Register for a Personal account on ChurchMapped® and enjoy a wide range of benefits

'; echo ''; echo ''; echo 'ChurchMapped Registration - Personal account'; echo ' '; echo ' '; echo ' '; echo ' '; echo ''; echo ''; echo ''; echo ''; echo ''; echo ' '; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ' '; echo ''; echo ' '; echo ''; echo ''; echo ''; $errors = array(); #The errors array contains all the issues that might arise during registration of the form. If there are no issues, we enter the data into the database. # Use parameterised queries for cybersecurity purposes. echo ''; echo '

'; #Don''t forget to add ChurchMapped logo here. echo 'Please see our privacy policy for information on how we manage your data. By registering on the ChurchMapped platform, you confirm that you have read the privacy policy, agree with it, and give us your consent into how we manage your data as outlined in the privacy policy. * indicates required'; echo '
'; echo '
'; echo '

'; #This begins the form for the personal user. We leave the action field blank because we want it to be the case that the user still remains on the page. # For the salutation, we have to ensure that the user is honest. In our view, the following salutations require no extra validation from us: # - Mr # - Mrs # - Miss # - Ms # - Mlle # - Dr # - Sir # - The following salutations *do* require us to do extra checks because of their nature regarding the extra trust they command from users. These are: # - His Eminence # - His Highness # - Her Highness # - Beatitude # - Fr. # - Monsignor # - Deacon # - Mother # - Sister # - Brother # - Canon # - President # - Vice President # We do not check for "Judge", "Deputy District Judge" and "Recorder" because these are not protected titles per se (e.g. Judge Rinder, even though he is not a judge). # Where a user uses a protected salutation, we add the value 1 to the column whether_user_requires_extra_authorisation. Otherwise, if the user does not use a protected salutation, we simply leave the column as NULL. Where a user uses a protected salutation, a mail has to be sent to support@churchmapped.com. This contains details of the registration form that has been submitted. We then send an email to the user (not auto-generated) inquiring into the authenticity of the user; we may also use a phone call too. Once we are satisfied that the user is indeed what they claim, we manually set the row in the column whether_user_requires_extra_authorisation to "2". if(isset($_POST['salutationOfPersonalUser'])){ #The pattern we use throughout this form is to first check whether a submission has been made for a particular field. If not, then we "echo" out a blank field. If so, then we "echo" out what has already been submitted. echo 'Salutation* (Note: Some salutations here require extra validation checks from us before successful registration): '; echo $_POST['salutationOfPersonalUser']; }else{ #This asks for the salutation of the user echo 'Salutation* (Note: Some salutations here require extra validation checks from us before successful registration):' . ' '; #We use the following salutation titles: Mr, Mrs, Ms., Miss, Ms, Mlle, His Eminence, His Highness, Her Highness, Beatitude, Dr., Fr., Monsignor, Deacon, Mother, Sister, Brother, Canon, Dean, Professor, His Honour, Her Honour, Judge, District Judge, Deputy District Judge, Recorder, Lord, President, Vice President, Sir, Dame, Lady, Right Honourable, Don, Dona, Doña, Chief, Officer. Note that the use of "Miss" and "Ms" are not duplicates; there is apparently an important distinction between the two - please refer to external sources for this. Mlle is a French salutation meaning "Mademoiselle"; its English counterpart is "Miss". Note and clear warning: do not include pronouns such as "Mx" - we do not acknowledge this. Do not include titles such as "Sheikh" or "Caliph" - we do not feel it is necessary to include these here. echo ''; } echo '
'; echo '
'; #This asks for the first name of the user. It is a required field. It has a minimum length of 1 and a maximum length of 30. In PHP code, we should also use the utf8_encode() method before inserting it into the database. if(isset($_POST['firstNameOfPersonalUser'])){ echo 'First Name*:' . ' '; echo ''; }else{ echo 'First Name*:' . ' '; echo ''; #Note that we use the pattern attribute here to only permit alphabetical characters and nothing else. Note however that some browsers such as some versions of Safari do not understand this, so we also have to do checks on the server-side too. Update: I've since removed the pattern because some users have names that use characters out of the scope of the alphabet (for example, D'Angelo, which uses an apostrophe). Instead, what we will do in the code down below in the PHP section is that we will use preg_match() and if the preg_match does not return successful for a name that has *at least* one alphabetical caharcter, then we can be sure that we are dealing with what appears to be a name. Update: I realised I can still do this in HTML and so have added the pattern attribute [A-Za-z]+ which means (or at least, I think!) find at least one instance of any character A-Za-Z (basically the entire alphabet). If it can't find this, then this is an indication that we are probably not dealing with a name because practically every name has at least one alphabetical character. Nevertheless, we should check for this as well in PHP code. } echo '
'; echo '
'; #This asks for the middle name of the user. It has a maximum length of 30, as we do not foresee a middle name being longer than 30 characters. It is an optional field. In PHP code, we should also use the utf8_encode() method. if(isset($_POST['middleNameOfPersonalUser'])){ echo 'Middle Name:' . ' '; #NOTE: We *do not* use the "Middle Name" for the CN parameter. Furthermore, we set this as an optional field, compared to first name and surname, as evident from the fact those two fields have the "required" echo ''; }else{ echo 'Middle Name:' . ' '; echo ''; } echo '
'; echo '
'; #This asks for the surname of the personal user. It is a required field. It has a maximum length of 30 characters. In PHP code, we should also use the utf8_encode() method. # Note that in some cultures, for instance Indonesia, people do not have surnames. We will still make this field a required field in any event, but in our errors() array we explicitly state something to the effect of, "We understand that in some cultures, people do not use surnames. If you think this applies to you, please email support@churchmapped.com. Please also contact support@churchmapped.com if you believe this is an error". if(isset($_POST['surnameOfPersonalUser'])){ echo 'Surname*:' . ' '; echo ''; #We use the pattern attribute to ensure that at least one alphabetical character appears in the surname field. If it doesn't, then this is an indication that it is probably not a real surname. }else{ echo 'Surname*:' . ' '; echo ''; } echo '
'; echo '
'; #This asks whether a user is male or female. Note: We do not use "Other". We also check to see if the form has been submitted already. If it has, we try to see if the user has selected "Male" or "Female". If the user has selected "Male", we set the radio button to the default of "Male" (by using the checked attribute); if the user has selected "Female", we set the radio button to the default of "Female" (by using the checked attribute). #Watch out for the value attribute! We do not use "Male" and "Female". Rather, we use an integer - be it 1 or 2 - because the datatype in the database for the column sex_of_user_on_churchmapped is TINYINT(1). The value is as follows: 1 indicates female and 2 indicates male. #This is a required field. However, we should make it clear here that in order to make the Gender radio buttons required, we only need to make one of the radio buttons required. We do that here for the female radio button because it has the value of 1. if(!isset($_POST['genderOfPersonalUser'])){ echo 'Gender*:' . ' '; echo 'Male'; echo ''; echo 'Female'; echo ''; } elseif($_POST['genderOfPersonalUser'] == "2"){ #Here we deal with the scenario where a user has selected male (i.e. 2) echo 'Gender:' . ' '; echo 'Male'; echo ''; echo 'Female'; echo ''; }elseif($_POST['genderOfPersonalUser'] == "1"){ #Here we deal with the scenario where a user has selected female (i.e. 1) echo 'Gender:' . ' '; echo 'Male'; echo ''; echo 'Female'; echo ''; } echo '
'; echo '
'; #We use this section to ask the user for their date of birth. Note that for most versions of Safari as well as Internet Explorer, there is no support for the input type "date", so we have to think of a work around. Also note that we should detect if the user is younger than 18. If they are, we add to the $errors[] array and state that the user must be older than 18 years old to use the ChurchMapped platform. The corresponding column in the table is date_of_birth_of_personal_churchmapped_user. One possible workaround that will work for all browsers is that instead of using the "date", we use three input text fields asking the user for day, month and year respectively. We then concatenate them together with a hyphen and then add them to a database after doing our checks. # Important note: We should review the checkout.php page in light of this discovery. #We use this brief segment as thresholds for ages we can accept - either for legal reasons (as in the case of $minimumAge, where we only permit users 18 and older) or because the age seems spurious (as in the case of $maximumAge, where we do not permit values older than 125 years old). Note that for the HTML code, be careful not to get confused - $minimumAge should go in the input number field max (because this is the maximum value we will permit otherwise it seems as if it's spurious data), and $maximumAge should go in the input number field min (because a user has to be *at least* 18 to join). By using the date() function together with the parameter "Y", which gives the year, we can be sure the code will be dynamically updated rather than us having to update it each and every time. $minimumAge = date("Y") - 18; #We set the minimum age to 18 per our Terms and Conditions. $maximumAge = date("Y") - 125; #Strictly speaking, we don't have a maximum age - if a person is 100 years old, they can still join. The reason we have this here is another way of input validation. The oldest person is around 120 or so, so if a person enters a date of birth that would give them a ridiculously high age like 450, we know something must be wrong. # To reiterate, we use the input type number rather than date because some browsers, such as Safari, unfortunately do not support the date input type. if(!isset($_POST['dayOfBirthOfPersonalUser'])){ #If the *day* of birth of the personal user has no value, we echo all three fields but with the month and year filled in with the previous values. echo 'Date of birth:'; echo '
'; echo '' . ' ' . '' . ' ' . ''; #In PHP code, be sure to use the checkdate() function to ensure that the date is actually valid (for instance, "31st February" would be an invalid date). Note that the checkdate() function accepts dates in the format of MM-DD-YYYY, so be sure to rearrange this before continuing. In PHP code, also be sure to check that the values entered into these boxes are in fact integers, otherwise it is possibly an SQL injection attack or something similar; this is already done to some extent by using the input type "number" as opposed to "text". Note as well how we use the HTML min and max in a first attempt to ensure that the date is valid. Be careful to ensure that the values in min and max don't have spaces besides them, otherwise it could potentially throw our code off. echo '
'; echo 'D = Date; M = Month; Y = Year'; } elseif(!isset($_POST['monthOfBirthOfPersonalUser'])){ #If the month of birth of the personal user has no value, we echo all three fields but with the day of birth and year of birth filled in. echo 'Date of birth:'; echo '
'; echo '' . ' ' . '' . ' ' . ''; echo '
'; echo 'D = Date; M = Month; Y = Year'; }elseif(!isset($_POST['yearOfBirthOfPersonalUser'])){ #If the year of birth of the personal user has no value, we echo all three fields but with the day of birth and month of birth filled in. echo 'Date of birth:'; echo '
'; echo '' . ' ' . '' . ' ' . ''; echo '
'; echo 'D = Date; M = Month; Y = Year'; } elseif(!isset($_POST['dayOfBirthOfPersonalUser']) && !isset($_POST['monthOfBirthOfPersonalUser']) && !isset($_POST['yearOfBirthOfPersonalUser'])){ #If none of the fields relating to the day of birth, month of birth or year of birth have been filled in, we echo all three fields but with no values. echo 'Date of birth:'; echo '
'; echo '' . ' ' . '' . ' ' . ''; echo '
'; echo 'D = Date; M = Month; Y = Year'; } elseif(isset($_POST['dayOfBirthOfPersonalUser']) && isset($_POST['monthOfBirthOfPersonalUser']) && isset($_POST['yearOfBirthOfPersonalUser']) ){ #If all three fields relating to the day of birth, month of birth and year of birth have been filled in, we echo all three fields together with their submitted values. echo 'Date of birth:'; echo '
'; echo '' . ' ' . '' . ' ' . ''; echo '
'; echo 'D = Date; M = Month; Y = Year'; } echo '
'; echo '
'; # This asks the user for a handle. Note that we have a number of requirements for a handle on ChurchMapped: # They must be a minimum of 1 character and a maximum of 20 characters. # They are not allowed to contain the word "God", "ChurchMapped", "Admin" or "Null" # Communicate to the user that it is against the Terms & Conditions for a user to use an expletive in their handle is against the Terms and Conditions of using the website # Handles may only contain alphanumeric characters and an underscore. # Handles must be unique. No two users may have the same handle. # The handle must not contain the "@" character - we will add that ourselves! # This is a required field # The handle must be unicode-compliant. This is because of regular expressions, which by and large only work with Unicode characters. if(isset($_POST['churchmappedHandleOfPersonalUser'])){ echo 'ChurchMapped Handle:' . ' ' . '@' . ''; #We use the JavaScript method onkeyup to check if the handle already exists on the database. We use the pattern [a-zA-Z]+ because we expect a ChurchMapped handle to have at least one alphabetical character. echo '
'; echo 'Note that your handle must be Unicode-compliant.'; }else{ echo 'ChurchMapped Handle:' . ' ' . '@' . ''; #We use the JavaScript method onkeyup to check if the handle already exists on the database. We use the pattern [a-zA-Z]+ because we expect a ChurchMapped handle to have at least one alphabetical character. echo '
'; echo 'Note that your handle must be Unicode-compliant.'; } echo '
'; echo '
'; #We use the HTML input type "email" as one source of input validation. According to official documentation, on browsers that don't support inputs of type email, a email input falls back to being a standard text input. We should still use PHP's email validation to ensure that it is in fact an email. We set a maxlength to 40 characters as, in our view, an email shouldn't have more characters than this. We also set a minlength to "1" character just to ensure again the user has submitted something that looks like an email. Note that this is a required field. We also use the JavaScript onkeyup() to see if the email is already on the database or not. The email address is a required field. if(isset($_POST['emailOfPersonalUser'])){ echo 'Email*:' . ' ' . ''; echo '
'; echo '
'; }else{ echo 'Email*:' . ' ' . ''; echo '
'; echo '
'; } #This is for the password of the user. Always remember to use a hashing algorithm like md5() on this field, together with a SALT which is known only to us, before inserting into the database. Furthermore, we need to check that the password is actually "strong". For us, a password must contain the following, in addition to complying with a minimum of 6 characters and a maximum of 15 characters: # - It must contain at least one special character # - It must contain at least one letter from the alphabet # - It must contain at least one number # We use the input type "password" to ensure that characters that are entered into this field appear as bullet points. This prevents people from "watching over someone's shoulder" to obtain a password. # We should also require that passwords are changed every 6 months for cybersecurity purposes. We can do this with [come back to this later] # This is a required field. echo 'Password*:' . ' ' . ''; echo '
'; echo '
'; #This field ensures that both passwords are the same. It must be the same as the password field above. Therefore, in the PHP code, we have to equate the two together with the hash to ensure that they are the same. If not, we add this too to the errors array. echo 'Confirm Password*:' . ' ' . ''; echo '
'; echo '
'; #This field regards the country of the residence of the ChurchMapped user. We select all the countries in the database churchma_GEOGRAPHY by accessing the database. This is a required field. if(isset($_POST['countryOfPersonalUser'])){ #This section governs the situation where a user has entered information relating to their country. If they have already submitted the information, we echo the '; while($row = mysqli_fetch_array($resultOfQueryToSelectAllCountries, MYSQLI_ASSOC)){ if($row['country_id'] == trim($_POST['countryOfPersonalUser'])){ #Here we check to see if the particular row is equal to what has been posted. If that is the case, we echo this option value but set it as the default option. Remember that we use $row['country_id'] rather than $row['country_name_english'] because this is the actual value that is posted. echo ''; #This sets the default value } else{ echo ''; } } echo ''; }else{ echo 'Country of residence:*' . ' '; $queryToSelectAllCountries = "SELECT country_id, country_name_english FROM churchma_GEOGRAPHY.countries"; #This line obtains the list of countries from the database called churchma_GEOGRAPHY and the table countries. We use the method utf8_encode() because some country names have foreign characters and without using this method, the characters would not appear properly. $resultOfQueryToSelectAllCountries = mysqli_query($conn, $queryToSelectAllCountries); $numberOfCountries = mysqli_num_rows($resultOfQueryToSelectAllCountries); #We use this line of code to get the number of countries. This is used later down in the code where we try to validate user input: if the value posted is greater than the number of countries that actually exist, then we know the value is spurious and it's possible the user is attempting to hack into our systems. echo ''; } echo '
'; echo '
'; #This asks the user about the continent in which they reside. We have to ask this because some countries are in two continents - e.g. Russia is in Europe and Asia; Turkey is in Europe and Asia, and so on. Furthermore, there are cases where a country is not listed here - e.g. Curacao - in which case the user should answer that their country of residence is the Netherlands but that the continent they are in is North America (though some argue that Curacao is in South America). if(isset($_POST['continentOfPersonalUser'])){ echo 'Continent of residence:*' . ' '; echo ''; } else{ echo 'Continent of residence:*' . ' '; echo ''; } echo '
'; echo '
'; #Here we ask the user for the country in which they work. It sometimes happens that a person might live in one country, and work in another (for example, to live in France and work in Switzerland; to live in Luxembourg and work in Belgium). This is an *optional* field. if(isset($_POST['countryOfWorkOfPersonalUser'])){ #This section governs the situation where a user has entered information relating to their country. If they have already submitted the information, we echo the '; while($row = mysqli_fetch_array($resultOfQueryToSelectAllCountries, MYSQLI_ASSOC)){ if($row['country_id'] == trim($_POST['countryOfWorkOfPersonalUser'])){ #Here we check to see if the particular row is equal to what has been posted. If that is the case, we echo this option value but set it as the default option. We use the utf8_encode() method to ensure that values on the database that are not UTF-8 compliant are equated with what has been posted, which is UTF-8 compliant (see the code in the else(){} code where the user has not submitted anything relating to their country). echo ''; #This sets the default value } else{ echo ''; } } echo ''; }else{ echo 'Country of place of work:' . ' '; $queryToSelectAllCountries = "SELECT country_id, country_name_english FROM churchma_GEOGRAPHY.countries"; #This line obtains the list of countries from the database called churchma_GEOGRAPHY and the table countries. We use the method utf8_encode() because some country names have foreign characters and without using this method, the characters would not appear properly. $resultOfQueryToSelectAllCountries = mysqli_query($conn, $queryToSelectAllCountries); echo ''; } echo '
'; echo '
'; #Here we ask the user for the continent of the place they work. It sometimes happens that a person can live in one continent, but work in another - for example, someone who lives in Greece but works in Turkey lives in Europe and works in Asia. if(isset($_POST['continentOfWorkOfPersonalUser'])){ echo 'Continent of work:' . ' '; echo ''; }else{ echo 'Continent of work:' . ' '; echo ''; } echo '
'; echo '
'; #Here we ask the user for the first line of their address. This is a required field. We only accept a minimum length of 1 and a maximum length of 50. if(isset($_POST['addressLineOneOfPersonalUser'])){ echo 'Address line 1*:' . ' '; echo ''; } else{ echo 'Address line 1*:' . ' '; echo ''; } #Here we ask the user for the second line of their address. This is an optional field. We only accept a minimum length of 1 and a maximum length of 50. echo '
'; echo '
'; if(isset($_POST['addressLineTwoOfPersonalUser'])){ echo 'Address line 2:'. ' '; echo ''; #Because address line two is not a required field, we do not have to set a minlength. }else{ echo 'Address line 2:'. ' '; echo ''; #Because address line two is not a required field, we do not have to set a minlength. } echo '
'; echo '
'; #Here we ask the user for the third line of their address - this is usually the county or state, and we should mention this in the placeholder. It is an optional field. It has a minimum length of 1 and a maximum length of 50. if(isset($_POST['addressLineThreeOfPersonalUser'])){ echo 'Address line 3:' . ' '; echo ''; #Because address line three is not a required field, we do not have to set a minlength. } else{ echo 'Address line 3:' . ' '; echo ''; #Because address line three is not a required field, we do not have to set a minlength } echo '
'; echo '
'; #Here we ask the user for the city that they are from - for example, London, Paris, Seattle, and so on. It is a required field. It has a minimum length of 1 and a maximum length of 50. if(isset($_POST['cityOfPersonalUser'])){ echo 'City*:' . ' '; echo ''; #We use the pattern [a-zA-Z]+ to ensure that the city contains at least one alphabetical character. }else{ echo 'City*:' . ' '; echo ''; #We use the pattern [a-zA-Z]+ to ensure that the city contains at least one alphabetical character. } echo '
'; echo '
'; #Here ask the user for their postcode/zip code. It is not a required field because some places in the world do not have a postcode - for example, the Republic of Ireland has many places without postcodes at all. There is a minlength of 1 here and a maxlength of 15, as there is no reason why if(isset($_POST['postcodeOfPersonalUser'])){ echo 'Postcode/Zipcode:' . ' '; echo ''; #Note that "size" here refers to the visual appearance of the form, not what can actually be submitted. } else{ echo 'Postcode/Zipcode:' . ' '; echo ''; } echo '
'; echo '
'; #Towards the end of the form, we have to ask the user that they agree to the Terms & Conditions of using the website. We have to also ask that they agree to the privacy policy. #Here we ask if they agree to the Terms and Conditions. Don't forget that the value on the database is a number, representing the version of the Terms and Conditions. We use the HTML tags to ensure that the Terms and Conditions can appear to the user without redirecting the user to an external link. However, there is one important difference between Terms & Conditions (as well as Privacy Policy) and the other input elements and it is that we do not add a name and value attribute to the textarea. This is because for the Terms & Conditions as well as the Privacy Policy, we are more interested in the version/ID number rather than the actual text - we already have the text on the database. Furthermore, the datatype on the database for the columns version_of_terms_and_conditions_agreed_to_by_churchmapped_user and version_of_privacy_policy_agreed_to_by_churchmapped_user are SMALLINT. To get around this, we use a checkbox instead, and this is what we use in the PHP code. We also use the "disabled" attribute for the respective textareas to prevent the user from tampering with the text in the terms and conditions. Kindly note (this is good news) that disabling the textarea does not at all prevent scrolling. echo 'Terms & Conditions:'; echo '
'; echo 'The terms and conditions can also be read on the ChurchMapped legal page here'; #We include a reference here to the Terms & Conditions on the legal page of ChurchMapped because the textarea might be too small for some readers. echo '
'; echo '

