing this in error, please contact support@churchmapped.com'; } elseif(isset($_POST['emailOfBusiness']) && !empty($checkIfEmailIsAvailable)){ #Here we check to see if the e-mail address has already been used for the primary email address. Accounts are limited to only one e-mail address per type of account. $errors[] = 'This e-mail address has already been used to register for a Business account. If you have forgotten your password, please click the \'Forgotten Password\' down below' ; } elseif(isset($_POST['transactionRelatedEmailOfBusiness']) && strlen($_POST['transactionRelatedEmailOfBusiness']) > 40){ #Here we check to see if the character length of the email entered in the transaction related e-mail field is greater than 40 (the character limit we have set for this field). Note that this is an optional field, so we do not check if the characters are less than 1. We nevertheless communicate to the end user that if they think this is a mistake, they should contact support@churchmapped.com $errors[] = 'The e-mail address you entered into the transaction-related e-mail address field appears to be too long. Please revise this, or if you think you are seeing this in error, please contact support@churchmapped.com'; } elseif(isset($_POST['transactionRelatedEmailOfBusiness']) && $_POST['transactionRelatedEmailOfBusiness'] && !filter_var($_POST['transactionRelatedEmailOfBusiness'], FILTER_VALIDATE_EMAIL)){ #Here we check to see if the e-mail address entered into the transaction-related e-mail field is in fact an actual e-mail. If not, we issue an error statement. Note, however, that the PHP filter is not perfect and therefore we state to the user that if they believe they are seeing this error message in error, they should contact support@churchmapped.com. $errors[] = 'The e-mail address you entered does not appear to be a real e-mail address. Please enter a valid e-mail address or if you think you are seeing this in error, please contact support@churchmapped.com'; } elseif(!isset($_POST['passwordOfBusinessUser']) || empty($_POST['passwordOfBusinessUser'])){ #Here we check to see that the user has in fact entered a password. If not, we issue an error statement. $errors[] = 'Please enter a password. This is a requirement'; } elseif(isset($_POST['passwordOfBusinessUser']) && isset($_POST['confirmPasswordOfBusinessUser']) && strcmp($_POST['passwordOfBusinessUser'], $_POST['confirmPasswordOfBusinessUser']) != 0){ #The strcmp compares two strings. If the value is 0, then they are equal, according to w3Schools. So if it is not equal to 0, then the two strings are unequal. Note that strcmp is case-sensitive. $errors[] = 'The password you entered into the password field is not the same as the password entered into the Confirm Password field. Please check and revise to ensure they are the same'; } elseif(isset($_POST['passwordOfBusinessUser']) && (strlen($_POST['passwordOfBusinessUser'])) < 6 || strlen($_POST['passwordOfBusinessUser']) > 15 ){ #Here we check to ensure that the password length is a minimum of 6 characters and a maximum of 15 characters. $errors[] = 'The password you entered is either too short or too long. Passwords must be between 6 and 15 characters (all inclusive)'; } elseif(isset($_POST['passwordOfBusinessUser']) && (preg_match($patternForAlphabeticalOrder, $_POST['passwordOfBusinessUser']) == 0 || !preg_match($patternForAlphabeticalOrder, $_POST['passwordOfBusinessUser']) )){ #Here we check to see if the password features at least one alphabetical character $errors[] = 'Your password does not contain an alphabetical letter. Please use at least one alphabetical character as your password'; } elseif(isset($_POST['passwordOfBusinessUser']) && (preg_match($patternForSpecialCharacters, $_POST['passwordOfBusinessUser']) == 0 || !preg_match($patternForSpecialCharacters,$_POST['passwordOfBusinessUser']))){ #Here we check to see that the password contains at least one special character $errors[] = 'Your password does not contain any special characters. Please include a special character(s) in your password. Examples of special characters include ! ; £ and so on'; } elseif(isset($_POST['passwordOfBusinessUser']) && (preg_match($patternForConsecutiveCharacters, $_POST['passwordOfBusinessUser']) == 1)){ #Here we check to see that the password does not contain consecutive characters. We have this requirement for cybersecurity purposes and to prevent users from using simple passwords like abc123, and so on. How this works is that if this *does* detect consecutive characters, it we issue an error statement. $errors[] = 'Your password contains consecutive characters. We take cybersecurity at ChurchMapped seriously and therefore cannot allow a password with consecutive characters. Please revise'; } elseif(isset($_POST['passwordOfBusinessUser']) && (preg_match($patternForNumbers, $_POST['passwordOfBusinessUser']) == 0 || !preg_match($patternForNumbers, $_POST['passwordOfBusinessUser']))){ $errors[] = 'Your password does not contain any numbers. Please include at least one number in your password'; } #This begins the segment for the confirmPasswordOfBusinessUser field elseif(!isset($_POST['confirmPasswordOfBusinessUser'])){ #Here we deal with the situation where the user has not entered any information into the Confirm Password field. $errors[] = 'You must enter a value in the Confirm Password field. This is a required field'; } #Because we have already added an elseif(){} statement above to check for whether the password is identical to the information entered into the confirm password field, there is no need to repeat it here for the Confirm Password field because if A = B then B = A. elseif(isset($_POST['confirmPasswordOfBusinessUser']) && (strlen($_POST['confirmPasswordOfBusinessUser']) < 6 || strlen($_POST['confirmPasswordOfBusinessUser']) > 15)){ #Here we check that the confirm password length is a minimum of 6 characters and a maximum of 15 characters. $errors[] = 'To confirm your password, it must be a minimum of 6 characters and a maximum of 15 characters. Please revise'; } elseif(isset($_POST['confirmPasswordOfBusinessUser']) && (preg_match($patternForAlphabeticalOrder, $_POST['confirmPasswordOfBusinessUser']) == 0 || !preg_match($patternForAlphabeticalOrder, $_POST['confirmPasswordOfBusinessUser']) )){ #Here we check to see if the confirm password field features at least one alphabetical character $errors[] = 'The information entered in the Confirm Password area does not contain an alphabetical letter. Please use at least one alphabetical character as your password'; } elseif(isset($_POST['confirmPasswordOfBusinessUser']) && (preg_match($patternForSpecialCharacters, $_POST['confirmPasswordOfBusinessUser']) == 0 || !preg_match($patternForSpecialCharacters, $_POST['confirmPasswordOfBusinessUser']))){ #Here we check to see if he confirm password field contains at least one special character $errors[] = 'The Confirm Password field must contain at least one special character. Please include a special character(s) in the Confirm Password field. Examples of special characters include ! ; £ and so on'; } elseif(isset($_POST['confirmPasswordOfBusinessUser']) && preg_match($patternForConsecutiveCharacters, $_POST['confirmPasswordOfBusinessUser'])){ $errors[] = 'The Confirm Password field contains consecutive characters. We take cybersecurity at ChurchMapped seriously and therefore cannot allow a password with consecutive characters. Please revise'; } elseif(isset($_POST['confirmPasswordOfBusinessUser']) && (preg_match($patternForNumbers, $_POST['confirmPasswordOfBusinessUser']) == 0 || !preg_match($patternForNumbers, $_POST['confirmPasswordOfBusinessUser']))){ $errors[] = 'The Confirm Password field does not contain any numbers. Please revise the Confirm Password area by including at least one number'; } #This begins the segment for the handle of the business on the ChurchMapped platform. elseif(!isset($_POST['handleOfBusinessOnChurchMapped'])){ #Here we check to see that the user has entered information into the ChurchMapped user handle field. $errors[] = 'You must enter a handle for your profile on ChurchMapped'; } elseif(isset($_POST['handleOfBusinessOnChurchMapped']) && (strlen($_POST['handleOfBusinessOnChurchMapped']) < 1 || strlen($_POST['handleOfBusinessOnChurchMapped']) > 20)){ $errors[] = 'Your handle is either too short or too long. Handles must be a minimum of 1 character and a maximum of 20 characters. Note that this restriction does not include the \'@\' character'; } elseif($_POST['handleOfBusinessOnChurchMapped'] == "ChurchMapped" || $_POST['handleOfBusinessOnChurchMapped'] == "Admin" || $_POST['handleOfBusinessOnChurchMapped'] === "NULL" || preg_match($patternForChurchMappedUserName, $_POST['handleOfBusinessOnChurchMapped'])){ #These are banned words that are not allowed on the platform. Note that we use three equal signs with regards to checking for the value "NULL" because we want to communicate to PHP that we are checking *precisely* for the string called NULL. Please look into the difference between two equals signs and three as far as PHP is concerned. $errors[] = 'This is not a permitted handle. Please use another'; } elseif(preg_match($patternForExpletives, $_POST['handleOfBusinessOnChurchMapped'])){ #Here we check for expletives in the ChurchMapped handle. If it contains, or seems to contain a swear word, we issue a statement notifying the user that we do not permit expletives in their handle. However, we have to be mindful of the fact that sometimes foreign names might be swear words in English; to that end, we communicate to the user to contact support@churchmapped.com so that we can look into this manually. $errors[] = 'Please revise your handle. We do not permit expletives in our handles. If you think this is a mistake, please contact support@churchmapped.com