TERMS AND CONDITIONS OF USE OF THE CHURCHMAPPED SOCIAL NETWORK

We are pleased that you are considering using the ChurchMapped platform, which is run by the private, for-profit limited company CHURCHMAPPED LIMITED (Company No: 12329590) (“We” or “we” or “Our” or “our”) whose registered address is 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom. We may be reached by telephone number at 0844 335 0065 – call charges may apply. For the avoidance of doubt, CHURCHMAPPED LIMITED is a registered company in England and its place of incorporation should not be confused with Scotland or Northern Ireland, where laws regarding incorporation may differ. Details about the ChurchMapped Limited company may be accessed by visiting Companies House, at (operational as of 25th August 2021):  https://find-and-update.company-information.service.gov.uk/company/12329590 . The ChurchMapped logo and name is a trademark belonging to CHURCHMAPPED LIMITED, having been filed on the 18th SEPTEMBER 2018 and entering the UK trademark register on or around the 7th DECEMBER 2018. For the avoidance of doubt, ChurchMapped Limited is independent of any ecclesiastical organisation and is secular in its operations.

This page (as well as the documents referred to in it, such as our Privacy Policy, which we strongly suggest you read together with these Terms & Conditions, and may be read at: https://www.churchmapped.com/privacy-policy.html ) tells any person who accesses this site (“you” or “You” or “your” or “Your”) the terms and conditions on which you may make use of:

Our website (“Our website”), https://www.churchmapped.com., which shall incorporate, without limitation, all subdomains connected with this website (for example, https://www.en.churchmapped.com), all relative paths connected with this website (for example, https://www.churchmapped.com/index.html, index.html being an example of a relative path), any application programming interface (API) call to the website which we consider governed by these terms and conditions (for example, https://www.churchmapped.com/ourapis?customerid=1, ourapis?customerid=1 being an example of an API call), any members’ area – be it accounts designated PERSONAL, BUSINESS or other, or where no determination of the type of account can be made, indeterminate.

Any paid for service either on or through our website (“paid service”); and/or

any browser extension, including the ChurchMapped for Safari extension, ChurchMapped Extension for Firefox and the ChurchMapped Extension for Chrome.

For the avoidance of doubt, these Terms & Conditions do not apply to our MassAggregator apps, which are subject to a different set of Terms & Conditions.

These terms and conditions shall govern Your use of our website.

By using our website, you accept these terms and conditions in full; accordingly, IF YOU DISAGREE WITH THESE TERMS AND CONDITIONS OR ANY PART OF THESE TERMS AND CONDITIONS, YOU MUST NOT USE OUR SITE. Please read these Terms and Conditions carefully; by continuing to use our website, you indicate that you accept these Terms & Conditions and agree to abide by them.

If you register with our website, submit material content to our website or use any of the services provided by our website, we will ask you to expressly agree to these terms and conditions. In line with our privacy policy, your agreement and the date of the agreement will be stored in our database(s).

You must be 18 years old or older to register for an account on the ChurchMapped platform or to make a purchase of any paid good or service on the ChurchMapped platform. Those who are younger or are found to be lying about their age to bypass this requirement will have their account deleted.

Our website uses HTML5 storage, geolocation technologies as well as cookies; by using our website or agreeing to these terms and conditions, you consent to our use of HTML5 storage, geolocation technologies and cookies in accordance with the terms of our privacy policy and cookies.

Although we always strive for accuracy to the best of our knowledge and cultural sensitivity, we assume no liability for the correctness or completeness of historic details, information relating to Masses, Adoration, Confessions, Funerals and events in general, nor should any geographic information published on the website be considered an endorsement or political statement either by ChurchMapped Limited or any of its staff. Furthermore, we assume no liability for the accuracy or correctness of any information provided by users on our website, nor do we accept that comments made by users on our website necessarily reflect the views of ChurchMapped or any of its staff.

In registering for a Personal account, you must use your real name or at least a name that many people know you by. In registering for a Business account, if you are the director of the business, you must list your real name or at least a name that many people know you by. If you are not the director of the business, you must list all the real names of the director of the business. Note that using a fake name in either registering for a Personal account, a Business account or an account with an indeterminate status without good cause will leave your account liable to termination. This condition equally extends to the false use of certain salutations (e.g. referring to yourself as “Fr.” Or “Dr.” when you are not yet ordained or have obtained your medical licence respectively).

You must have a valid and functional e-mail address to use the ChurchMapped platform.

ACCESSING OUR SITE

Access to our site is permitted on a temporary basis, and we reserve every right to withdraw or amend the service we provide on our site without notice. We will not be liable if, for any reason, our site is unavailable at any time or any period except where this unavailability affects a paid for service, at which you will be entitled to either a refund or replacement not exceeding the value of the affected item or service minus Value Added Tax (“Value Added Tax” or “VAT”). Please see the REFUNDS, RETURNS AND COOLING-OFF PERIOD section for further information. From time to time, we may restrict access to our website.

Our APIs are sold and restricted by IP address and you may only use the information provided by the API on your website. You may not republish nor duplicate information gained from the API outside of the website to which you are granted or relicense our APIs and to do so will lead to the instant withdrawal and termination of our API service to you.

We are not responsible for the content or material posted on external websites that happen to feature on our website, nor can we guarantee the accuracy of their material except where it pertains directly to us, ChurchMapped Limited.

CORPORATE SOCIAL RESPONSIBILITY

In agreeing to these Terms & Conditions, you agree that we are entitled to pursue our corporate social responsibility aims, not restricted to sexual equality, racial equality, religious liberty and the alleviation of poverty, to name a few.

In agreeing to these Terms & Conditions, you agree that we are entitled to alter the algorithms for our search facility to pursue corporate social responsibility and equitable aims.

In agreeing to these Terms & Conditions, you agree that ChurchMapped Limited is not a social enterprise but a for-profit company.

PAYMENTS, THE CHURCHMAPPED MARKETPLACE AND VALUE ADDED TAX

We reserve the right to amend payment-related information such as those in transaction-related e-mails and VAT invoices in the event an error is found, and we accept no liability whatsoever for any misunderstanding or action taken on the basis of a VAT invoice or receipt that is found to be inaccurate.