and we will look into this for you'; } elseif(preg_match($patternForProhibitedCharacters, $_POST['handleOfBusinessOnChurchMapped'])){ #Here we check to see if the handle contains prohibited characters. We do this by using the pattern ([^a-zA-Z_]) which matches all characters except lowercase and uppercase alphabetical characters and the underscore. If this preg_match returns true, then we know the handle contains a prohibited character and so we issue an error statement. It should be reiterated this regex matches only unicode-complaint characters, which is what we want. $errors[] = 'This is not a permitted handle. Handles may only contain characters from the alphabet (A-Z and a-z), numbers and an underscore. Please revise your handle'; } elseif(!empty($checkIfChurchMappedHandleIsAvailable)){ $errors[] = 'Sadly, it seems that this handle has already been taken. Please consider another.'; } # This segment deals with validating the primary sector that the business operates in. Note that this is a mandatory field. elseif(!isset($_POST['primarySectorOfBusiness']) || empty($_POST['primarySectorOfBusiness'])){ #Here we check to see if the primary sector that the business operates in has been filled in or not. If it has not, we issue an error statement because this is a mandatory field. $errors[] = 'Please fill the primary sector that the business operates in.'; } elseif(isset($_POST['primarySectorOfBusiness']) && ($_POST['primarySectorOfBusiness'] < 1 || $_POST['primarySectorOfBusiness'] > $maximumNumberOfVariousSectorsOfBusiness)){ #Here we check to see if we have received spurious information. The primary sector of the business should actually be a number, as this is how it is stored in the database as. The $maximumNumberOfVariousSectorsOfBusiness variable contains the number of sectors we have within the database. It does this by using the mysqli_num_rows() method. If the value submitted is greater than $maximumNumberOfVariousSectorsOfBusiness, this is an indication that perhaps the user is attempting to corrupt the database. echo $_POST['primarySectorOfBusiness']; echo '
'; echo $maximumNumberOfVariousSectorsOfBusiness; $errors[] = 'We do not seem to understand this value for the primary sector of the business. If you believe this is an error, please contact us on support@churchmapped.com.'; } elseif(isset($_POST['primarySectorOfBusiness']) && !is_numeric($_POST['primarySectorOfBusiness'])){ #Here we check to see if the primary sector is a number. We use the is_numeric() method rather than the is_int() method because the is_int() method throws false if there are spaces within the number, making it a string rather than an integer. is_numeric(), although more liberal, is more suitable for our purposes. $errors[] = 'This is not a value we\'re expecting for the primary sector of the business. Please resubmit this form. If you believe you are seeing this in error, please contact us on support@churchmapped.com.'; } # This segment deals with the secondary sector the business operates in. Note that unlike the primary sector, this is an optional field. Therefore, we do not have to perform the validation checks to see if information for the field has been submitted. elseif($_POST['secondarySectorOfBusiness'] && ($_POST['secondarySectorOfBusiness'] < 1 || $_POST['secondarySectorOfBusiness'] > $maximumNumberOfVariousSectorsOfBusiness)){ #Here we check to ensure that the value submitted for $_POST['secondarySectorOfBusiness'] is not spurious - i.e. it can't be less than 1 or greater than the actual number of sectors we have on our database. If this is the case, we issue an error statement but nevertheless inform the user they may contact us on support@churchmapped.com if they believe they are seeing this in error. $error[] = 'We do not seem to understand this value for the secondary sector of the business. If you believe this is an error, please contact us on support@churchmapped.com.'; } elseif(isset($_POST['secondarySectorOfBusiness']) && !is_numeric($_POST['secondarySectorOfBusiness'])){#We use this segment to see if the value is an integer. Like for the primary sector of business segment, we use the is_numeric() method rather than is_int() method because the is_int() method throws false if there are spaces within the number, making it a string rather than an integer. is_numeric(), although more liberal, is more suitable for our purposes. $errors[] = 'This is not a value we\'re expecting for the secondary sector of the business. Please re-evaluate what you have entered and resubmit this form. If you believe you are seeing this in error, please contact us on support@churchmapped.com.'; } #This begins the segment for the input validation of address line 1 of the headquarters. Note that this is a required field for legal reasons. elseif(!isset($_POST['addressLineOneOfHeadquartersForBusiness']) || empty($_POST['addressLineOneOfHeadquartersForBusiness'])){ #Here we check to see whether or not the first line of address has been filled in. Note that this is a required field for legal reasons. $errors[] = 'You have not entered the first line of your address for the headquarters of your business. This is a required field.'; } elseif(isset($_POST['addressLineOneOfHeadquartersForBusiness']) && (strlen($_POST['addressLineOneOfHeadquartersForBusiness']) < 1 || strlen($_POST['addressLineOneOfHeadquartersForBusiness']) > 50)){ #Here we check to see that the first line of address conforms to our character limits. The maximum character limit we have set for the first line of address for the headquarters of a business is 50 characters. Note that because foreign characters can take more than 1 byte, we nevertheless still communicate to the user that if they believe they are seeing this in error, they should still communicate with us at support@churchmapped.com $errors[] = 'The first line of address for the headquarters of your business you entered appears to be too short or too long. The first line of address of the headquarters of your business must be more than 0 characters and less than or equal to 50 characters. Please re-evaluate what you have entered and resubmit this form. If you believe you are seeing this in error, please contact us on support@churchmapped.com.'; } #This segment begins the input validation for the second line of address for the headquarters of the business. Note that this is an *optional* field. elseif(isset($_POST['addressLineTwoOfHeadquartersForBusiness']) && (strlen($_POST['addressLineTwoOfHeadquartersForBusiness']) > 50)){ #This checks for whether the second line of address for the headquarters of the business is more than 50 characters (the character limit we have set). Note that we should communicate to the user that they should contact us if they believe they are seeing this in error because it can happen that the character limit is surpassed because of the use of foreign characters. $errors[] = 'The second line of address for the headquarters of your business appears to be too long. Please review this, or if you believe you are seeing this in error, please contact us on support@churchmapped.com.'; } #This segment begins the input validation for the third line of address for the headquarters of the business. Note that this is an optional field. elseif(isset($_POST['addressLineThreeOfHeadquartersForBusiness']) && strlen($_POST['addressLineThreeOfHeadquartersForBusiness'] > 50)){ #This checks for whether the third line of address for the headquarters of the business is more than 50 characters (the character limit we have set). If it is, we communicate to the user that they should contact us if they believe they are seeing this in error because it can happen that the character limit is surpassed because of the use of foreign characters. $errors[] = 'The third line of address for the headquarters of your business appears to be too long. Please review this, or if you believe you are seeing this in error, please contact us on support@churchmapped.com.'; } #This segment begins the input validation for the postcode of the headquarters of the business. Note that this is an optional field because we account for the fact that many places in the Republic of Ireland do not have postcodes. Note that the maximum character limit for postcodes is set at 20 characters by us. Nevertheless, as usual, we communicate to the user that they should get in touch with us if they believe they are seeing this in error because it is possible the use of foreign characters can make information entered surpass the character limit. elseif(isset($_POST['postcodeOfHeadquartersForBusiness']) && (strlen($_POST['postcodeOfHeadquartersForBusiness'] > 20))){ $errors[] = 'The postcode you entered for the headquarters of your business appears to be too long. Please review this, or if you believe you are seeing this in error, please contact us on support@churchmapped.com.'; } #This segment begins the input validation for the country that the headquarters is in. Note that this is a *required* field. Also note that we actually expect an integer for this field. As with other validation checks described above like this, we use the is_numeric() method rather than is_int() method because is_int() is slightly too restrictive in that if there is a space between the number like " 3 ", it will throw false. Also remember to check for whether the value submitted is greater than the number of rows returned for countries in the database. If it is, this is an indication something is wrong. elseif(!isset($_POST['countryOfHeadquartersForBusiness']) || empty($_POST['countryOfHeadquartersForBusiness'])){ $errors[] = 'The country of headquarters for your business has not been filled in. Please enter a value for this field before continuing.'; } elseif(isset($_POST['countryOfHeadquartersForBusiness']) && !is_numeric($_POST['countryOfHeadquartersForBusiness'])){ #Here we check to see whether the country of the headquarters of the business is an integer or not. We expect it to be an integer as this is the value it is stored in the database. $errors[] = 'This is not the kind of value we are expecting for the country in which your headquarters is based. Please review your form and submit this form again.'; } elseif(isset($_POST['countryOfHeadquartersForBusiness']) && ($_POST['countryOfHeadquartersForBusiness'] < 1 || $_POST['countryOfHeadquartersForBusiness'] > $maximumNumberOfCountries)){ #This checks for whether the value entered for the country where the headquarters of the business is based is less than 1 or greater than the number of countries we actually have in our database (determined by checking if the value for $_POST['countryOfHeadquartersForBusiness'] is greater than the $maximumNumberOfCountries. $errors[] = 'We do not seem to understand this value for the country that your headquarters is in. Please revise your submission, or if you believe you are seeing this in error, please contact us on support@churchmapped.com.'; } #This segment deals with input validation for the continent the headquarters of the business is in. Remember, this is a mandatory field. The validation checks for the continent that the headquarters of the business is in is virtually identical to that of the validation checks for the country of the headquarters of the business. elseif(!isset($_POST['continentOfHeadquarters']) || empty($_POST['continentOfHeadquarters'])){ #Here we check to see that the business user has entered information for the continent that the headquarters of their business is in. $errors[] = 'Please enter the continent that the headquarters of your business is based in.'; } elseif(isset($_POST['continentOfHeadquarters']) && !is_numeric($_POST['continentOfHeadquarters'])){ #This segment checks to see whether the value of continent of the headquarters of the business is a number (which is the value we want because we store it as numbers in our database). As before, we use the is_numeric() method because it is less stricter and more suitable for our purposes than the is_int() method. $errors[] = 'This is not the kind of value we are expecting for the continent in which your headquarters is based.'; } elseif(isset($_POST['continentOfHeadquarters']) && ($_POST['continentOfHeadquarters']) < 1 || $_POST['continentOfHeadquarters'] > $maximumNumberOfContinents){ #Here we check to see that the information for the continent of the headquarters is not a spurious value; that is, it is not less than 1 or greater than the number of continents we actually have in the database. $errors[] = 'This value for the continent that the headquarters is based in does not correspond to a value we have. Please review your form and re-submit.'; } #This segment begins the input validation for the day of formation. Note that this is a required field. elseif(!isset($_POST['dayOfFormationOfBusiness']) || empty($_POST['dayOfFormationOfBusiness'])){ #This checks for whether the day of formation for the business has been filled in. $errors[] = 'Please fill in the day that the business was formed.'; } elseif(isset($_POST['dayOfFormationOfBusiness']) && ($_POST['dayOfFormationOfBusiness'] < 1 || $_POST['dayOfFormationOfBusiness'] > 31)){ #Here we check to see if the value for the day that the business was formed is valid. Valid days in a month are from 1 through to 31. $errors[] = 'Please ensure you enter a valid day. Values for valid days run from 1 through to 31.'; } elseif(isset($_POST['dayOfFormationOfBusiness']) && !is_numeric($_POST['dayOfFormationOfBusiness'])){ #Here we check to see that the value entered for the day of formation of the business is in fact a number. Like other validation checks above, we use the is_numeric() method rather than the is_int() method as the latter is too strict for our purposes. However, one weakness of the is_numeric method is that it accepts decimal values, which is spurious in the context of day of the month. Thankfully, this issue is fixed with our prepared statements down below, which will simply not insert the decimal value into the database. And in any event, we could go over the form ourselves and if we see the dubious value we can just decide not to approve the business. $errors[] = 'Please enter a valid number for the day of the formation of the business.'; } #This segment begins the input validation for the month of formation. Note that this is a required field. elseif(!isset($_POST['monthOfFormationOfBusiness']) || empty($_POST['monthOfFormationOfBusiness'])){ #This checks for whether the month of formation for the business has been filled in. $errors[] = 'Please fill in the month that the business was formed'; } elseif(isset($_POST['monthOfFormationOfBusiness']) && ($_POST['monthOfFormationOfBusiness'] < 1 || $_POST['monthOfFormationOfBusiness'] > 12)){ #Here we check to see if the value for the month that the business was formed is valid. Valid months in a year range from 1 through to 12. $errors[] = 'Please enter a valid number for the month that the business was formed. Valid months run from January (1) through to December (12).'; } elseif(isset($_POST['monthOfFormationOfBusiness']) && !is_numeric($_POST['monthOfFormationOfBusiness'])){ #This segment deals with whether the value of the month of formation is a numeric value. $errors[] = 'Please enter a numerical value for the month the business was formed in.'; } #This segment begins the input validation for the year of formation. Note that this is a required field. elseif(!isset($_POST['yearOfFormationOfBusiness']) || empty($_POST['yearOfFormationOfBusiness'])){ #This segment checks for whether any information has been entered for the year the business was formed. $errors[] = 'Please fill in the year the business was formed.'; } elseif(isset($_POST['yearOfFormationOfBusiness']) && ( $_POST['yearOfFormationOfBusiness'] < 705 || $_POST['yearOfFormationOfBusiness'] > $maximumYearOfFormation)){ #This segment checks for whether the year of formation exceeds the maximum year of formation, which is the current year (i.e. we do not accept years in the future. We have also set the lowest value to 705 because this is the minimum value we have set. The reason why we have set this is because this is the year the oldest company was formed according to public records. Therefore, to see a value lower than 705 indicates this is spurious. Nevertheless, as would be the case in situations like this, we inform the user that they should contact support@churchmapped.com if they believe they are seeing this in error. $errors[] = 'This seems like a strange value to us. Either the year is in the future, in which case it should be noted that we do not accept applications from businesses that are due to begin; or the year the business was formed is older than oldest business in the world according to public records. If you believe you are seeing this in error, please contact support@churchmapped.com for assistance.'; } elseif(isset($_POST['yearOfFormationOfBusiness']) && !is_numeric($_POST['yearOfFormationOfBusiness'])){ #This segment checks to see that the value for the year the business was formed is a numerical value. $errors[] = 'Please enter a numerical value for the year the business was formed.'; } #This segment checks for whether the date is in fact a valid date (i.e. it checks for things like "31st February 2021" which is a non-existent date). elseif(!checkdate(intval($_POST['monthOfFormationOfBusiness']), intval($_POST['dayOfFormationOfBusiness']), intval($_POST['yearOfFormationOfBusiness']))){ $errors[] = 'We don\'t understand this date. Please check your submission, or if you believe you are seeing this in error, please contact support@churchmapped.com.'; } #This segment checks for whether the date provided is a future date. We do not accept businesses that are to be formed in the future. We do this by using the strtotime() method and seeing if strtotime(date("Y-m-d")) > strtotime($_POST['yearOfFormationOfBusiness'] . "-" . $_POST['monthOfFormationOfBusiness'] . "-" . $_POST['dayOfFormationOfBusiness']) elseif((isset($_POST['dayOfFormationOfBusiness']) && isset($_POST['monthOfFormationOfBusiness']) && isset($_POST['yearOfFormationOfBusiness'])) && (strtotime(date("Y-m-d")) < strtotime($_POST['yearOfFormationOfBusiness'] . "-" . $_POST['monthOfFormationOfBusiness'] . "-" . $_POST['dayOfFormationOfBusiness']))){ #We include day, month and year of the formation of the business in the isset() function to ensure that we don $errors[] = 'We do not accept businesses that are due to start in the future. Please register once the business has been formed.'; } #This segment begins the input validation for the trading address line 1. Note that this is an optional field. The maximum character limit for trading address line 1 is 50. We still communicate to the user that they should contact support@churchmapped.com because it can happen that if they use foreign characters, they can surpass this limit even though they are still in some respects within the character limit of 50. elseif(isset($_POST['tradingAddressLineOneForBusiness']) && strlen($_POST['tradingAddressLineOneForBusiness']) > 50){ $errors[] = 'It seems you have entered information for the first line of your trading address that is longer than 50 characters. Please review your form, or if you think you are seeing this message in error, please contact support@churchmapped.com.'; } #This segment begins the input validation for the trading address line 2. Note that this is an optional field. The maximum character limit for trading address line 2 is 50. We still communicate to the user that they should contact support@churchmapped.com because it can happen that if they use foreign