Where a good or service provided directly by us, ChurchMapped Limited, is inaccurately priced due to a human oversight or technical issue, we reserve the right to demand the discrepancy from you between the lower price and the price which the item is supposed to be sold at, even if this means undertaking legal action. Similarly, where we have mistakenly overcharged you, we will refund you the discrepancy between the higher price and the lower price – we will use information you used in your registration form to get in touch with you to make the appropriate payment in a bank account nominated by you, subject to anti-money laundering and insolvency rules. We cannot be liable for inaccurate contact information provided by you. Please see the information under REFUNDS, RETURNS AND COOLING-OFF PERIOD for more information.

However, where a good or service provided by another merchant on our platform has mistakenly charged you, they will not be entitled to claiming any discrepancy whatsoever, unless this mistake has arisen due to fraud, hacking, or some other malicious activity. Please see the information under REFUNDS, RETURNS AND COOLING-OFF PERIOD for more information.

Where you are a merchant using our Business account and successfully sell an item or service on the ChurchMapped platform, you shall be paid the amount of the item minus the ChurchMapped transaction fee (5% as of 2nd September 2021) and any applicable taxes, fees and currency exchange rate differences. Payments are made from ChurchMapped Limited to you in a nominated bank account chosen by you one month from the end of the calendar month in which the transaction is processed by the ChurchMapped platform. For example, if you sell an item or service on June 15th, the latest you should expect your funds in your account is August 31st. Please do not bother ChurchMapped staff with questions about when payments will be sent to you until this time has passed. Note that we may consider it harassment where we are repeatedly asked about when payments will be transferred to your account within this timeframe and in the worst instances, we will terminate an account where this kind of behaviour demands such action. In the event of harassment, the funds will still be processed within the agreed timeline but the account on the ChurchMapped platform will be permanently closed.

We will attempt to communicate with you, in the instance you sell an item or service through our Business account, to find the appropriate nominated account where funds should transferred. If these efforts fail for 6 months (6 months determined from the date the first transaction-related e-mail we send to you pertaining to the transaction), the funds will either become the property of ChurchMapped Limited or will be transferred to an appropriate charity depending on the circumstances.

Where ChurchMapped Limited demands a payment for an item or service provided by us, payment shall be deemed to be payment in advance unless explicitly stated otherwise in our communication. Where a merchant demands payment for an item or service through the ChurchMapped platform, payment shall be deemed to exclusively be payment in advance; we do not allow merchants to provide items or services through our platform on a payment-in-arrears basis. We do not accept deposit payments through our platform either to us, ChurchMapped Limited, or to the merchants who sell services on our platforms; all payments must be made in full before a good or service is provided.

By signing up to a Business account and uploading an item or service to our marketplace, you agree that your item or service does not in any way undermine the sanctity of the churches we cover, stated without prejudice to our claim we are a secular company.

By signing up to a Business account, you agree that we reserve the right to remove without notice items or services or submissions that we deem to be “low quality” or spam. Low quality submissions include submissions with many spelling mistakes, incorrect tone, vague descriptions, to name a few.

By agreeing to our Terms and Conditions, you agree that we can deny membership to our Business accounts and marketplace for any reason, and will not be held liable for this whatsoever.

Where a business operates in a country outside of the United Kingdom and is VAT-registered, we will account for the VAT and issue the business a reverse charge document. You should keep this document for your references.

In order to maintain the quality of the platform, “haggling” (attempting to get a merchant user to sell an item or service at a price lower than that advertised) is strictly prohibited and will lead to the termination of the account that does it or the merchant account that tolerates it. The ChurchMapped Marketplace operates on a what-you-see-is-what-you-get basis/”price firm” basis. You must update the price in the merchant panel or resubmit the item to reflect a change in the price or quality of the good or service being provided.

We reserve the right to permanently ban customers – via their IP address or some other means – who frequently request chargebacks or request chargebacks which, in our view, they are not entitled to. We reserve the right to permanently close business accounts that engage in activity that result in a high number of chargebacks.

Our payments system may not be used as to facilitate donations.

It is a mandatory requirement for a merchant selling through the ChurchMapped platform to state their own returns policy. We may request a merchant to amend a description of their item where this is not fulfilled.

You may not sell anything or make a claim in support of what you are selling which might be deemed as fostering superstition, or is altogether without scientific basis.

ACCEPTABLE USE

You must not do any of the following: Use the ChurchMapped website in any way that causes, or may cause, damage or malfunction to the website that impacts the uptime, performance, availability or accessibility of the website.

Use the ChurchMapped website in a way that is unlawful, illegal, fraudulent or harmful, or in connection or association with any unlawful, illegal or fraudulent human activity.

Use the ChurchMapped website to copy, store, host, transmit, send, use, publish or distribute any material which consists of (or is linked to) any spyware, malware, adware, computer virus, Trojan horse, worm, keystroke logger, rootkit, mechanism to conduct social engineering of any kind or other malicious computer software.

Perform any widespread or automatic data collection activities – such as scraping, data extraction, and/or data harvesting – on or in relation to the ChurchMapped website without our express written consent, though recognised search engines may perform these activities to the extent that the ChurchMapped website can be indexed on their search engine.

Violate the instructions set out in our robots.txt file by either intentionally indexing or accessing pages that have been marked as forbidden or indexing our website more frequently than we express in the robots.txt file. This can be accessed at https://www.churchmapped.com/robots.txt.

We reserve the right to linking permission to our website without notice.

RULES RELATING TO POSTING CONTENT ON THE CHURCHMAPPED PLATFORM

By posting on the ChurchMapped platform, you warrant and represent that your content will comply with these terms and conditions in full.

In order to post content on the ChurchMapped platform, your content must not be illegal or unlawful and should not infringe on anyone’s legal rights nor should it give rise to a legal cause of action against any person (in each case in any jurisdiction and under any applicable law).

Your content should not fall under any of the following:

Be libellous or malicious false or deliberately spread mis/disinformation.

Be obscene or indecent

Infringe on the copyright, moral right, database right, trade mark right, design right, right in passing off, or any other intellectual property right.

Infringe any right of confidence, right of privacy or right under data protection legislation.

Provide negligent advice or contain any negligent statement; further to this, providing advice where one is not authorised to do so, as in the case of legal advice, financial advice or medical advice.

Constitute manipulation of a market anywhere in the world.

Incite or incentivise others to commit a crime.

Be in contempt of court or in breach of any court order.

Engage in racial, sexual or religious hatred or espouse views discriminatory towards those with disabilities, those from a different country or those who are veterans.

Be in breach of the official secrets legislation.

Be in breach of any contractual obligation owed to any person.

Depict gore

Be pornographic or sexually explicit.

Be untrue, false or misleading.

Harassment.

Constitute spam.

“Doxing” or revealing content that should ordinarily be held confidential, except in instances of the public interest.

TERMINATION

We reserve the right to either suspend, cancel or edit your account details at any time at our discretion without notice or explanation.

You may delete your account on the ChurchMapped website either by accessing the control panel facility in the website or requesting to us in writing to support@churchmapped.com for us to delete your account on your behalf. Note that in the latter case we can only perform such request from an email originating from the email address used to register for the account.

REFUNDS, RETURNS AND COOLING-OFF PERIOD

Where we have mistakenly overcharged you, we will refund you the discrepancy between the higher price and the lower price – we will use information you used in your registration form to get in touch with you to make the appropriate payment in a bank account nominated by you, subject to anti-money laundering and insolvency rules. We cannot be liable for inaccurate contact information provided by you. Alternatively, you will be given the option to take credit for the same or a similar service provided directly by us, ChurchMapped Limited. This credit will not expire for the lifetime of the Company, taken to be from the date the credit is issued to the date the Company is dissolved under the Insolvency Act 1986 or any similar statute.

For subscriptions purchased directly from us, ChurchMapped Limited, you are entitled to a cooling-off period of 14 days from the date of purchase where the amount spent on the subscription does not exceed £42.00 (forty-two pounds, excluding Value-Added Tax) and the transaction is made off-premises. In such instances, you are entitled to a refund should you change your mind about purchasing the subscription and the subscription will end once the refund is granted. For the purposes of the Consumer Contracts Regulations 2013, ChurchMapped Limited is in the position of the trader and you as the customer are in the position of the consumer. It is not possible for other merchants to offer subscription-based items through the ChurchMapped marketplace.

The returns policy of physical items sold by other merchants on the ChurchMapped platform are set out by themselves and we disclaim any liability in relation to this. Please review the description of the item to see the Terms. It is a mandatory requirement for merchants on the ChurchMapped platform to outline their returns policy.

We may demote merchants who have an unusually high number of refund or returns requests. In the worst instances, we may permanently ban merchant accounts with an unusually high number of refund requests.

Where it can be shown that the customer did not receive the physical item, the full amount of the item at the time of purchase plus delivery costs will be refunded to the customer. Please allow 1-7 working days for it to appear in your account owing to the various processing timeframes used by banks.

We require merchants who provide a physical item through our service to use recorded delivery as proof of delivery.

Merely disliking an item by a merchant is not grounds for a refund.

Dishonestly abusing the refunds system will entail the user being banned from the ChurchMapped platform into perpetuity.

INTELLECTUAL PROPERTY RIGHTS

You may provide us images, text, sound and other digital material for your profile, products on the marketplace and for similar reasons relevant to your use of the ChurchMapped platform. By agreeing to these terms and conditions, and in so doing providing these digital materials, you provide ChurchMapped Limited a nonexclusive, irrevocable, a royalty-free, worldwide right to use, reproduce, distribute, reformat, modify, create excerpts from, promote, advertise, transmit and publicly display and perform in any and all digital and other formats.

You will at all times respect the intellectual property of ChurchMapped Limited and its various trademarks. You will not claim to represent ChurchMapped Limited when you do not, nor will you use the ChurchMapped logo, the ChurchMapped name or the ChurchMapped registered address in your profile or anywhere else so as to create confusion, or to mislead. Our intellectual property may only be used with our express and written consent, signed off by a Director or anyone authorised to act on his or her behalf.

LIMITATIONS AND EXCLUSIONS OF LIABILITY

The material provided on our website is provided without any guarantees, conditions or warranties as to its accuracy. To the extent permitted by law, we, ChurchMapped Limited, and any third parties connected to us exclude altogether all conditions, warranties and other terms which could be ascertained from statute, common law or the law of equity as well as any liability for any direct, indirect or consequential loss or damage  incurred by any user in connection with our site or in connection with the use, inability to use or the results of the use of our site, any websites linked to it and any materials posted to it. However, this does not affect our liability for death or personal injury arising from negligence attributable to us, nor our liability for fraudulent misrepresentation or misrepresentation as to a fundamental matter, nor any other liability which cannot be excluded or under applicable law.

JURISDICTION

40. In the event of any disagreement about these Terms & Conditions, and if after attempts to mediate and/or enter into an arbitration agreement has failed, the exclusive place of legal recourse will be in the courts in England & Wales.

41. You agree that in providing your details to us, we may use said details as the place of correspondence for serving legal notices prior to court action.

VARIATIONS

42. We may revise these terms and conditions at any time by amending this page. Every attempt will be made to alert you to these changes but the responsibility is upon you to check this page periodically to be aware of any changes to our terms and conditions, as they are binding on you.

DATED: 3rd APRIL 2022

'; echo '
'; echo '
'; echo 'Do you agree to the terms and conditions? Please check the box to indicate agreement (note: in order to register on the ChurchMapped platform, you must agree with our Terms and Conditions)'; echo ''; #This is what we actually use in the PHP code. We have manually added the value of 1. Whenever we add a new Terms and Conditions or Privacy Policy, we have to amend the value of this checkbox manually. Note that unlike the other inputs here, we always echo the checkbox without a check if a user has submitted information that has not passed our validation checks. This is to comply with GDPR requirements (namely, to avoid the accusation that we have opted the user in by default, which is not allowed). echo '
'; echo '
'; echo 'Privacy policy:'; echo '
'; echo 'The privacy policy can also be read on the ChurchMapped legal page here'; echo '
'; echo '

1. Introduction. ChurchMapped Limited (“we”, “us”, “our”) are committed to protecting and respecting your privacy. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed, stored and disclosed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting https://churchmapped.com/ (the “Site”) or using the ChurchMapped mobile application (the “App”) or using any services offered through or associated with our Site or App (the “Services”), you are deemed to have accepted and consented to the practices described in this policy. 2. About us. The Site is owned and operated by ChurchMapped Limited, Company Number 12329590, of registered address 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom (our “Company Address”). ChurchMapped Limited processes personal data as a Data Controller, as defined in the Directive and the General Data Protection Regulation (“GDPR”). Our ICO registration number is ZA603587. 3. Other applicable terms 3.1. Our Website Terms & Conditions set out the terms and conditions under which you are permitted to use the Site. By visiting the Site, using the App, or using any Services, you are deemed to have agreed to our Website Terms & Conditions. 3.2. If you are based in Germany, Austria or Switzerland, please refer to our Impressum. Please note that this link, available on the English version of the Site, will only appear if the Site determines that you speak German and/or are based in Germany, Austria or Switzerland. For a static version of our Impressum, please see the Impressum on our German version of the Site, available here. 3.3. The Site contains links to and from the websites of our partner networks, advertisers and affiliates or to websites shared by other users. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. 4. Data we collect about you. We collect and process personal data so we can provide our Services to you. It’s important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. The data we collect and process about you is explained in the sections below. 4.1 Data you give us 4.1.1.How you give us data. You give us information about you by filling in forms on our Site or App or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use the Site or App, subscribe to our marketing database, subscribe to our Services, participate in discussion boards or other social media functions on our Site or App, enter a competition or promotion, apply for a job position at the Company or a third party which is a member of our Group (which means any subsidiaries or ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006), complete a poll or survey, or report a problem with the Site or App. 4.1.2.Data we collect when you create an account. The personal data you give us includes your name, age, date of birth, phone number, home address, work address (as applicable), email address or login details, behavioural data, personal description and characteristics (including photographs and their metadata), purchase history through the Site, marital status, spatial data (location data), education history, employment history (as applicable), gender, religion and medical data (specifically, whether you have a vision, mobility or hearing impairment, for the purposes of tailoring search results to you and to comply with standards such as the Web Accessibility Initiative (WAI). 4.1.3. Data we collect about clergy. If you are identified, either by us or you, as working in a capacity of influence connected to the churches we cover (such as a bishop, priest, deacon, brother, monk, nun, sister, seminarian, consecrated celibate, catechist, or other like function), we will also collect the following, as applicable: your preferred title (e.g. “Father”, “Sister”, etc.), post-nominal (e.g. “O.P.” for the Order of Preachers), date(s) of ordination, date(s) of vow(s) taken, church(es) or other religious places of influence, diocese or dioceses, and religious order or similar association. We may require you to upload additional documentation for verification of the details provided. 4.1.4. Data we collect about job applicants. If you are applying for a job with us, we will only collect and hold the personal data above as necessary for us to process your application and comply with legal requirements. If you’re selected for a position, we will collect your passport, National Insurance Number, driving licence (if applicable), documentation of your educational qualifications (such as degree certificates or transcripts) and proof of address (in the form of a bank statement or utility bill). 4.1.5. Information that is not “personal data”. In addition to the personal data described above, we also collect information about you that is not considered “personal data”, such as your preference for using the “Secular” or “Religious” version of the Site, the church you regularly attend (if applicable), recent travel destinations (if applicable), whether you are planning on travelling in the next three months (and, if applicable, where you are traveling and which church(es) you would like to see), language(s) spoken, language preference and where you first saw ChurchMapped.com. Where you are registering for a business account, we will also collect additional information about your company, which is also not considered “personal data” as it does not identify any individual. 4.1.6. Legal basis for collection. We rely upon your explicit consent to use and process the data described above. 4.2. Data we automatically collect 4.2.1. Each time you visit or use our Site or a (third-party website that uses any of our application programming interface (“API”) plugins or scripts), we automatically collect the following information: 4.2.1.1.Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, location, network data, browser plug-in types and versions, languages, operating system and platform, as well as information relating to API calls. 4.2.1.2. Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from the Site (including date and time); pages you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. 4.2.2. We use this information as statistical data about your browsing actions and patterns, for system administration, and to evaluate, provide, protect or improve our Services (including by developing new products and services). Because we collect, use and share this information in the aggregate, it does not identify any individual. 4.3. Data we receive from third parties. We also receive information about you if you follow or interact with us via our social media pages on Twitter, Instagram, YouTube or Facebook. For more information on how these companies handle your personal data, please refer to their privacy policies. 5. How we use your data 5.1 We use your data to carry out our Site, App and Services in the following ways: 5.1.1. To administer and manage your account, to provide you with information you request from us, and to carry out any other obligations arising from any contracts entered into between you and us. 5.1.2. To ensure that content from our Site and App is presented in the most effective manner for you and for your device. 5.1.3. To allow you to participate in interactive features of our Service when you choose to do so. 5.1.4. To respond to communications from you and to provide you with information about our Services, including notifying you about changes to our Site, App or Services. 5.1.5. To collect aggregate information and data on churches, including religious beliefs in certain areas, attendance at Mass and/or other religious services, number of tourists visiting a particular church, confessional wait times, and related information. 5.2. We also use your data to make our Site, App and Services better in the following ways: 5.2.1. To measure or understand the effectiveness of advertising we serve to you and others, deliver relevant advertising to you and make suggestions and recommendations to you and other users of the Site and App about goods or services that may interest you or them. 5.2.2. To administer the Site and App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. 5.2.3. As part of our efforts to keep the Site and App safe and secure, e.g. by conducting analysis required to detect malicious data and understand how this may affect your IT system, as well as to keep your own information secure, through means such as two-factor authentication. 5.2.4. We will not send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under applicable data protection laws. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about services similar to those which were the subject of a previous enquiry by you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have expressly consented to this. 5.2.5. You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please notify us in writing to the Company Address or by email at info@churchmapped.com. 6. How we secure your data 6.1. All of your personal data is protected and we have put in place appropriate physical, electronic, and management procedures to safeguard and secure the data we collect. Your information is stored on secure cloud databases, internal servers, and on third party softwares. Your information is only accessible by employees who have authorised access rights to such information. When making purchases or logging in to your account, we utilise two-factor authentication to ensure the correct person gains access to the account. 6.2. All of your payment information is encrypted using Secure Sockets Layer (“SSL”) technology and we adhere to the Payment Card Industry (“PCI”) Data Security Standard, in addition to other standards, to ensure payment information is kept as secure as possible. 6.3. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site or App; any transmission is at your own risk. Once we have received your information, we use strict procedures and the security features described above to try to prevent unauthorised access. 7. How long we store your data. We only keep your personal data for as long as we’re required to keep it (such as when it’s required by law), for as long as it’s necessary for our original legitimate purpose for collecting the information and for as long as we have your permission to keep it. We will delete your personal data when you delete your account or email us at info@churchmapped.com requesting deletion. 8. Disclosure to third parties 8.1. Parties with whom we share your information 8.1.1. We share personal data with third parties as described in this section. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. 8.1.1.1. Webhosting UK COM Limited assists us with hosting the Site and they have access to information stored on any of our databases, scripts or any of our systems. Ordinarily, they will only access personal data in the event of downtime or a hacking incident. 8.1.1.2. cPanel Inc provides us with the interface through which we can interact with server-side issues. cPanel Inc may have access to information stored on our systems in the event we request technical assistance. 8.1.1.3. We use software and interfaces provided by WebPros HoldCo B.V. to manage the Site. They receive any personal information contained in descriptions of issues we report to them. 8.1.1.4. We use Barclaycard International Payments Limited and Barclays Bank PLC (each trading as “Barclaycard”) to process payments made on the Site, either from us to you or you to us, and they have access to this payment information. We also share information with Barclaycard for fraud prevention measures, particularly relating to “Card Not Present” transactions. 8.1.1.5. We share information with Alphabet Incorporated in relation to apps that you purchase from us on the Google Play Store. 8.1.1.6. We share information with Amazon.com Incorporated in relation to apps that you purchase from us on the Amazon Appstore. 8.1.1.7. We share information with Apple Incorporated in relation to apps that you purchase from us on the Apple App Store. 8.1.1.8. We share diagnostic information with Roundcube in relation to any emails sent from us to you, or you to us. However, under no circumstance will we share card or other sensitive information with Roundcube. In the event that such information is received via email, we will tokenise the sensitive information before forwarding it to them. 8.1.1.9. We also share diagnostic information with phpMyAdmin, but this will only relate to diagnostic information surrounding its interface, and not pertaining to sensitive information surrounding the contents of the database. 8.1.2. The only other circumstances under which we would share your personal data are: 8.1.2.1. If the third party is a member of our group (which means any subsidiaries or ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006). 8.1.2.2. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. 8.1.2.3. If we or substantially all of our assets are acquired by a third party, in which case personal data will be one of the transferred assets and the purchaser will be permitted to use the data for the purposes for which it was originally collected by us. 8.1.2.4. If we’re under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, enforce or apply our Terms & Conditions and other agreements, or to protect the rights, property, or safety of us, our customers, or others (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction). 8.2. Parties with whom you may choose to share your information 8.2.1. You may choose to share any information, photographs or other content that you voluntarily submit to the Site or App either on public forums and public areas of the Site or App or within your private messaging (meaning other users you have invited or accepted as members of your closed network). Such data will become available and viewable by other users as controlled by any applicable privacy settings that you define. Once you have shared your content or made it public, that content may be re-shared by others. 8.2.2. If you choose to connect to social media networks from the our Site or App or post any of your content on our Site or App to those networks, then in accordance with your social media privacy settings, the personal data that you post, transmit, or otherwise make available on the social media platform may be viewed and/or used by other users of those networks and we have no control over such viewing and use and cannot prevent further use of such information by third parties. When you interact with us through social media networks, you acknowledge that we may access your information that is held by that account, solely in accordance with your social media privacy settings. Any links to social media are not under our control and remain solely your responsibility. You acknowledge that any information posted via social media through our Site or App, or any third party you allow to access your content, is done entirely at your own risk and that by posting to a public platform you make that information visible to third-parties who can use that information at their discretion. 8.2.3. You may review, modify, update, correct or remove any personal data you have submitted to the Site or App at any time. If you remove information that you posted to the Site or App, copies may remain viewable in cached and archived pages of the Site, or if other users or third party APIs have copied or saved that information. 8.2.4. Always think carefully before disclosing personal data or other information to other users or otherwise posting personal data on the Site or App. It’s important that you’re aware that any data you choose to disclose on the Site or App may then be viewed and even used by other users (in accordance with your settings and this Privacy Policy). We do not control the contents of communications made between users (although you can make a complaint about another user by contacting us using the information provided in the Contact section below). 8.2.5. You must respect the privacy of others and you must not disclose any personal details about other people including your family, friends, acquaintances, or other persons that may be misleading or cause them harm or offence. It is your responsibility to obtain their prior express permission in respect of any submission of their data at any time. 9. International transfers 9.1. Because we work with third parties outside of the UK, the data that we collect from you may be transferred to, and stored at, a destination outside the UK. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated as securely as it would be within the UK and under the GDPR. Such steps may include our entering into contracts with any third parties we engage and the use of Commission-approved Model Contractual Clauses. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 9.2. You can obtain more details of the protection given to your personal data when it is transferred outside the UK (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us as described in the Contact paragraph below. 10. Your rights 10.1. We will ensure that your personal data is processed lawfully, fairly, and transparently and that it will only be processed if at least one of the following bases applies: 10.1.1. You have given your clear consent to the processing of your personal data for a specific purpose. 10.1.2. Processing is necessary for the performance of a contract to which you are a party (or for us to take steps at your request prior to entering into a contract with you). 10.1.3. Processing is necessary for our compliance with the law. 10.1.4. Processing is necessary to protect someone’s life. 10.1.5. Processing is necessary for us to perform a task in the public interest or in the exercise of official authority and the task/function has a clear basis in law. 10.1.6. Processing is necessary for our legitimate interests or the legitimate interests of a third party, except where there is a good reason to protect your personal data which overrides those legitimate interests, such as allowing us to effectively and efficiently manage and administer the operation of our business, maintaining compliance with internal policies and procedures, monitoring the use of our copyrighted materials, offering optimal, up-to-date security and obtaining further knowledge of current threats to network security in order to update our security. 10.2. Under the GDPR, you have the right to: 10.2.1. Withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so (such as to comply with a legal obligation). 10.2.2. Be informed of what data we hold and the purpose for processing the data, as a whole or in parts. 10.2.3. Be forgotten and, in some circumstances, have your data erased by ourselves and our affiliates (although this is not an absolute right and there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it). 10.2.4. Correct or supplement any information we hold about you that is incorrect or incomplete. 10.2.5. Restrict processing of the information we hold about you (for example, so that inaccuracies may be corrected—but again, there may be circumstances where you ask us to restrict processing of your personal data but we are legally entitled to refuse that request). 10.2.6. Object to the processing of your data. 10.2.7. Obtain your data in a portable manner and reuse the information we hold about you. 10.2.8. Challenge any data we use for the purposes of automated decision-making and profiling (in certain circumstances—as above, there may be circumstances where you ask us to restrict our processing of your personal data but we are legally entitled to refuse that request). 10.2.9. Complain to a supervisory authority (e.g. the Information Commissioner’s Office (ICO) in the UK) if you think any of your rights have been infringed by us. (We would, however, appreciate the chance to address your concerns, so please contact us prior to taking this step). 10.3. You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. 10.4 You have the right to ask us not to process your personal data for marketing purposes. We will get your express opt-in consent before we use your data for such purposes or share your personal data with any third parties for such purposes, but you can exercise your right to prevent such processing by contacting us at the Company Address, via email at info@churchmapped.com, or by unsubscribing using the links contained in the marketing emails. 10.5. You may revoke your consent for us to use your personal data as described in this Privacy Policy at any time by emailing us at info@churchmapped.com and we will delete your data from our systems. To enforce any of the above rights, please contact us at our Company Address or via email at info@churchmapped.com. 10.6. We will notify you and any applicable regulator of a breach of your personal data when we are legally required to do so. 11. Cookies, sessions, hidden fields, local storage and shared preferences 11.1. Cookies 11.1.1.1. What are cookies? A cookie is a small (ordinarily, text) file of letters and numbers that we store on your browser. Cookies contain information that is transferred to your computer\'s hard drive (or the hard drive of another relevant device). We use cookies to distinguish you from other users on the Site, to tailor your experience to your preferences, and to help us improve the Site. 11.1.2. Cookies we use 11.1.2.1. Strictly necessary cookies. These cookies are required to save your session and to carry out other activities that are strictly necessary for the operation of the Site. They include, by way of general example, cookies that enable you to log into secure areas of the Site, use a shopping cart, or make use of e-billing services. These cookies are session cookies, which means they’re temporary and will usually expire when you close your browser. However, for security purposes, some strictly necessary cookies (such as those relating to identifying you as logged in to the Site or App) will be deleted after a certain amount of time of inactivity (e.g. 15 minutes) has elapsed. 11.1.2.2. Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the Site when they’re using it. These cookies help us improve the way the Site works by, for example, ensuring that users are finding what they’re looking for easily. 11.1.2.3. Functionality cookies. These cookies are used to recognise you when you return to the Site. They enable us to personalise our content for you, greet you by name and remember your preferences. 11.1.2.4.Targeting cookies. These cookies record your visit to the Site, the pages you visit, and the links you follow. We use this information to make the Site and the advertising displayed on it more relevant to your interests. We also share this information with third parties for the same purpose. 11.1.2.5. Social Media cookies. These cookies work together with social media plug-ins. For example, when we embed photos, video and other content from social media websites, the embedded pages contain cookies from these websites. Similarly, if you choose to share our content on social media, a cookie may be set by the service you have chosen to share content through. You have the right to opt out of social media cookies and to object to automated profiling. To enforce either of these rights please contact us at info@churchmapped.com. 11.1.3. Consenting to cookies 11.1.3.1. Where JavaScript or a related technology is available and functional on your device, you will be shown a pop-up message requesting your consent to setting non-essential cookies before any are placed on your device. 11.1.3.2. Where JavaScript and/or a related technology is disabled or otherwise not available, you will be directed to a dedicated page requesting your consent to setting non-essential cookies. 11.1.3.3. Upon giving consent, we generate a unique token known to us to show that consent has been given. 11.1.4. Disabling cookies 11.1.4.1. By default, most internet browsers accept cookies, but you can choose to enable or disable some or all cookies via the settings on your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party cookies. For further details, please consult the help menu in your internet browser. 11.1.4.2. Some of the cookies we use are essential for the Site to operate. If you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Site. Where cookies are entirely disabled, we may request your consent to rely on other technologies outlined in this section to ensure you can access our Site (although we cannot guarantee the same standard of service as when cookies are enabled). Where these other technologies are also denied, you may not be able to access all or parts of our Site. 11.2. Sessions. Sessions are a mechanism that enable a webpage to remember information from a previous webpage. By default, a webpage forgets information from a previous webpage—sessions are a mechanism to get around this. Sessions ordinarily work with cookie files, but they can also work without cookies. We use sessions in addition to cookies to help our Site function. For example, sessions help you make payments on our Site. 11.3. Hidden fields. Hidden fields are a mechanism that is used to store information on a webpage. They cannot be seen by users (except by browsing the source code of the webpage, which most web browsers enable a user to do) and users cannot ordinarily submit information through a hidden field. We use hidden fields to help present our Site in the best way for you and your device. For example, we use hidden fields to retain information about what language you are viewing the Site in. For further details, please consult the help menu in your internet browser. 11.4. Local storage. Local Storage, sometimes called “HTML5 Web Storage”, is a mechanism that does not typically involve cookies and entails information being stored locally on your device. We use local storage to help our Site function and help us deliver our Services. However, for the avoidance of doubt, we do not use local storage to store sensitive information such as card details, in order to comply with best security practices. 11.5. Shared Preferences. Shared preferences are small files saved on devices that use the Android system to save user details and user preferences. We may use shared preferences to help process financial payments for some of the apps that we provide. 12. Changes to this policy. Any changes we may make to this policy in the future will be posted on this page and, where appropriate, notified to you by email. You will be deemed to have accepted the terms of the updated policy on your first use of the Site or App following the alterations. Please check back frequently to see any updates or changes to our policy. 13. Contact. Questions, comments and requests regarding this Privacy & Cookie Policy are welcomed and should be addressed to our Company Address or to our email at info@churchmapped.com.