characters, they can surpass this limit even though they are still in some respects within the character limit of 50. elseif(isset($_POST['tradingAddressLineTwoForBusiness']) && strlen($_POST['tradingAddressLineTwoForBusiness']) > 50){ $errors[] = 'It seems you have entered information for the second line of your trading address that is longer than 50 characters. Please review your form, or if you think you are seeing this message in error, please contact support@churchmapped.com.'; } #This segment begins the input validation for the trading address line 3. Note that this is an optional field. The maximum character limit for trading address line 3 is 50. elseif(isset($_POST['tradingAddressLineThreeForBusiness']) && strlen($_POST['tradingAddressLineThreeForBusiness']) > 50){ $errors[] = 'It seems you have entered information for the third line of your trading address that is longer than 50 characters. Please review your form, or if you think you are seeing this message in error, please contact support@churchmapped.com.'; } #This segment begins the input validation for the postcode. Note that this is an optional field. Note that this is an optional field. The maximum character limit for the postcode is different from that of all the previous trading addresses - it has a maximum character limit of 20. elseif(isset($_POST['postcodeOfTradingAddressOfBusiness']) && strlen($_POST['postcodeOfTradingAddressOfBusiness']) > 20){ $errors[] = 'The information you entered is greater than that we permit for this field, which is 20 characters. If this is in fact your postcode, please contact support@churchmapped.com.'; } #This segment begins the input validation for the country that the trading address of the business is in. Note that this is an *optional* field. Also note that we actually expect an integer for this field. As with other validation checks described above like this, we use the is_numeric() method rather than is_int() method because is_int() is slightly too restrictive in that if there is a space between the number like " 3 ", it will throw false. Also remember to check for whether the value submitted is greater than the number of rows returned for countries in the database. If it is, this is an indication something is wrong. Note that unlike the country that the headquarters of the business is in, this input validation for the trading address of the business does not check for whether the field has been sent because it is an optional field. elseif(isset($_POST['countryOfTradingAddress']) && !is_numeric($_POST['countryOfTradingAddress'])){ #Here we check to see whether the country of the trading of the business is an integer or not. We expect it to be an integer as this is the value it is stored in the database. $errors[] = 'This is not the kind of value we are expecting for the country in which your trading address is based. Please review your form and submit this form again.'; } elseif(isset($_POST['countryOfTradingAddress']) && ($_POST['countryOfTradingAddress'] < 1 || $_POST['countryOfTradingAddress'] > $maximumNumberOfCountries)){ #This checks for whether the value entered for the country where the trading address of the business is based is less than 1 or greater than the number of countries we actually have in our database (determined by checking if the value for $_POST['countryOfTradingAddress'] is greater than the $maximumNumberOfCountries. $errors[] = 'We do not seem to understand this value for the country that your trading address is in. Please revise your submission, or if you believe you are seeing this in error, please contact us on support@churchmapped.com.'; } #This segment begins the input validation for the continent of the trading address that the business is in. elseif(isset($_POST['continentOfTradingAddress']) && !is_numeric($_POST['continentOfTradingAddress'])){ #This segment checks to see whether the value of continent of the headquarters of the business is a number (which is the value we want because we store it as numbers in our database). As before, we use the is_numeric() method because it is less stricter and more suitable for our purposes than the is_int() method. $errors[] = 'This is not the kind of value we are expecting for the continent in which your trading address is based.'; } elseif(isset($_POST['continentOfTradingAddress']) && ($_POST['continentOfTradingAddress']) < 1 || $_POST['continentOfTradingAddress'] > $maximumNumberOfContinents){ #Here we check to see that the information for the continent of the headquarters is not a spurious value; that is, it is not less than 1 or greater than the number of continents we actually have in the database. $errors[] = 'This value for the continent that the trading is based in does not correspond to a value we have. Please review your form and re-submit.'; } elseif(isset($_POST['continentOfTradingAddress']) && ($_POST['continentOfTradingAddress']) < 1 || $_POST['continentOfTradingAddress'] > $maximumNumberOfContinents){ #Here we check to see that the information for the continent of the trading address is not a spurious value; that is, it is not less than 1 or greater than the number of continents we actually have in the database. $errors[] = 'This value for the continent of the trading address is based in does not correspond to a value we have. Please review your form and re-submit.'; } #This segment begins the input validation for the name(s) of the director(s) of the business. Note that this is a required field. elseif(!isset($_POST['nameOfDirectorsOfBusiness']) || empty($_POST['nameOfDirectorsOfBusiness'])){ #Here we check to see that the user has entered information for the name of the directors of the business. We also display information for those who are registering as self-employed. $errors[] = 'Please enter the name(s) of the director(s) or owner(s) of the business. If you are self-employed and registering as a sole trader, it is acceptable to also use your own real name.'; } elseif((isset($_POST['nameOfDirectorsOfBusiness'])) && strlen($_POST['nameOfDirectorsOfBusiness']) > 100){ #Here we check to ensure that the name(s) for the director(s) of the business are less than 100 characters. If not, we issue an error statement. $errors[] = 'We expect information entered into the field for the name(s) of the director(s) or owner(s) of the business to be within 100 characters (all inclusive). If you believe you are seeing this in error, or the owner(s) of the business have names longer than 100 characters, please contact us at support@churchmapped.com.'; } #This segment deals with whether the business is VAT-registered. This is a required field. elseif(!isset($_POST['isBusinessVATRegistered']) || empty($_POST['isBusinessVATRegistered'])){ #Here we check to see that the business has entered information relating to their VAT status. If not, we issue an error statement. $errors[] = 'Please enter information relating to the VAT status of your business.'; } elseif(isset($_POST['isBusinessVATRegistered']) && ($_POST['isBusinessVATRegistered'] != "1" || $_POST['isBusinessVATRegistered']) != "2"){ #Here we check for spurious values. We only accept values of 1 and 2. If the value is something else, then it is possible the user is trying to submit strange information. $errors[] = 'We do not understand this value relating to the VAT-status of your business. Please review your form and submit this again.'; } #This segment deals with the telephone number of the business. Note that this is (surprisingly) an optional field. The only check we have to do here is to deal with size. Note that we have set a maximum character limit for the telephone number of the business as 20. If for some bizarre reason the number is in fact longer than 20 characters, we communicate to the user they should contact us at support@churchmapped.com for us to look into it. An intelligent person reading this might ask: surely we should check if the number is an integer? Well, no. This is because users might very well enter valid information into this field which are not numbers, such as + for dialling code or - which is used in some numbers. elseif(isset($_POST['telephoneNumberForBusiness']) && strlen($_POST['telephoneNumberForBusiness']) > 20){ $errors[] = 'The maximum number of characters we allow for the telephone number of the business is 20. If your number is in fact longer than this, please contact us at support@churchmapped.com.'; } #This segment deals with the mobile phone number of the business. Note that this is an optional field. Like the telephone numner of the business, the maximum character limit is 20. If for some bizarre reason the number is in fact longer than 20 characters, we communicate to the user they should contact us at support@churchmapped.com for us to look into it. An intelligent person reading this might ask: surely we should check if the number is an integer? Well, no. This is because users might very well enter valid information into this field which are not numbers, such as + for dialling code or - which is used in some numbers. elseif(isset($_POST['mobilePhoneNumberForBusiness']) && strlen($_POST['mobilePhoneNumberForBusiness']) > 20){ $errors[] = 'The maximum number of characters we allow for the field of the mobile phone number of the business is 20. If your number is in fact longer than this, please contact us at support@churchmapped.com.'; } #This segment deals with the website of the business. As pointed out above, we do not use PHP's built-in website validator because of a number of technical issues. Instead, all we check for here is that the length of the website is less than or equal to 100. However, we communicate to the user that if their website is in fact longer than 100 characters then they should contact us at support@churchmapped.com. Note that we have to take great care when reviewing