'; #We use the text "Lorem ipsum, etc" purely for local testing purposes. In production code, we include the actual Privacy Policy here. echo '
'; echo 'Do you agree to the privacy policy? Please check the box to indicate agreement (note: in order to register on the ChurchMapped platform, you must agree with our privacy policy)'; echo ''; #Note that unlike the other inputs here, we always echo the checkbox without a check if a user has submitted information that has not passed our validation checks. This is to comply with GDPR requirements (namely, to avoid the accusation that we have opted the user in by default, which is not allowed). echo '
'; echo '
'; echo ''; echo '

'; #This ends the form for the personal user. echo ''; #Here we ask the user if they have forgotten their password. If they press or click this, they are directed to forgottenpassword.html (in the local version, this is forgottenpassword.php.) We use the script to redirect the user to Forgotten Password page. This part is powered by the redirectjs script # In the PHP code, don't forget that before inserting an IP address into the column ip_address_at_point_of_registration, we use PHP's IP validation function to prevent any SQL injection attack. #Here we create two arrays - one to check for whether the handle is available and the other to check if the email is available. Later on in the code we check if these arrays are empty or not. If they are not empty, this indicates that the handle or the email (whatever the case may be) has already been taken and we therefore issue an errors statement. The first array is called $checkIfChurchMappedHandleIsAvailable. The second array is called $checkIfEmailIsAvailable. $checkIfChurchMappedHandleIsAvailable = array(); $checkIfEmailIsAvailable = array(); #Here we deal with the ChurchMapped handle $stmt = $conn->prepare("SELECT handle_of_user_on_churchmapped FROM churchma_USERS_ON_CHURCHMAPPED.user_details_on_churchmapped WHERE handle_of_user_on_churchmapped LIKE ?"); #Here we select the column handle_of_user_on_churchmapped from the table user_details_on_churchmapped in the database churchma_USERS_ON_CHURCHMAPPED. We use parameterised queries for extra cyber security. However, we should note here that using mysqli_num_rows works somewhat "strangely" when using prepared statements. if(isset($_POST['churchmappedHandleOfPersonalUser'])){ #We use the isset() function to ensure that we do not receive a PHP notice that the index cannot be found $valueOfChurchMappedHandleToSearch = trim("%" . $_POST['churchmappedHandleOfPersonalUser'] . "%"); #This is the actual ChurchMapped handle. } $stmt->bind_param("s", $valueOfChurchMappedHandleToSearch); #The first parameter "s" indicates that we are expecting a string, which is what churchmappedHandleOfPersonalUser is. $stmt->execute(); #This finally executes the prepared statement $stmt_result = $stmt->get_result(); #This is the first step in helping us get the number of rows. if($stmt_result->num_rows>0){ #Here we see if the number of rows is greater than 0. If it is, then this is an indication in the code down below that the handle has already been taken. while($row = $stmt_result->fetch_assoc()){ $checkIfChurchMappedHandleIsAvailable[] = $row['handle_of_user_on_churchmapped']; #Here, fill up the array $checkIfChurchMappedHandleIsAvailable with all the results that have been found. # We issue an errors statement in the code later down below. } } #Here we deal with the email address to check whether the email address has already been used. $stmtToGetEmail = $conn->prepare("SELECT primary_email_of_user_on_churchmapped FROM churchma_USERS_ON_CHURCHMAPPED.user_details_on_churchmapped WHERE primary_email_of_user_on_churchmapped LIKE ?"); if(isset($_POST['emailOfPersonalUser'])){ $valueOfEmailToSearch = trim("%" . $_POST['emailOfPersonalUser'] . "%"); #This is the email of the user to search } $stmtToGetEmail->bind_param("s", $valueOfEmailToSearch); $stmtToGetEmail->execute(); #This finally executes the prepared statement. $stmt_result_for_email = $stmtToGetEmail->get_result(); #This is the first step in helping us get the number of rows to obtain the email. if($stmt_result_for_email->num_rows > 0){ while($row = $stmt_result_for_email->fetch_assoc()){ $checkIfEmailIsAvailable[] = $row['primary_email_of_user_on_churchmapped']; #Here we fill up the array $checkIfEmailIsAvailable with all the results that have been found # We issue an errors statement in the code later down below. } } # In the PHP code, don't forget to use trim() to remove whitespace from the left hand side of what has been posted as well as the right hand side. $patternForAlphabeticalOrder = "/[a-zA-Z]+/"; #This is the pattern that we use for fields where we expect to see at least one alphabetical character, such as the field for the first name. To recap, this pattern means any character between a-z and A-Z must occur at least once. $patternForSpecialCharacters = '/\W/'; #This regular expression matches all special characters, such as !, %, £ and so on. $patternForNumbers = '/[0-9]/'; #This pattern matches all numbers. $patternForChurchMappedUserName = '/ChurchMapped/i'; #We declare a pattern for the ChurchMapped username for the line of code later where we use preg_match() to check if the handle entered has the prohibited word "ChurchMapped" (this is reserved only for us). $patternForConsecutiveCharacters = '/(abc|bcd|cde|def|efg|fgh|ghi|hij|ijk|jkl|klm|lmn|mno|nop|opq|pqr|qrs|rst|stu|tuv|uvw|vwx|wxy|xyz|012|123|234|345|456|567|678|789)+/'; #This pattern attempts to detect consecutive characters. We use it to prevent users from using consecutive characters for their password. $patternForExpletives = '/(fuck)|(shit)|(bitch)|(pussyhole)|(wanker)/i'; #This is a pattern for expletives. We do not allow expletives in the ChurchMapped handle. Because the list of expletives constantly grows, we need to constantly add to this list and check the database as well. The i modifier here means we are making case-insensitive regular expression matches. Be mindful, however, because it can sometimes happen that a person's name is also an expletive (e.g. Fanny) so we need to communicate to the user that if they think this is a mistake, they should contact support@churchmapped.com. $patternForProhibitedCharacters = '/([^a-zA-Z0-9_])/'; #This pattern matches all characters except lowercase alphabetical characters and uppercase alphabetical characters, numbers (0-9) and an underscore. We use this to prevent handles on ChurchMapped from containing characters outside of those we permit. if(isset($_POST['submitRegistrationFormForPersonalUser'])){ #This area begins the input validation for the registration form once it has been submitted. An important note (added 4th August 2021): in a number of places in our script down below, we use the method strlen() to determine the number of characters. However, this only works with English characters, because strlen() works on the assumption that one character equals one byte. This works fine for English characters, but for foreign characters that are not based in the UTF-8 system, a single "character" could actually take multiple bytes, in stark comparison to English. This is something to bear in mind. We will continue using strlen() for now but rely on the fact that in many instances in our code where we use strlen() we ask the user to contact support@churchmapped.com. # An important note (added 5th August 2021); in a number of places in our script down below, we use is_numeric rather than is_int because posted values that are numerical might not strictly be integers but strings. The is_numeric function is therefore preferable because it considers both strict integers and strings which are purely numeric. ##This segment deals with information entered into the first name field (firstNameOfPersonalUser) if(!isset($_POST['firstNameOfPersonalUser'])){ #If the field for the user's first name is somehow empty, we issue an error notifying them we expect users to register either with their real first name, or a name which they are known as by many in their community. $errors[] = "You need to enter your first name."; } elseif(isset($_POST['firstNameOfPersonalUser']) && (preg_match($patternForAlphabeticalOrder, $_POST['firstNameOfPersonalUser']) == 0 || !preg_match($patternForAlphabeticalOrder, $_POST['firstNameOfPersonalUser'])) ){#Here we make sure that field for the user's first name contains alphabetical letters, otherwise a user could bypass the registration form by entering something nonsensical like "___23271". Note that although the pattern attribute should deal with this, we should still check this on the server-side, and we do this here. Furthermore, some browsers do not support the pattern attribute. The second part of this elseif(){} statement requires some explanation. $errors[] = "This does not seem like a real name. Please enter your real name. Kindly note that it is a condition of our Terms & Conditions that you must use either your real name to register for an account on the ChurchMapped platform or at least a name that many people know you by."; } elseif(isset($_POST['firstNameOfPersonalUser']) && (strlen($_POST['firstNameOfPersonalUser']) < 1 || strlen($_POST['firstNameOfPersonalUser']) > 30)){ #Here we check to see if the information entered into the field firstNameOfPersonalUser (i.e. their first name) is less than 1 character or greater than 30 characters. $errors[] = 'You have either entered a name that is either too short or too long. Names can only be more than 1 character or less than or equal to 30 characters. If you think an exception applies to your case, please contact support@churchmapped.com'; #If the number of characters entered into the field firstNameOfPersonalUser is less than 1 character or more than 30 characters, we add this to the errors array. In the event that a user does in fact have a name longer than 30 characters, we urge them to contact us. We use the mailto attribute to make it easier for the user to contact us. } ##This segment deals with information entered into the middle name field (middleNameOfPersonalUser) elseif(isset($_POST['middleNameOfPersonalUser']) && (preg_match($patternForAlphabeticalOrder, $_POST['middleNameOfPersonalUser']) == 0 || !preg_match($patternForAlphabeticalOrder, $_POST['middleNameOfPersonalUser']))){ #Unlike the first name field, we do not first to check whether or not information has been entered (a la if(!isset($_POST['middleNameOfPersonalUser'])){}) because the middle name of the user is not a required field so we don't have to check for whether information has been entered at all. Instead, we skip to check the following - in a situation where the user has indeed entered information regarding their middle name, does it contain any alphabetical characters or not? If not, then this might mean the middle name is bogus and so we proceed to adding to the $errors[] array. $errors[] = "Your middle name must contain at least one alphabetical character."; } elseif(isset($_POST['middleNameOfPersonalUser']) && (strlen($_POST['middleNameOfPersonalUser']) < 1 || strlen($_POST['middleNameOfPersonalUser']) > 30) ){ $errors[] = 'You have either entered a middle name that is either too short or too long. Middle names can only be more than 1 character or less than or equal to 30 characters. If you think an exception applies to your case, please contact support@churchmapped.com'; #If the number of characters entered into the field middleNameOfPersonalUser is less than 1 character or more than 30 characters, we add this to the errors array. In the event that a user does in fact have a middle name longer than 30 characters, we urge them to contact us. We use the mailto attribute to make it easier for the user to contact us. } ##This segment deals with information entered into the surname field (surnameOfPersonalUser) elseif(!isset($_POST['surnameOfPersonalUser'])){ #Here we check to see if the surname field has been entered. It is a required field. $errors[] = 'You must enter your surname. Here at ChurchMapped, we are truly committed to diversity and cultural understanding and understand that some cultures do not have a surname. If you believe this applies to you, please contact support@churchmapped.com. For anything else, or if you believe this is an error, please also contact support@churchmapped.com.'; } elseif(isset($_POST['surnameOfPersonalUser']) && (preg_match($patternForAlphabeticalOrder, $_POST['surnameOfPersonalUser']) == 0 || !preg_match($patternForAlphabeticalOrder, $_POST['surnameOfPersonalUser']))){ #Here we check to see if the surname contains any alphabetical letters or not. If it doesn't, then it doesn't appear to be a surname and so we issue an error statement notifying the user it doesn't appear to be a surname. $errors[] = 'This doesn\'t appear to be a surname. Please enter a valid surname. If you think this is an error, please contact support@churchmapped.com.'; } elseif(isset($_POST['surnameOfPersonalUser']) && (strlen($_POST['surnameOfPersonalUser']) < 1 || strlen($_POST['surnameOfPersonalUser']) > 30)){ $errors[] = 'You have either entered a surname that is either too short or too long. Surnames can only be more than 1 character or less than or equal to 30 characters. If you think an exception applies to your case, please contact support@churchmapped.com'; } #This begins the segment for the day of the birth of the personal user elseif(!isset($_POST['dayOfBirthOfPersonalUser'])){ #Here we check to see if the user has entered a value for their day of birth. If not, we add to the errors array and inform the user they need to enter a day for their birthday. $errors[] = 'Please enter a day for your birthday.'; } elseif(isset($_POST['dayOfBirthOfPersonalUser']) && !is_numeric($_POST['dayOfBirthOfPersonalUser'])){ #Here we check that the day of birth for the user has been entered and check to see that the day of birth is an integer (days run from 1-31). If not, then we issue a statement in the errors array indicating to the user that they must enter a valid date. $errors[] = 'Please enter a whole number for your birthday'; } elseif(isset($_POST['dayOfBirthOfPersonalUser']) && ($_POST['dayOfBirthOfPersonalUser'] < 1 || $_POST['dayOfBirthOfPersonalUser'] > 31)){ $errors[] = 'Please enter a valid day of the month. Valid dates run from 1 through to 31'; } #This begins the segment for the month of the birth of the personal user elseif(!isset($_POST['monthOfBirthOfPersonalUser'])){ #This checks to see if the month has been filled in for the personal user. $errors[] = 'Please enter a month for your birthday.'; } elseif(isset($_POST['monthOfBirthOfPersonalUser']) && !is_numeric($_POST['monthOfBirthOfPersonalUser'])){ #This checks that in the situation the month of birth the personal user has been entered, that the value is in fact an integer. If it is not, we pass a message to the errors array. $errors[] = 'Please enter a whole number for the month in which you were born.'; } elseif(isset($_POST['monthOfBirthOfPersonalUser']) && ($_POST['monthOfBirthOfPersonalUser'] < 1 || $_POST['monthOfBirthOfPersonalUser'] > 12)){ #Here we check to ensure that a user has not submitted a spurious value - a month cannot be less than 1 (January) or greater than 12 (December) in the prevailing calendar system (Gregorian) $errors[] = 'Please enter a valid month. Valid months run from 1 through to 12'; } #This begins the segment for the year of the birth of the personal user elseif(!isset($_POST['yearOfBirthOfPersonalUser'])){ $errors[] = 'Please enter a year for your birthday'; } elseif(isset($_POST['yearOfBirthOfPersonalUser']) && !is_numeric($_POST['yearOfBirthOfPersonalUser'])){ #This checks whether the year of birth of the personal user is an integer. $errors[] = 'Please enter a whole number for the year in which you were born.'; } # In relation to the year of birth, we check to see if the user is above 18. elseif(isset($_POST['yearOfBirthOfPersonalUser']) && ($_POST['yearOfBirthOfPersonalUser'] > $minimumAge)){ #Here we check to see if the user is above 18 years old. This is done by checking whether the value entered into yearOfBirthOfPersonalUser is greater than the minimumAge, which we calculate by subtracting 18 from the current date (e.g. 2021-18 = 2003). In other words, and using the example of 2021 as the current year, if the user has entered, say, 2004 in yearOfBirthOfPersonalUser, because 2004 > $minimumAge (i.e. 2021-18 = 2003), we issue an error notifying the user that they are too young. $errors[] = 'You must be at least 18 years of age in order to join the ChurchMapped platform.'; } elseif(isset($_POST['yearOfBirthOfPersonalUser']) && ($_POST['yearOfBirthOfPersonalUser'] < $maximumAge)){ #Here we check to see if the age entered is spurious, that is, it is seemingly old like 400 years old then we issue an error *but* inform the user that if the age is in fact accurate, they should contact us on support@churchmapped.com. We calculate the value for $maximumAge by taking the current year and subtracting by 125 (in our view, anything more than 125 years old seems odd, to say the least). If the value entered by the user for yearOfBirthOfPersonalUser is less than the value in maximumAge, we issue the error (e.g. if the user entered 1000 as their birthday and $maximumAge is given by 2021-125 = 1896. In such instances, the date is spurious. $errors[] = 'This doesn\'t seem like a real birth year. If it is in fact accurate, please contact us on support@churchmapped.com'; } elseif(!checkdate(intval($_POST['monthOfBirthOfPersonalUser']), intval($_POST['dayOfBirthOfPersonalUser']), intval($_POST['yearOfBirthOfPersonalUser']))){ #Here we check to see if the date entered is in fact legitimate. For example, based on how our form is constructed, a person could submit a date such as February 31 1982. This might pass the checks above, but the checkdate() function in PHP will invalidate it. This prevents bogus date entries. $errors[] = 'This does not seem to be a real date. Please enter a valid date. If you believe this is an error, please contact us on support@churchmapped.com'; } #This deals with the handle for the ChurchMapped user. Note that in the database itself, we do not use the @ character. Furthermore, note that this is also tested in the AJAX file but all it does is communicate to the user that the handle is not permitted. It is the code down below in PHP that actually prevents the user from using the elseif(!isset($_POST['churchmappedHandleOfPersonalUser'])){ #Here we check to see that the user has entered information into the ChurchMapped user handle field. $errors[] = 'You must enter a handle for your profile on ChurchMapped'; } elseif(isset($_POST['churchmappedHandleOfPersonalUser']) && (strlen($_POST['churchmappedHandleOfPersonalUser']) < 1 || strlen($_POST['churchmappedHandleOfPersonalUser']) > 20)){ $errors[] = 'Your handle is either too short or too long. Handles must be a minimum of 1 character and a maximum of 20 characters. Note that this restriction does not include the \'@\' character'; } elseif($_POST['churchmappedHandleOfPersonalUser'] == "God" || $_POST['churchmappedHandleOfPersonalUser'] == "ChurchMapped" || $_POST['churchmappedHandleOfPersonalUser'] == "Admin" || $_POST['churchmappedHandleOfPersonalUser'] === "NULL" || preg_match($patternForChurchMappedUserName, $_POST['churchmappedHandleOfPersonalUser'])){ #These are banned words that are not allowed on the platform. Note that we use three equal signs with regards to checking for the value "NULL" because we want to communicate to PHP that we are checking *precisely* for the string called NULL. Please look into the difference between two equals signs and three as far as PHP is concerned. $errors[] = 'This is not a permitted handle. Please use another'; } elseif(preg_match($patternForExpletives, $_POST['churchmappedHandleOfPersonalUser'])){ #Here we check for expletives in the ChurchMapped handle. If it contains, or seems to contain a swear word, we issue a statement notifying the user that we do not permit expletives in their handle. However, we have to be mindful of the fact that sometimes foreign names might be swear words in English; to that end, we communicate to the user to contact support@churchmapped.com so that we can look into this manually. $errors[] = 'Please revise your handle. We do not permit expletives in our handles. If you think this is a mistake, please contact support@churchmapped.com and we will look into this for you'; } elseif(preg_match($patternForProhibitedCharacters, $_POST['churchmappedHandleOfPersonalUser'])){ #Here we check to see if the handle contains prohibited characters. We do this by using the pattern ([^a-zA-Z_]) which matches all characters except lowercase and uppercase alphabetical characters and the underscore. If this preg_match returns true, then we know the handle contains a prohibited character and so we issue an error statement. It should be reiterated this regex matches only unicode-complaint characters, which is what we want. $errors[] = 'This is not a permitted handle. Handles may only contain characters from the alphabet (A-Z and a-z), numbers and an underscore. Please revise your handle'; } elseif(!empty($checkIfChurchMappedHandleIsAvailable)){ $errors[] = 'Sadly, it seems that this handle has already been taken. Please consider another'; } elseif(!isset($_POST['emailOfPersonalUser'])){ #We use this to check if the user has entered any information into the email field at all. $errors[] = 'The email address is a required field. Please fill it in'; } elseif(isset($_POST['emailOfPersonalUser']) && (strlen($_POST['emailOfPersonalUser']) < 1 || strlen($_POST['emailOfPersonalUser']) > 40)){ #Here we check for the string length of the email address. Currently we only accept email address with a minimum of 1 character (though I don't even think an email address of 1 character is even possible, and a maximum of 40 characters. $errors[] = 'Your email address appears to be either too short or too long. We can accept input with a minimum of 1 character and a maximum of 40 characters. Please revise'; } elseif(isset($_POST['emailOfPersonalUser']) && !filter_var($_POST['emailOfPersonalUser'], FILTER_VALIDATE_EMAIL)){ #The filter_var function in PHP checks to see if the email address is in fact an email address. If it is not, we issue an error statement. Note, however, that this function is defective in some minor respects because email validation is complicated and so it might reject a perfectly acceptable email. See this on StackOverflow: https://stackoverflow.com/questions/19220158/php-filter-validate-email-does-not-work-correctly. In such instances, we should communicate to the user that they can communicate with support@churchmapped.com and we will look into the issue. $errors[] = 'Your email address appears to be invalid. If this is a mistake, please consult support@churchmapped.com and we will look into this for you'; } elseif(!empty($checkIfEmailIsAvailable)){ #Here we check to see if the email is already in the database $errors[] = 'It seems we already have this email address. Accounts are restricted to one email per user per user type (personal or business). If you have forgotten your password, please press the \'Forgotten Password\' button'; } #Here we check for the password that has been entered and whether it is suitable. Don't forget to hash all passwords. elseif(!isset($_POST['passwordOfPersonalUser'])){ #Here we check to see that the user has in fact entered a password. If not, we issue an error statement. $errors[] = 'Please enter a password. This is a requirement'; } elseif(isset($_POST['passwordOfPersonalUser']) && isset($_POST['confirmPasswordOfPersonalUser']) && strcmp($_POST['passwordOfPersonalUser'], $_POST['confirmPasswordOfPersonalUser']) != 0){ #The strcmp compares two strings. If the value is 0, then they are equal, according to w3Schools. So if it is not equal to 0, then the two strings are unequal. Note that strcmp is case-sensitive. $errors[] = 'The password you entered into the password field is not the same as the password entered into the Confirm Password field. Please check and revise to ensure they are the same'; } elseif(isset($_POST['passwordOfPersonalUser']) && (strlen($_POST['passwordOfPersonalUser'])) < 6 || strlen($_POST['passwordOfPersonalUser']) > 15 ){ #Here we check to ensure that the password length is a minimum of 6 characters and a maximum of 15 characters. $errors[] = 'The password you entered is either too short or too long. Passwords must be between 6 and 15 characters (all inclusive)'; } elseif(isset($_POST['passwordOfPersonalUser']) && (preg_match($patternForAlphabeticalOrder, $_POST['passwordOfPersonalUser']) == 0 || !preg_match($patternForAlphabeticalOrder, $_POST['passwordOfPersonalUser']) )){ #Here we check to see if the password features at least one alphabetical character $errors[] = 'Your password does not contain an alphabetical letter. Please use at least one alphabetical character as your password'; } elseif(isset($_POST['passwordOfPersonalUser']) && (preg_match($patternForSpecialCharacters, $_POST['passwordOfPersonalUser']) == 0 || !preg_match($patternForSpecialCharacters,$_POST['passwordOfPersonalUser']))){ #Here we check to see that the password contains at least one special character $errors[] = 'Your password does not contain any special characters. Please include a special character(s) in your password. Examples of special characters include ! ; £ and so on'; } elseif(isset($_POST['passwordOfPersonalUser']) && (preg_match($patternForConsecutiveCharacters, $_POST['passwordOfPersonalUser']) == 1)){ #Here we check to see that the password does not contain consecutive characters. We have this requirement for cybersecurity purposes and to prevent users from using simple passwords like abc123, and so on. How this works is that if this *does* detect consecutive characters, it we issue an error statement. $errors[] = 'Your password contains consecutive characters. We take cybersecurity at ChurchMapped seriously and therefore cannot allow a password with consecutive characters. Please revise'; } elseif(isset($_POST['passwordOfPersonalUser']) && (preg_match($patternForNumbers, $_POST['passwordOfPersonalUser']) == 0 || !preg_match($patternForNumbers, $_POST['passwordOfPersonalUser']))){ $errors[] = 'Your password does not contain any numbers. Please include at least one number in your password'; } #This begins the segment for the confirmPasswordOfPersonalUser field elseif(!isset($_POST['confirmPasswordOfPersonalUser'])){ #Here we deal with the situation where the user has not entered any information into the Confirm Password field. $errors[] = 'You must enter a value in the Confirm Password field. This is a required field'; } #Because we have already added an elseif(){} statement above to check for whether the password is identical to the information entered into the confirm password field, there is no need to repeat it here for the Confirm Password field because if A = B then B = A. elseif(isset($_POST['confirmPasswordOfPersonalUser']) && (strlen($_POST['confirmPasswordOfPersonalUser']) < 6 || strlen($_POST['confirmPasswordOfPersonalUser']) > 15)){ #Here we check that the confirm password length is a minimum of 6 characters and a maximum of 15 characters. $errors[] = 'To confirm your password, it must be a minimum of 6 characters and a maximum of 15 characters. Please revise'; } elseif(isset($_POST['confirmPasswordOfPersonalUser']) && (preg_match($patternForAlphabeticalOrder, $_POST['confirmPasswordOfPersonalUser']) == 0 || !preg_match($patternForAlphabeticalOrder, $_POST['confirmPasswordOfPersonalUser']) )){ #Here we check to see if the confirm password field features at least one alphabetical character $errors[] = 'The information entered in the Confirm Password area does not contain an alphabetical letter. Please use at least one alphabetical character as your password'; } elseif(isset($_POST['confirmPasswordOfPersonalUser']) && (preg_match($patternForSpecialCharacters, $_POST['confirmPasswordOfPersonalUser']) == 0 || !preg_match($patternForSpecialCharacters, $_POST['confirmPasswordOfPersonalUser']))){ #Here we check to see if he confirm password field contains at least one special character $errors[] = 'The Confirm Password field must contain at least one special character. Please include a special character(s) in the Confirm Password field. Examples of special characters include ! ; £ and so on'; } elseif(isset($_POST['confirmPasswordOfPersonalUser']) && preg_match($patternForConsecutiveCharacters, $_POST['confirmPasswordOfPersonalUser'])){ $errors[] = 'The Confirm Password field contains consecutive characters. We take cybersecurity at ChurchMapped seriously and therefore cannot allow a password with consecutive characters. Please revise'; } elseif(isset($_POST['confirmPasswordOfPersonalUser']) && (preg_match($patternForNumbers, $_POST['confirmPasswordOfPersonalUser']) == 0 || !preg_match($patternForNumbers, $_POST['confirmPasswordOfPersonalUser']))){ $errors[] = 'The Confirm Password field does not contain any numbers. Please revise the Confirm Password area by including at least one number'; } # Careful attention should be paid to this following comment. One of the good things about using option values for countries rather than actual name (i.e. option value = "1" instead of option value = "Afghanistan") is that it deters knowledgable users from tampering with the value because a value *has* to be an integer. If the user gives a value greater than the accepted values (corresponding to the number of countries) e.g. "1000", the value simply won't work. And if a user tries to give a value of less than 1, it won't work either. Now, if we used string values as the option value (e.g. option value = "Afghanistan" instead of option value = "1"), it would allow users to tamper with this and submit spurious values that aren't countries, or even worse, expletives and other things. Integer values prevent this. (Admittedly, there are defence mechanisms that can prevent this (for example, casting all the countries into an array and then checking whether the ), but they are much more complicated than is worth. #This part deals with the country of residence of the user. It is a required field. elseif(!isset($_POST['countryOfPersonalUser'])){ #Here we check to see that the user has actually submitted a country. The country of residence is a required field. $errors[] = 'We need your country of residence. Please provide this in order to join the ChurchMapped platform'; } elseif(isset($_POST['countryOfPersonalUser']) && !is_numeric(intval($_POST['countryOfPersonalUser']))){ #Here we check to see that the countryOfPersonalUser is an integer (we use an integer in the option