applications with the website of the business and/or using code to manipulate the address because the website could point to a dangerous malicious website. elseif(isset($_POST['websiteForBusiness']) && strlen($_POST['websiteForBusiness']) > 100){ $errors[] = 'The maximum number of characters we allow for the field of the website is 100. If your website is in fact longer than this, please contact us at support@churchmapped.com.'; } #This segment deals with the reported revenue of the business. This is an optional field. There are some things that we have to check. The first is that the value is numeric. The second is that it is greater than or equal to 0. The third is that the reported revenue is less than or equal to the maximum number we have set, which is 922337203685477500. elseif(isset($_POST['revenueOfBusinessForPreviousYear']) && !is_numeric($_POST['revenueOfBusinessForPreviousYear'])){ #Here we check that the revenue of the business is in fact a numerical value. Note that when it comes to using prepared statements, we will use the intval() function to round the value to the nearest integer. $errors[] = 'This is not a number. Please provide a numeric value for the reported revenue of the business.'; } elseif(isset($_POST['revenueOfBusinessForPreviousYear']) && ($_POST['revenueOfBusinessForPreviousYear'] < 0 || $_POST['revenueOfBusinessForPreviousYear'] > 922337203685477500)){ #This segment checks for whether the revenue of the business is a spurious value - i.e. it is less than 0 or greater than the number we have set, which is 922337203685477500. $errors[] = 'This is not a value we accept for the reported revenue of the business. Reported revenues must not be less than 0 or greater than 922337203685477500. If you believe you are seeing this in error, please contact support@churchmapped.com.'; } #This segment deals with the reported profit of the business. Like reported revenue of the business, this is an optional field. Furthermore, like reported revenue, there are some things we have to check. The first is that the value is numeric. The second is that it is greater than or equal to 0. The third is that the reported profit is less than or equal to the maximum number we have set, which is elseif(isset($_POST['profitOfBusinessForPreviousYear']) && ($_POST['profitOfBusinessForPreviousYear'] < 0 || $_POST['profitOfBusinessForPreviousYear'] > 922337203685477500)){ #This segment checks for whether the profit of the business is a spurious value - i.e. it is less than 0 or greater than the number we have set, which is 922337203685477500. $errors[] = 'This is not a value we accept for the reported profit of the business. Reported profits must not be less than 0 or greater than 922337203685477500. If you believe you are seeing this in error, please contact support@churchmapped.com.'; } #This segment deals with the number of employees of the business. This is a required field. There are some things we check for - firstly that information has been entered for the field number of employees in the business. Secondly, that the number of employees reported in the business is greater than 0 (because we count director(s) and owner(s) of the business as employees too) and less than 6 million (because reported figures for employee size at the largest organisations in the world is around 2 million so a value above 6 million is spurious. Thirdly, that the value is numeric - note that we will use intval() later in our prepared statement down below. elseif(!isset($_POST['numberOfEmployeesAtBusiness']) || empty($_POST['numberOfEmployeesAtBusiness'])){ $errors[] = 'Please fill in the number of employees in your business (including yourself and/or any director(s)/owner(s) of the business.'; } elseif(isset($_POST['numberOfEmployeesAtBusiness']) && !is_numeric($_POST['numberOfEmployeesAtBusiness'])){ #This checks for whether the number of employees in the business is a numeric value. $errors[] = 'Please enter a numeric value for the number of employees in your business.'; } elseif(isset($_POST['numberOfEmployeesAtBusiness']) && ($_POST['numberOfEmployeesAtBusiness'] < 1 || $_POST['numberOfEmployeesAtBusiness'] > 6000000)){ #Here we check to ensure that the number of employees reported by the business $errors[] = 'Please enter a valid value for the number of employees in your business.'; } #This segment deals with the short description of the business. This is an optional field. We only need to perform one input validation check on it, namely, that the short description is within the character limit of 250 characters. However, and as with cases like this, we need to communicate to the user that they should get in touch with us. elseif(isset($_POST['shortDescriptionOfBusiness']) && strlen($_POST['shortDescriptionOfBusiness']) > 250){ $errors[] = 'The short description you have provided seems to be longer than 250 characters, which is the maximum character limit we have set for this field. If you believe you are seeing this in error, please contact us at support@churchmapped.com.'; } #This segment deals with the longer description. This is also an optional field. We only need to perform one input validation check on it, namely, that the long description is within the character limit we have set of 4000 characters. However, and as with cases like this, we need to communicate to the user that they should get in touch with us if they believe they are seeing this message in error. elseif(isset($_POST['longDescriptionOfBusiness']) && strlen($_POST['longDescriptionOfBusiness']) > 4000){ $errors[] = 'The long description you have provided seems to be longer than 4000 characters, which is the maximum character limit we have set for this field. If you believe you are seeing this in error, please contact us at support@churchmapped.com.'; } #This segment deals with the Terms & Conditions. This is a required field. There are two things we need to check. The first is that the user has in fact ticked the box. The second is that it is a numeric value. elseif(!isset($_POST['termsAndConditionsVersionForBusinessUser']) || empty($_POST['termsAndConditionsVersionForBusinessUser'])){ #This segment checks to ensure that the terms and conditions box has been filled in. If not, we issue an $errors statement. $errors[] = 'Please indicate whether you agree with the Terms and Conditions. This is a requirement.'; } elseif(isset($_POST['termsAndConditionsVersionForBusinessUser']) && !is_numeric($_POST['termsAndConditionsVersionForBusinessUser'])){ #Here we check to see that the value for the terms and conditions is in fact a number (as we have set, and as it is in the database). $errors[] = 'We do not understand this value for the Terms & Conditions. Please review the form you submitted and try again.'; } #This segment deals with the Privacy Policy. This is a required field. Like the Terms & Conditions, there are two things we need to check. The first is that the user has in fact ticked the box. The second is that it is a numeric value. If not, we issue an $errors statement. elseif(!isset($_POST['privacyPolicyVersionForBusinessUser']) || empty($_POST['privacyPolicyVersionForBusinessUser'])){ #This checks for whether the user ticked the box regarding their privacy policy. $errors[] = 'Please indicate whether you agree with the Privacy Policy. This is a requirement.'; } elseif(isset($_POST['privacyPolicyVersionForBusinessUser']) && !is_numeric($_POST['privacyPolicyVersionForBusinessUser'])){ #Here we check to see that the value for the privacy policy is in fact a number (as we have set, and as it is in the database. $errors[] = 'We do not understand this value for the Privacy Policy. Please review the form you submitted and try again.'; } # These are the columns that we need to enter data into (together with the type we need to store it in for the purposes of prepared statements): # 1 # is_business_user_banned (i) # 2 # business_official_name (s) # 3 # business_trading_name (s) # 4 # business_handle_on_churchmapped (s) # 5 # password_of_business_user (s) - don't forget to hash the password with the password hash! # 6 # business_primary_sector (i) - we deliberately set this to an integer to prevent tampering # 7 # business_secondary_sector (i) - we deliberately set this to an integer to prevent tampering # 8 # business_headquarters_address_line_one (s) # 9 # business_headquarters_address_line_two (s) # 10 # business_headquarters_address_line_three (s) # 11 # business_headquarters_postcode (s) # 12 # business_headquarters_country_where_it_is_based (i) - we deliberately set this to an integer to prevent tampering # 13 # business_headquarters_continent (i) - we deliberately set this to an integer to prevent tampering # 14 # business_email_address_where_transactions_are_sent_to (s) - Make sure we validate that it is in fact a real email so as to prevent the ChurchMapped system from being used for spam # 15 # business_primary_email_address (s) - Make sure we validate that it is in fact a real email so as to prevent the ChurchMapped system from being used for spam # 16 # business_year_of_formation (s) # 17 # business_trading_address_line_one (s) # 18 # business_trading_address_line_two (s) # 19 # business_trading_address_line_three (s) # 20 # business_trading_postcode (s) # 21 # business_trading_country_address (i) - we deliberately set this to an integer to prevent tampering # 22 # business_trading_continent_address (i) - we deliberately set this to an integer to prevent tampering # 23 # name_of_director_of_business (s) # 24 # is_business_vat_registered (i) - we deliberately set this to an integer to prevent tampering # 25 # business_ip_address_upon_registration (s) - note that this value might not appear in local testing environments, but will in production settings. We retrieve the IP address of the user from the file