value because the value on the database for the column country_of_residence_of_user_on_churchmapped is tinyint(3). $errors[] = 'This is not a country we recognise. Please provide a country we recognise. If you believe this is an error, please contact support@churchmapped.com'; } elseif(isset($_POST['countryOfPersonalUser']) && $_POST['countryOfPersonalUser'] < 1){ #Here we check to ensure that the option value is not less than 1 (the first country is Afghanistan - however, note that where a new country has been formed or Afghanistan changes its name, we need to change this too). If it is, this an indication that something is wrong...most likely, the user is trying to tamper with the fields. $errors[] = 'We don\'t recognise this country. The first country we have on our list is Afghanistan. Please review this, or if you think this is a mistake, please contact support@churchmapped.com'; #Where the first country in our database changes (e.g. due to the creation of a new country), then we should change "Afghanistan" to that country. } elseif(isset($_POST['countryOfPersonalUser']) > $numberOfCountries){ #Here we check to ensure that the value entered is not greater than the maximum number of countries we have on our database. If it is, then the value the user posted is spurious. $errors[] = 'We don\'t recognise this country. The last country we have on our list is Zimbabwe. Please review this, or if you think this is a mistake, please contact support@churchmapped.com'; #Where the last country in our database changes (e.g. due to the creation of a new country), then we should change "Zimbabwe" to that country. } # This part deals with the continent of residence of user. It is a required field. elseif(!isset($_POST['continentOfPersonalUser'])){ #Here we check to see if the user has submitted a continent where they live. The continent where they live is a required value. $errors[] = 'You need to fill in the continent that you live in. Please provide the continent in which you live in'; } elseif(isset($_POST['continentOfPersonalUser']) && !is_numeric(intval($_POST['continentOfPersonalUser']))){ #We are expecting an integer for the continent in which the user is based (because the value in the database for the column continent_of_residence_of_churchmapped_user, which is of TINYINT type. $errors[] = 'This is not a continent we recognise. Please provide a continent we recognise. If you believe this is an error, please contact support@churchmapped.com'; } elseif(isset($_POST['continentOfPersonalUser']) && $_POST['continentOfPersonalUser'] < 1){ #Here we check to ensure that the option value for the continent of the residence of the personal user is not less than 1 (the first continent is Africa - however, note that where a new continent has been formed or Africa changes its name, we need to change this too). If it is, this is an indication that something is wrong...most likely, the user is trying to tamper with this value $errors[] = 'We don\'t recognise this continent. The first continent we have on our list is Africa. Please review this, or if you think this is a mistake, please contact support@churchmapped.com'; #Where the first continent in our database (by alphabetical order) changes (e.g. due to the creation of a new continent or the renaming of the continent), then we should change "Africa" to that continent. } elseif(isset($_POST['continentOfPersonalUser']) && $_POST['continentOfPersonalUser'] > $numberOfContinents){ #Here we check to ensure that the value entered is not greater than the maximum number of continents we have on our database. If it is, the value the user posted is spurious. $errors[] = 'We don\'t recognise this continent. The last continent we have on our list is South America. Please review this, or if you think this is a mistake, please contact support@churchmapped.com'; #Where the last continent in our database changes (e.g. due to the creation of a new continent), then we should change "South America" to that continent. } #This part deals with the country where the user works. Note that this is an optional field, unlike the country where the user resides. Because of this, we do not need to check if the user has posted the $_POST['countryOfWorkOfPersonalUser'] as with other variables. elseif(isset($_POST['countryOfWorkOfPersonalUser']) && !is_numeric(intval($_POST['countryOfWorkOfPersonalUser']))){ #Here we check to see whether $_POST['countryOfWorkOfPersonalUser'] is an integer. This is because country_of_place_of_work_of_user_on_churchmapped is of the type TINYINT. If it is not an integer, then it is possible the user is trying to tamper with the value. $errors[] = 'This is not a country we recognise. Please provide a country we recognise. If you believe this is an error, please contact support@churchmapped.com'; } elseif(isset($_POST['countryOfWorkOfPersonalUser']) && $_POST['countryOfWorkOfPersonalUser'] < 1){ #Here we check to see whether $_POST['countryOfWorkOfPersonalUser'] is less than 1. This is a spurious value because values begin from 1 (i.e. Afghanistan - although note that where a new country is formed and precedes Afghanistan or Afghanistan changes its name, the country corresponding to 1 will change. $errors[] = 'We don\'t recognise this country. The first country we have on our list is Afghanistan. Please review the place in which you work, or if you think this is a mistake, please contact support@churchmapped.com'; #Where the first country in our database changes (e.g. due to the creation of a new country), then we should change "Afghanistan" to that country. } elseif(isset($_POST['countryOfWorkOfPersonalUser']) && $_POST['countryOfWorkOfPersonalUser'] > $numberOfCountries){ #Here we check to see whether $_POST['countryOfWorkOfPersonalUser'] is greater than the number of countries. If it is, this indicates that perhaps the user is trying to tamper with the value of countries. $errors[] = 'We don\'t recognise this country. The last country we have on our list is Zimbabwe. Please review the place in which you work, or if you think this is a mistake, please contact support@churchmapped.com'; #Where the last country in our database changes (e.g. due to the creation of a new country), then we should change "Zimbabwe" to that country. } #This part deals with the continent where the user works. Note that this is an optional field, unlike the continent where the user resides. Because of this, we do not need to check if the user has posted the $_POST['continentOfWorkOfPersonalUser'] as we might need to do with the continent of residence of the personal user. elseif(isset($_POST['continentOfWorkOfPersonalUser']) && !is_numeric(intval($_POST['continentOfWorkOfPersonalUser']))){ #Here we check to see whether $_POST['continentOfWorkOfPersonalUser'] is an integer. This is because continent_of_place_of_work_of_churchmapped_user is of type TINYINT. $errors[] = 'This is not a continent we recognise. Please provide a continent where you work which we recognise. If you believe this is an error, please contact support@churchmapped.com'; } elseif(isset($_POST['continentOfWorkOfPersonalUser']) && $_POST['continentOfWorkOfPersonalUser'] < 1){ #Here we check to see whether $_POST['continentOfWorkOfPersonalUser'] is les than 1. This is a spurious value because values begin from 1. $errors[] = 'We don\'t recognise this continet. The first continent we have on our list is Africa. Please review this, or if you think this is a mistake, please contact support@churchmapped.com'; #Where the first continent in our database (by alphabetical order) changes (e.g. due to the creation of a new continent or the renaming of the continent), then we should change "Africa" to that continent. } elseif(isset($_POST['continentOfWorkOfPersonalUser']) && $_POST['continentOfWorkOfPersonalUser'] > $numberOfContinents){ #Here we check to see if the options value of the continents comports with the number of continents. If not, then this is an indication that the user is perhaps attempting to tamper with the field . $errors[] = 'We don\'t recognise this continent. The last continent we have on our list is South America. Please review the continent in which you work, or if you think this is a mistake, please contact support@churchmapped.com'; #Where the last continent in our database changes (e.g. due to the creation of a new continent), then we should change "South America" to that continent. } #This section deals with Address Line 1. This is a required field, so we have to check that the user has in fact posted the first line of address elseif(!isset($_POST['addressLineOneOfPersonalUser'])){ #Here we check to see if the user has submitted the first line of their address. If not, then we issue an error statement. $errors[] = 'You have not filled in the first line of your address. This is a requirement in joining the ChurchMapped platform. Please fill this in and re-submit'; } elseif(isset($_POST['addressLineOneOfPersonalUser']) && (strlen($_POST['addressLineOneOfPersonalUser']) < 1 || strlen($_POST['addressLineOneOfPersonalUser']) > 50)){ #Here we check to ensure that the address fits within the limit we have set of 50 characters. If it is more than this, something is wrong. Similarly, we check here to ensure that the length of address line one is not less than 1. It is possible in rare cases that the first line of address might be even longer than 50 characters; due to this, although we issue an error statement, we communicate to the user that if it seems there is an issue, they should contact support@churchmapped.com $errors[] = 'You have entered an address that is either too short or too long. The first line of address must be between 1 and 50 characters long (all inclusive). If, however, the first line of your address does not fit this requirement, please contact support@churchmapped.com so that we can look into this for you'; } # This section deals with Address Line 2. Note that this is *NOT* a required field. Therefore, there is no need to check first whether the user has in fact submitted this value. In other words, the only thing we will be checking here is the string length. elseif(isset($_POST['addressLineTwoOfPersonalUser']) && !empty($_POST['addressLineTwoOfPersonalUser']) && (strlen($_POST['addressLineTwoOfPersonalUser']) < 1 || strlen($_POST['addressLineTwoOfPersonalUser']) > 50)){ #Here we check to see that the address line 2, if (and I must stress, *if*) it is submitted, is between 1 and 50 characters. Like the first line of address, there is a possibility that the second line of address might in fact be genuinely longer than this constraint, so when we issue the error statement, we inform the user that they can contact support@churchmapped.com if they believe this is an error. We use the empty() method because even in the absence of any data, the form posts *everything*. Basically what we try to see is whether the second line of address has any data connected to it - if not, then we check to see the string length. $errors[] = 'You have entered an address that is either too short or too long. The second line of address must be between 1 and 50 characters long (all inclusive). If, however, the second line of your address does not fit this requirement, please contact support@churchmapped.com so that we can look into this for you.'; } # This section deals with Address Line 3. Note that this is *NOT* a required field. Therefore, there is no need to check first whether the user has in fact submitted this value. In other words, the only thing we will be checking here is the string length. elseif(isset($_POST['addressLineThreeOfPersonalUser']) && !empty($_POST['addressLineThreeOfPersonalUser']) && (strlen($_POST['addressLineThreeOfPersonalUser']) < 1 || strlen($_POST['addressLineThreeOfPersonalUser']) > 50)){ #Here we check to see that the address line 3, if (and I must stress, *if*) it is submitted, is between 1 and 50 characters. Like the first line of address, there is a possibility that the third line of address might in fact be genuinely longer than this constraint, so when we issue the error statement, we inform the user that they can contact support@churchmaped.com if they believe this is an error. We use the empty() method because even in the absence of any data, the form posts *everything*. Basically what we try to see is whether the third line of address has any data connected to it - if not, then we check to see the string length. $errors[] = 'You have entered an address that is either too short or too long. The third line of address must be between 1 and 50 characters (all inclusive). If, however, the third line of your address does not fit this requirement, please contact support@churchmapped.com so that we can look into this for you.'; } #This section deals with the City. This is a *required* field. Therefore, we need to check if the user has in fact submitted a value for city. To ensure that a user doesn't submit just whitespace or unusual characters so as to avoid providing their city, we use the preg_match() function as well to ensure that at least one alphabetical character is included in the City (because all cities have at least one alphabetical character). Having said this though, we should be sure to communicate to the user that they can contact us on support@churchmapped.com if they think this is a mistake because it might happen that a user enters non-English characters into the City field and it's registered by the preg_match() function as no alphabetical characters being used (because RegEx functions are built only with English characters in mind). The pattern we use is set to a variable called $patternForAlphabeticalOrder and the regular expression is /[a-zA-Z]+/ . elseif(!isset($_POST['cityOfPersonalUser'])){ #Here we check to see if the user has submitted the city in which they are based. If they haven't, we issue an error statement. $errors[] = 'You have not entered the city in which you are based. This is a requirement. Please revise your submission'; } elseif(isset($_POST['cityOfPersonalUser']) && (preg_match($patternForAlphabeticalOrder, $_POST['cityOfPersonalUser']) == 0 || !preg_match($patternForAlphabeticalOrder, $_POST['cityOfPersonalUser']))){ #Here we check to see if the City field contains at least one alphabetical character, to prevent spurious submissions. However, it is possible, because of the way regular expressions work and how they are tailored for the English language, that a preg_match() function returns 0 even though a legitimate character is used but it just so happens to be non-English. Whilst there is an mb_len() function, in my opinion, it is better to simply request the user to email support@churchmapped.com and we will manually add the user into the database. $errors[] = 'This city does not seem to contain any characters we require. Please revise, or if you think this is an error, please contact support@churchmapped.com so that we can look into this'; } elseif(isset($_POST['cityOfPersonalUser']) && !empty($_POST['cityOfPersonalUser']) && (strlen($_POST['cityOfPersonalUser']) < 1 || strlen($_POST['cityOfPersonalUser']) > 50)){ #Here we check to see that the city entered by the personal user is within the character limit we have set for the City field between 1 and 50 characters. In the event the city field is longer than 50 characters for some reason, we issue an error statement but state within