getuserip.php # 26 # website_of_business (s) # 27 # telephone_number_of_business (s) # 28 # mobile_telephone_number_of_business (s) # 29 # revenue_of_business_for_previous_year (i) - Although the user can enter a decimal figure, we store the value in the database as an integer. We should use the intval() function throughout for this. The ceil() function rounds up the number to the nearest integer # 30 # profit_of_business_for_previous_year (i) - Although the user can enter a decimal figure, we store the value in the database as an integer. We should use the intval() function throughout for this. The intval() function rounds up the number to the nearest integer # 31 # number_of_employees_for_previous_year_at_business (i) - This is an integer because the number of employees can only ever be a discrete value (e.g. 1, 2, 3, and so on). # date_and_time_of_registration_of_business (s) - This is not user-generated. We create this by using PHP's date() function and passing the parameters Y-m-d H:i:s. (Year-Month-Date Hour-Minute-Second). Among many reasons, this is because the value on the database is TIMESTAMP. # 32 # version_of_our_terms_and_conditions_agreed_to (i) - This is the version of the terms and conditions that the user has agreed to. # 33 # date_and_time_of_agreement_to_our_terms_and_conditions (s) - This is the date and time the user has agreed to the terms and conditions. # 34 # business_short_description (s) # 35 # business_long_description (s) # 36 # version_of_our_privacy_policy_agreed_to (i) - This is the version of the privacy policy that the user has agreed to. # 37 date_and_time_of_agreement_to_privacy_policy (s) - This is the date and time the user has agreed to the privacy policy # The data types for the prepared statements are: issssiissssiisssssssiisissssiiisisssis # There are some columns that we do not include here. These are, together with their reason: # corporate_social_responsibility_score_of_business - This is a field we enter manually. It reflects the CSR rating of the business, which in turn impacts their ranking. # date_and_time_of_last_login_of_business - This is a field that is only relevant when the business actually logs in. # business_profile_picture_url_filename - businesses do not include their profile picture at registration, but they do upon successfully logging in. if(empty($errors)){ #If the errors array is empty, that are no errors found, we then begin to insert the respective values into the database. Unlike the personal user, we *do not* send the business an activation code. Rather, we simply send them an email acknowledging that an account was registered in their name. We also copy support@churchmapped.com in this email. Later, we do our own checks by corresponding with the user (via the e-mail and/or phone and/or physical address provided). If they are genuine, we set is_business_user banned to 1 by ourselves, which will enable them to log in. $passwordhash = "YouAreTheSaltOfTheEarthACityOnAHill!!!July2021"; #This is the hash we use for passwords stored in the ChurchMapped Business database. $stmt = $conn->prepare("INSERT INTO churchma_USERS_ON_CHURCHMAPPED.business_user_details_on_churchmapped(is_business_user_banned, business_official_name, business_trading_name, business_handle_on_churchmapped, password_of_business_user, business_primary_sector, business_secondary_sector, business_headquarters_address_line_one, business_headquarters_address_line_two, business_headquarters_address_line_three, business_headquarters_postcode, business_headquarters_country_where_it_is_based, business_headquarters_continent, business_email_address_where_transactions_are_sent_to, business_primary_email_address, business_year_of_formation, business_trading_address_line_one, business_trading_address_line_two, business_trading_address_line_three, business_trading_address_postcode, business_trading_country_address, business_trading_continent_address, name_of_director_of_business, is_business_vat_registered, business_ip_address_upon_registration, website_of_business, telephone_number_of_business, mobile_telephone_number_of_business, revenue_of_business_for_previous_year, profit_of_business_for_previous_year, number_of_employees_for_previous_year_at_business, date_and_time_of_registration_of_business, version_of_our_terms_and_conditions_agreed_to, date_and_time_of_agreement_to_our_terms_and_conditions, business_short_description, business_long_description, version_of_our_privacy_policy_agreed_to, date_and_time_of_agreement_to_privacy_policy) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?, ?, ?, ?)"); $stmt->bind_param("issssiissssiisssssssiisissssiiisisssis", $isuserbanned, $businessofficialname, $businesstradingname, $businesshandleonchurchmapped, $passwordofuser, $businessprimarysector, $businesssecondarysector, $businessheadquartersaddresslineone, $businessheadquartersaddresslinetwo, $businessheadquartersaddresslinethree, $businessheadquarterspostcode, $businessheadquarterscountrywhereitisbased, $businessheadquarterscontinent, $businessemailaddresswheretransactionsaresentto, $businessprimaryemailaddress, $businessyearofformation, $businesstradingaddresslineone, $businesstradingaddresslinetwo, $businesstradingaddresslinethree, $businesstradingpostcode, $businesstradingcountryaddress, $businesscontinenttradingaddress, $nameofdirectorofbusiness, $isbusinessvatregistered, $businessipaddressuponregistration, $websiteofbusiness, $telephonenumberofbusiness, $mobilephonenumberofbusiness, $revenueofbusinessforpreviousyear, $profitofbusinessforpreviousyear, $numberofemployeesinbusiness, $dateandtimeofregistrationofbusiness, $versionofourtermsandconditionsagreedto, $dateandtimeofagreementtoourtermsandconditions, $businessshortdescription, $businesslongdescription, $versionofourprivacypolicyagreedto, $dateandtimeofagreementtoprivacypolicy); #This binds the parameters #We list the various variables here. Four things to mention: don't forget to trim everything with the exception of the password (and relatedly, we don't need to trim the areas where we use the in-built date() function or the IP address). Secondly, don't forget to hash the password. Thirdly, don't forget to turn the revenue of the business and profit of the business into integers (we can do this using the intval() method). We don't have to worry about sanitising the variables here because if we have reached this stage, then the variables are mostly, if not entirely, safe. Fourthly, be sure to concatenate the date of the formation of the business (format YYYY-MM-DD), separated out by hyphens. $isuserbanned = 2; $businessofficialname = trim($_POST['officialNameOfBusiness']); $businesstradingname = trim($_POST['tradingNameOfBusiness']); $businesshandleonchurchmapped = trim($_POST['handleOfBusinessOnChurchMapped']); $passwordofuser = md5($passwordhash . $_POST['passwordOfBusinessUser']); $businessprimarysector = trim($_POST['primarySectorOfBusiness']); $businesssecondarysector = trim($_POST['secondarySectorOfBusiness']); $businessheadquartersaddresslineone = trim($_POST['addressLineOneOfHeadquartersForBusiness']); $businessheadquartersaddresslinetwo = trim($_POST['addressLineTwoOfHeadquartersForBusiness']); $businessheadquartersaddresslinethree = trim($_POST['addressLineThreeOfHeadquartersForBusiness']); $businessheadquarterspostcode = trim($_POST['postcodeOfHeadquartersForBusiness']); $businessheadquarterscountrywhereitisbased = trim($_POST['countryOfHeadquartersForBusiness']); $businessheadquarterscontinent = trim($_POST['continentOfHeadquarters']); $businessemailaddresswheretransactionsaresentto = trim($_POST['transactionRelatedEmailOfBusiness']); $businessprimaryemailaddress = trim($_POST['emailOfBusiness']); $businessyearofformation = trim($_POST['yearOfFormationOfBusiness']) . '-' . trim($_POST['monthOfFormationOfBusiness']) . '-' . trim($_POST['dayOfFormationOfBusiness']); $businesstradingaddresslineone = trim($_POST['tradingAddressLineOneForBusiness']); $businesstradingaddresslinetwo = trim($_POST['tradingAddressLineTwoForBusiness']); $businesstradingaddresslinethree = trim($_POST['tradingAddressLineThreeForBusiness']); $businesstradingpostcode = trim($_POST['postcodeOfTradingAddressOfBusiness']); $businesstradingcountryaddress = trim($_POST['countryOfTradingAddress']); $businesscontinenttradingaddress = trim($_POST['continentOfTradingAddress']); $nameofdirectorofbusiness = trim($_POST['nameOfDirectorsOfBusiness']); $isbusinessvatregistered = trim($_POST['isBusinessVATRegistered']); $businessipaddressuponregistration = $_SESSION['sessionIPAddress']; $websiteofbusiness = trim($_POST['websiteForBusiness']); $telephonenumberofbusiness = trim($_POST['telephoneNumberForBusiness']); $mobilephonenumberofbusiness = trim($_POST['mobilePhoneNumberForBusiness']); $revenueofbusinessforpreviousyear = intval($_POST['revenueOfBusinessForPreviousYear']); $profitofbusinessforpreviousyear = intval($_POST['profitOfBusinessForPreviousYear']); $numberofemployeesinbusiness = intval($_POST['numberOfEmployeesAtBusiness']); $dateandtimeofregistrationofbusiness = date("Y-m-d H:i:s"); $versionofourtermsandconditionsagreedto = trim($_POST['termsAndConditionsVersionForBusinessUser']); $dateandtimeofagreementtoourtermsandconditions = date("Y-m-d H:i:s"); $businessshortdescription = trim($_POST['shortDescriptionOfBusiness']); $businesslongdescription = trim($_POST['longDescriptionOfBusiness']); $versionofourprivacypolicyagreedto = trim($_POST['privacyPolicyVersionForBusinessUser']); $dateandtimeofagreementtoprivacypolicy = date("Y-m-d H:i:s"); $stmt->execute(); #We finally execute the prepared statement echo '
Thank you for registering your business on the ChurchMapped platform. Please see your e-mail inbox to find out on what happens next after registering your account. You might need to check your Junk or Spam folder.
'; #Here we email support@churchmapped.com with the information submitted in the form $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam = array(); #We create an array of information that will be included within the mail to the support team at ChurchMapped. To include it in the email, we use the implode() function together with the

tags. $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Is business banned:' . ' ' . '2'; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Business official name:' . ' ' . trim($_POST['officialNameOfBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Business trading name:' . ' ' . trim($_POST['tradingNameOfBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Business handle:' . ' ' . trim($_POST['handleOfBusinessOnChurchMapped']); #do not include the business password - obviously! $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Business primary sector:' . ' ' . trim($_POST['primarySectorOfBusiness']) . ' ' . '(please consult the table busines_type_by_sic_code)'; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Business secondary sector:' . ' ' . trim($_POST['secondarySectorOfBusiness']) . ' ' . '(please consult the table business_type_by_sic_code)'; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Address line one of headquarters of business:' . ' ' . trim($_POST['addressLineOneOfHeadquartersForBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Address line two of headquarters of business:' . ' ' . trim($_POST['addressLineTwoOfHeadquartersForBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Address line three of headquarters of business:' . ' ' . trim($_POST['addressLineThreeOfHeadquartersForBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Postcode of headquarters of business:' . ' ' . trim($_POST['postcodeOfHeadquartersForBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Country of headquarters:' . ' ' . trim($_POST['countryOfHeadquartersForBusiness']) . ' ' . '(please consult the table countries in the database churchma_USERS_ON_CHURCHMAPPED)'; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Continent of headquarters:' . ' ' . trim($_POST['continentOfHeadquarters']) . ' ' . '(please consult the table continents in the database churchma_USERS_ON_CHURCHMAPPED)'; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Transaction-related e-mail address:' . ' ' . $businessemailaddresswheretransactionsaresentto = trim($_POST['transactionRelatedEmailOfBusiness']) . ' '; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Email of business:' . ' ' . trim($_POST['emailOfBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Year of formation of business:' . ' ' . trim($_POST['yearOfFormationOfBusiness']) . '-' . trim($_POST['monthOfFormationOfBusiness']) . '-' . trim($_POST['dayOfFormationOfBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Trading address line one of business:' . ' ' . trim($_POST['tradingAddressLineOneForBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Trading address line two of business:' . ' ' . trim($_POST['addressLineTwoOfHeadquartersForBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Trading address line three of business:' . ' ' . trim($_POST['addressLineThreeOfHeadquartersForBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Trading address postcode:' . ' ' . trim($_POST['postcodeOfTradingAddressOfBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Country of trading address:' . ' ' . trim($_POST['countryOfTradingAddress']) . ' ' . '(please consult the table countries in the database churchma_USERS_ON_CHURCHMAPPED)'; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Continent of trading address:' . ' ' . trim($_POST['continentOfTradingAddress']) . ' ' . '(please consult the table continents in the database)'; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Name(s) of director(s) of business:' . ' ' . trim($_POST['nameOfDirectorsOfBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Is business VAT-registered?' . ' ' . trim($_POST['isBusinessVATRegistered']) . ' ' . '(1 indicates not VAT-registered and 2 indicates VAT-registered)'; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'IP address:' . ' ' . $_SESSION['sessionIPAddress']; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Website of business:' . ' ' . trim($_POST['websiteForBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Telephone number of business:' . ' ' . trim($_POST['telephoneNumberForBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Mobile phone number of business:' . ' ' . trim($_POST['mobilePhoneNumberForBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Revenue of business for previous year:' . ' ' . '£' . intval($_POST['revenueOfBusinessForPreviousYear']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Profit of business for previous year:' . ' ' . '£' . intval($_POST['profitOfBusinessForPreviousYear']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Number of employees at business:' . ' ' . intval($_POST['numberOfEmployeesAtBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Date of registration of business on the ChurchMapped platform:' . ' ' . date("Y-m-d H:i:s"); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Version of Terms & Conditions agreed to:' . ' ' . trim($_POST['termsAndConditionsVersionForBusinessUser']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Short description of business:' . ' ' . trim($_POST['shortDescriptionOfBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Long description of business:' . ' ' . trim($_POST['longDescriptionOfBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam = implode("

", $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam); #This variable contains all the information that should be displayed in the e-mail to the ChurchMapped Support Team. Note that we don't send *exactly* these to the end user. We send these to the end user, but with basically everything in brackets omitted. $dateTodayForEmail = date("d-m-Y"); #We use this line to date our email #Here we create the various headers for the ChurchMapped Support Team. $toSupportTeam = "support@churchmapped.com"; $subjectRelatingToApprovingBusiness = "IMMEDIATE ATTENTION. Please verify business user: A user has registered a business account. The name of the business is:" . " " . trim($_POST['officialNameOfBusiness']); #Note that in this line of code, we use $_POST['officialNameOfBusiness'] (official name) rather than $_POST['tradingNameOfBusiness']. The reason for this is because the official name of the business is mandatory $path_of_the_logo = "https://www.churchmapped.com/churchmappedlogo.png"; $type = pathinfo($path_of_the_logo, PATHINFO_EXTENSION); $contentofimage = file_get_contents($path_of_the_logo); $image64 = "data:image/" . $type . ';base64,' . base64_encode($contentofimage); $messageRelatingToBusinessUserForChurchMappedSupportTeam = '
' . '
' . '
'. $dateTodayForEmail . '


Dear ChurchMapped Team' . ',' . '' . '

' . 'A business user has recently registered for an account on the ChurchMapped platform. As a safe platform, it is vital that we approve only businesses that are genuine and contribute to the safety of the platform. You will need to perform a variety of checks on this business, and so you might need to email them at the provided e-mail address of' . ' '. trim($_POST['emailOfBusiness']) .'and they might be reached by phone at' . ' ' . trim($_POST['telephoneNumberForBusiness']) . '. The details provided by the business are as follows:' . $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam . '. Once the business has passed our validation checks, change is_user_banned in the database churchma_USERS_ON_CHURCHMAPPED and table business_user_details_on_churchmapped to 1 and email the user that their profile is now accessible. In the event the business\'s application is rejected because they have failed our validation checks, simply leave it at 2. In some cases, we send an e-mail to the user explaining why their application was rejected but this is by no means universal. E-mails explaining the reason should only be sent by those in senior management. That\'s it for now.

ChurchMapped Team' . '
The social network that aspires to do better ❤
' . '
See our terms and conditions here.| See our privacy policy here.| Visit ChurchMapped here.
' . 'ChurchMapped® Limited is a registered company in England and Wales. Our company number is 12329590 and our registered office is at 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom. We are on the register of data fee payers courtesy of the Information Commissioner\'s Office (ICO) and our data protection registration number is ZA603587. Our VAT number is 340128834.
'; $headersToSupportTeamAboutBusinessUser = array(); #This array contains the headers for the email. $headersToSupportTeamAboutBusinessUser[] = "Content-Type: text/html; charset=utf-8"; $headersToSupportTeamAboutBusinessUser[] = "From: Support - ChurchMapped Team "; $headersToSupportTeamAboutBusinessUser = implode("\r\n", $headersToSupportTeamAboutBusinessUser); #This adds a \r\n to each line, which we need when sending mail. mail($toSupportTeam, $subjectRelatingToApprovingBusiness, $messageRelatingToBusinessUserForChurchMappedSupportTeam, $headersToSupportTeamAboutBusinessUser); #This finally sends the email to the ChurchMapped Support team. #Here we email the business user on what steps to take next. We use the mail() function. If we are in this area then we can be sure that email is safe because we have already checked for various possible issues that might arise. $arrayOfInformationForBusinessUser = array(); #We create an array of information that will be included within the mail to the support team at ChurchMapped. To include it in the email, we use the implode() function together with the

tags. $arrayOfInformationForBusinessUser[] = 'Business official name:' . ' ' . trim($_POST['officialNameOfBusiness']); $arrayOfInformationForBusinessUser[] = 'Business trading name:' . ' ' . trim($_POST['tradingNameOfBusiness']); $arrayOfInformationForBusinessUser[] = 'Business handle:' . ' ' . trim($_POST['handleOfBusinessOnChurchMapped']); #do not include the business password - obviously! $arrayOfInformationForBusinessUser[] = 'Address line one of headquarters of business:' . ' ' . trim($_POST['addressLineOneOfHeadquartersForBusiness']); $arrayOfInformationForBusinessUser[] = 'Address line two of headquarters of business:' . ' ' . trim($_POST['addressLineTwoOfHeadquartersForBusiness']); $arrayOfInformationForBusinessUser[] = 'Address line three of headquarters of business:' . ' ' . trim($_POST['addressLineThreeOfHeadquartersForBusiness']); $arrayOfInformationForBusinessUser[] = 'Postcode of headquarters of business:' . ' ' . trim($_POST['postcodeOfHeadquartersForBusiness']); $arrayOfInformationForBusinessUser[] = 'Transaction-related e-mail address:' . ' ' . $businessemailaddresswheretransactionsaresentto = trim($_POST['transactionRelatedEmailOfBusiness']) . ' '; $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Email of business:' . ' ' . trim($_POST['emailOfBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Year of formation of business:' . ' ' . trim($_POST['yearOfFormationOfBusiness']) . '-' . trim($_POST['monthOfFormationOfBusiness']) . '-' . trim($_POST['dayOfFormationOfBusiness']); $arrayOfInformationForBusinessUser[] = 'Trading address line one of business:' . ' ' . trim($_POST['tradingAddressLineOneForBusiness']); $arrayOfInformationForBusinessUser[] = 'Trading address line two of business:' . ' ' . trim($_POST['addressLineTwoOfHeadquartersForBusiness']); $arrayOfInformationForBusinessUser[] = 'Trading address line three of business:' . ' ' . trim($_POST['addressLineThreeOfHeadquartersForBusiness']); $arrayOfInformationForBusinessUser[] = 'Trading address postcode:' . ' ' . trim($_POST['postcodeOfTradingAddressOfBusiness']); $arrayOfInformationForBusinessUser[] = 'Name(s) of director(s) of business:' . ' ' . trim($_POST['nameOfDirectorsOfBusiness']); $arrayOfInformationForBusinessUser[] = 'Is business VAT-registered?' . ' ' . trim($_POST['isBusinessVATRegistered']) == '1' ? 'You indicated your business is not VAT-registered' : 'You indicated your business is VAT-registered'; $arrayOfInformationForBusinessUser[] = 'IP address:' . ' ' . $_SESSION['sessionIPAddress']; $arrayOfInformationForBusinessUser[] = 'Website of business:' . ' ' . trim($_POST['websiteForBusiness']); $arrayOfInformationForBusinessUser[] = 'Telephone number of business:' . ' ' . trim($_POST['telephoneNumberForBusiness']); $arrayOfInformationForBusinessUser[] = 'Mobile phone number of business:' . ' ' . trim($_POST['mobilePhoneNumberForBusiness']); $arrayOfInformationForBusinessUser[] = 'Revenue of business for previous year:' . ' ' . '£' . intval($_POST['revenueOfBusinessForPreviousYear']); $arrayOfInformationForBusinessUser[] = 'Profit of business for previous year:' . ' ' . '£' . intval($_POST['profitOfBusinessForPreviousYear']); $arrayOfInformationForBusinessUser[] = 'Number of employees at business:' . ' ' . intval($_POST['numberOfEmployeesAtBusiness']); $arrayOfInformationForBusinessUser[] = 'Date of registration of business on the ChurchMapped platform:' . ' ' . date("Y-m-d H:i:s"); $arrayOfInformationForBusinessUser[] = 'Version of Terms & Conditions agreed to:' . ' ' . trim($_POST['termsAndConditionsVersionForBusinessUser']); $arrayOfInformationForBusinessUser[] = 'Short description of business:' . ' ' . trim($_POST['shortDescriptionOfBusiness']); $arrayOfInformationForBusinessUser[] = 'Long description of business:' . ' ' . trim($_POST['longDescriptionOfBusiness']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Version of privacy policy agreed to:' . ' ' . trim($_POST['privacyPolicyVersionForBusinessUser']); $arrayOfInformationAboutBusinessToBeReviewByChurchMappedTeam[] = 'Date and time of agreement to privacy policy:' . ' ' . date("Y-m-d H:i:s"); $arrayOfInformationForBusinessUser = implode("

", $arrayOfInformationForBusinessUser); $dateTodayForEmail = date(d-m-Y); #We use this line to date our email #Here we create the various headers for the email to be sent to the user. $toBusinessUser = trim($_POST['emailOfBusiness']); #This is the email address of the business user $subjectForBusinessUser = "Thank you for registering on the ChurchMapped social network | What happens next?"; $path_of_the_logo = "https://www.churchmapped.com/churchmappedlogo.png"; $type = pathinfo($path_of_the_logo, PATHINFO_EXTENSION); $contentofimage = file_get_contents($path_of_the_logo); $image64 = "data:image/" . $type . ';base64,' . base64_encode($contentofimage); $messageForBusinessUser = '
' . '
' . '
'. $dateTodayForEmail . '


' . 'Dear Sir/Madam,
br> Thank you so much for registering on the ChurchMapped platform. We really appreciate it! Here is what happens next:

' . 'Kindly note that applications are competitive and subject to approval. You might be rejected at any time and for any reason. In the event your application is approved, you will get an official e-mail from ChurchMapped Limited documenting your approval. If your application has been rejected, you may (but not necessarily will) get a rejection letter together with the reasoning - if you have not heard from us within 3 months of your application being sent, it is likely that your application was rejected at this time. You can re-apply after this time if circumstances surrounding your business have changed - e.g. the sector you operate in, or the country where you are based.

For reference, this was the information you provided:
' . $arrayOfInformationForBusinessUser . '

We\'re grateful that you wish to join the ChurchMapped platform. Please allow us time to review your application and if we believe you pass our initial approval checks, we will get back to you shortly.
Thank you,
ChurchMapped Team
The social network that aspires to do better ❤
' . '
See our terms and conditions here.| See our privacy policy here.| Visit ChurchMapped here.
' . 'ChurchMapped® Limited is a registered company in England and Wales. Our company number is 12329590 and our registered office is at 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom. We are on the register of data fee payers courtesy of the Information Commissioner\'s Office (ICO) and our data protection registration number is ZA603587. Our VAT number is 340128834.
'; $headersToBusinessUser = array(); #This array contains the headers for the email. $headersToBusinessUser[] = "Content-Type: text/html; charset=utf-8"; $headersToBusinessUser[] = "From: Support - ChurchMapped Team "; $headersToBusinessUser = implode("\r\n", $headersToSupportTeamAboutBusinessUser); #This adds a \r\n to each line, which we need when sending mail. mail($toBusinessUser, $subjectForBusinessUser, $messageForBusinessUser, $headersToBusinessUser); }else{ #If the errors array is not empty, we echo out the various errors to inform the user. foreach($errors as $particularerror){ echo '

' . $particularerror . '
'; #Here we echo out the various errors related to the form. } } } ?>