it that if the user thinks this is an error, they should speak to us via support@churchmapped.com $errors[] = 'The name you have provided for your city has either too few or too many characters. Please do revise this, or if you think this is a mistake, please contact support@churchmapped.com so that we can look into this'; } #This section deals with Postcode. Interestingly, this is not a required field and we have not set it to be a required field. The reason for this is because some places in the world - the most famous of this being the Republic of Ireland - have no postcode. Therefore, we shouldn't require it. Therefore, there is no need to check here whether the user has submitted. The only thing we need to check for in this section is whether the postcode is within the character limit we have set of 1 and 15 characters (all inclusive) *where the user has submitted information relating to their postcode. As with the first line of address and other fields in this registration form, when we provide the error statement, we have to communicate to the user that they should contact support@churchmapped.com if they believe they are seeing this in error. elseif(isset($_POST['postcodeOfPersonalUser']) && (strlen($_POST['postcodeOfPersonalUser']) < 1 || strlen($_POST['postcodeOfPersonalUser']) > 15)){ $errors[] = 'Your postcode/zipcode seems either too short or too long. Please do revise this, or if you think this is a mistake, please contact support@churchmapped.com so that we can look into this'; } # This section deals with the terms and conditions. It is arguably the most important part, together with the privacy policy. We need to check two things. The first, whether the user has submitted (i.e. "checked") at all the Terms and Conditions. The second is whether the value of the Terms & Conditions is an integer. The value of the Terms & Conditions is an integer because this corresponds to the version/id number of the legal document in question on our database. elseif(!isset($_POST['termsAndConditionsVersionForPersonalUser'])){ #Here we check to see if the user agrees to the terms and conditions. Note that where we update the Terms & Conditions, we have to update this area as well. $errors[] = 'You have not indicated whether or not you agree with the Terms and Conditions. It is a condition of using the ChurchMapped platform that you agree to the Terms and Conditions. Please check the box to indicate you agree to the Terms & Conditions'; } elseif(isset($_POST['termsAndConditionsVersionForPersonalUser']) && !is_numeric($_POST['termsAndConditionsVersionForPersonalUser'])){ #Here we check to see if the Terms & Conditions is an integer. If not, this is an indication it is a spurious value because the value we send to the database is an integer (not actually the text of the Terms & Conditions itself!) $errors[] = 'We do not understand this value for the Terms & Conditions. Please contact support@churchmapped.com for assistance'; } #This section deals with the privacy policy. Like the Terms & Conditions, it is also arguably the most important part. We need to check two things. The first, whether the user has submitted (i.e. "checked") at all the Privacy Policy. The second is whether the value of the Privacy Policy is an integer. The value of the Privacy Policy is an integer because this corresponds to the version/id number of the legal document in question on our database. elseif(!isset($_POST['privacyPolicyVersionForPersonalUser'])){ #Here we check to see whether the user has indicated whether or not they agree to the privacy policy or not. Note that where we update the Privacy Policy, we have to update this area as well. $errors[] = 'You have not indicated whether or not you agree with our privacy policy. Please indicate your agreement in order to successfully join the ChurchMapped platform'; } elseif(isset($_POST['privacyPolicyVersionForPersonalUser']) && !is_numeric($_POST['privacyPolicyVersionForPersonalUser'])){ #Here we check to see if the Privacy Policy is an integer through the is_numeric() function. If not, this is an indication that it is a spurious value because the value we send to the database is an integer (not actually the text of the Privacy Policy itself!) $errors[] = 'We do not understand this value for the Privacy Policy. Please contact support@churchmapped.com for assistance.'; } #Once we have checked and validated all the user input, we begin the segment for the email and inputting the values into the database. if(empty($errors)){ #If there are no errors, we send an e-mail the user so that they can activate their account. However, note that the flow is different for users who opt for what we call a "protected" salutation - these include the following: echo 'Thank you for registering with ChurchMapped! We found no issues with your registration form at this stage. Please expect an email from us shortly.'; # - His Eminence # - His Highness # - Her Highness # - Beatitude # - Fr. # - Monsignor # - Deacon # - Mother # - Sister # - Brother # - Canon # - President # - Vice President # If the user is in any of these categories, we send the mail to support@churchmapped.com with all the user's information (i.e. basically all of $_POST) and we correspond with the user before activating their profile. However, where the user does not have a salutation that falls into these categories, we send the user an activation code in the GET variables. The activation code is comprised of two variables: $m and $d. $m signifies the email used to register. It is taken by using the method bin2hex() for the email address the user used when registering. For instance, the email babatunde.onabajo@churchmapped.com gives the hexadecimal value of 6261626174756e64652e6f6e6162616a6f406368757263686d61707065642e636f6d. $d is the date the user registered with and is given by date(Y-m-d) registered. If both values are correct, that is they match what is in our database, we activate the user by setting has_churchmapped_user_confirmed_email_address to 2 (by default, it is 1). We then send another mail (the script is in activateuser.html though on a local server this is activateuser.php for IDE purposes) informing them that their email address is now confirmed. if($_POST['salutationOfPersonalUser'] == "His Eminence" || $_POST['salutationOfPersonalUser'] == "His Higness" || $_POST['salutationOfPersonalUser'] == "Her Highness" || $_POST['salutationOfPersonalUser'] == "Beatitude" || $_POST['salutationOfPersonalUser'] == "Fr." || $_POST['salutationOfPersonalUser'] == "Monsignor" || $_POST['salutationOfPersonalUser'] == "Deacon" || $_POST['salutationOfPersonalUser'] == "Mother" || $_POST['salutationOfPersonalUser'] == "Sister" || $_POST['salutationOfPersonalUser'] == "Brother" || $_POST['salutationOfPersonalUser'] == "Canon" || $_POST['salutationOfPersonalUser'] == "President" || $_POST['salutationOfPersonalUser'] == "Vice President"){ #Here we deal with the situation of where the user uses a protected salutation. #We use the mail() function to send a mail to *both* the user and the support team at ChurchMapped. Where the user uses a protected salutation, we just send an email to the user notifying them that a registration was made and that we will be in touch shortly. *However*, this mail does not activate their account in any way; we have to do that manually. This is in start contrast to the situation where a user does not use a protected salutation, wherein we send an activation code to the user. # This section uses prepared statements to insert values into the database. These are the values we insert into the database together with the type in brackets: # 1 # salutation_of_user_on_churchmapped (s) - $_POST['salutationOfPersonalUser'] # 2 # first_name_of_user_on_churchmapped (s) - $_POST['firstNameOfPersonalUser'] # 3 # middle_name_of_user_on_churchmapped (s) - $_POST['middleNameOfPersonalUser'] # 4 # surname_of_user_on_churchmapped (s) - $_POST['surnameOfPersonalUser'] # 5 # date_of_birth_of_personal_churchmapped_user (s) - $_POST['yearOfBirthOfPersonalUser'] . - . $_POST['monthOfBirthOfPersonalUser'] . - . $_POST['dayOfBirthOfPersonalUser'] (we have to concatenate the values) # 6 # sex_of_user_on_churchmapped (i) - $_POST['genderOfPersonalUser'] # 7 # handle_of_user_on_churchmapped (s) - $_POST['churchmappedHandleOfPersonalUser'] # 8 # primary_email_of_user_on_churchmapped (s) - $_POST['emailOfPersonalUser'] # 9 # password_of_user_on_churchmapped (s) - $_POST['passwordOfPersonalUser'] (don't forget to hash this!) # 10 # has_churchmapped_user_confirmed_email_address (i) - this takes a value of 1 where the user has not yet confirmed their email; otherwise, where they have confirmed it, it is 2. This is an integer. # 11 # whether_user_requires_extra_authorisation (i) - This takes two values: 1 indicates not approved and 2 indicates approved. It is used for situations where a user uses a protected salutation such as Fr. # 12 # country_of_residence_of_user_on_churchmapped (i) - $_POST['countryOfPersonalUser'] (This is the country of residence of the user. It is an integer value because that is the value we use for the stored procedure which checks the integer against the ID in the corresponding table.) # 13 # country_of_place_of_work_of_user_on_churchmapped (i) - $_POST['countryOfWorkOfPersonalUser'] (This is the country of work of the user. It is an integer value because that is the value we use for the stored procedure which checks the integer against the ID in the corresponding table). # 14 # personal_address_line_one_of_user_of_churchmapped (s) - $_POST['addressLineOneOfPersonalUser'] # 15 # personal_address_line_two_of_user_on_churchmapped (s) - $_POST['addressLineTwoOfPersonalUser'] # 16 # personal_address_line_three_of_user_on_churchmapped (s) - $_POST['addressLineThreeOfPersonalUser'] # 17 # city_of_residence_of_user_on_churchmapped (s) - $_POST['cityOfPersonalUser'] # 18 # postcode_of_residence_of_user_on_churchmapped (s) - $_POST['postcodeOfPersonalUser'] # 19 # continent_of_residence_of_churchmapped_user (i) - $_POST['continentOfPersonalUser'] (This is the continent of residence of the user. It is an integer value because that is the value we use for the stored procedure which seeks the integer against the ID in the corresponding table). # 20 # continent_of_place_of_work_of_churchmapped_user (i) - $_POST['continentOfWorkOfPersonalUser'] (This is the continent of the place where the user works. It is an integer value because that is the value we use for the stored procedure which seeks the integer against the ID in the corresponding table) # 21 # date_and_time_of_registration_of_churchmapped_user (s) - This is the date and time the user registers. This is a special field in that it is not user generated. Rather, we create it ourselves on the backend using PHP's date("Y-m-d H:i:s") function. We set the type to string (s) for the purposes of our prepared statement below. # 22 # version_of_terms_and_conditions_agreed_to_by_churchmapped_user (i) - $_POST['termsAndConditionsVersionForPersonalUser'] # 23 # version_of_privacy_policy_agreed_to_by_churchmapped_user (i) - $_POST['privacyPolicyVersionForPersonalUser'] # 24 # ip_address_at_point_of_registration (s) - This is the IP address of the user when they register. This is a special field in that it is not user generated. Rather, we obtain it by accessing the file getuserip.php, which sets the IP address to a session variable and has already been validated by us and so we can be assured it can't be used for potential SQL injection attacks. The IP address is stored in the session variable $_SESSION['sessionIPAddress']. Note that when testing this on a local server, it might not work because the local server does not have an IP address per se. # 25 # date_and_time_of_version_of_agreement_to_terms_of_conditions (s) - This is the date and time at which a user agrees to the terms and conditions. # 26 # date_and_time_of_version_of_agreement_to_privacy_policy (s) - This is the date and time of the agreement to a particular privacy policy by the user. # bind_param: sssssisssiiiisssssiisiisss $passwordhash = "YouAreTheSaltOfTheEarthACityOnAHill!!!July2021"; #This is the hash we use for the password of the ChurchMapped user. We should not change this, or where we change it, we have to reset the password for all ChurchMapped users. This is strictly confidential. $stmt = $conn->prepare("INSERT INTO churchma_USERS_ON_CHURCHMAPPED.user_details_on_churchmapped(salutation_of_user_on_churchmapped, first_name_of_user_on_churchmapped, middle_name_of_user_on_churchmapped, surname_of_user_on_churchmapped, date_of_birth_of_personal_churchmapped_user, sex_of_user_on_churchmapped, handle_of_user_on_churchmapped, primary_email_of_user_on_churchmapped, password_of_user_on_churchmapped, has_churchmapped_user_confirmed_email_address, whether_user_requires_extra_authorisation, country_of_residence_of_user_on_churchmapped, country_of_place_of_work_of_user_on_churchmapped, personal_address_line_one_of_user_of_churchmapped, personal_address_line_two_of_user_on_churchmapped, personal_address_line_three_of_user_on_churchmapped, city_of_residence_of_user_on_churchmapped, postcode_of_residence_of_user_on_churchmapped, continent_of_residence_of_churchmapped_user, continent_of_place_of_work_of_churchmapped_user, date_and_time_of_registration_of_churchmapped_user, version_of_terms_and_conditions_agreed_to_by_churchmapped_user, version_of_privacy_policy_agreed_to_by_churchmapped_user, ip_address_at_point_of_registration, date_and_time_of_version_of_agreement_to_terms_of_conditions, date_and_time_of_version_of_agreement_to_privacy_policy) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param("sssssisssiiiisssssiisiisss", $salutationofuseronchurchmapped, $firstnameofuseronchurchmapped, $middlenameofuseronchurchmapped, $surnameofuseronchurchmapped, $dateofbirthofuseronchurchmapped, $sexofuseronchurchmapped, $handleofchurchmappeduser, $primaryemailofchurchmappeduser, $passwordofchurchmappeduser, $haschurchmappeduserconfirmedemailaddress, $whetheruserrequiresextraauthorisation, $countryofresidenceofuseronchurchmapped, $countryofplaceofworkofuseronchurchmapped, $personaladdresslineoneofuserchurchmapped, $personaladdresslinetwoofuserchurchmapped, $personaladdresslinethreeofuserchurchmapped, $cityofresidenceofuseronchurchmapped, $postcodeofresidenceofuseronchurchmapped, $continentofuseronchurchmapped, $continentofworkofuseronchurchmapped, $dateandtimeofregistrationofchurchmappeduser, $termsandconditionsagreedtobychurchmappeduser, $versionofprivacypolicyagreedtobychurchmappeduser, $ipaddressatpointofregistration, $dateandtimeofversionofagreementtotermsandconditions, $dateandtimeofversionofagreementtoprivacypolicy); #Don't forget to trim all the variables to remove whitespace; with the exception of password $salutationofuseronchurchmapped = trim($_POST['salutationOfPersonalUser']); #This is the salutation of the personal user on ChurchMapped $firstnameofuseronchurchmapped = trim($_POST['firstNameOfPersonalUser']); #This is the first name of the personal user on ChurchMapped $middlenameofuseronchurchmapped = trim($_POST['middleNameOfPersonalUser']); #This is the middle name of the personal user on ChurchMapped $surnameofuseronchurchmapped = trim($_POST['surnameOfPersonalUser']); #This is the surname of the personal user on ChurchMapped $dateofbirthofuseronchurchmapped = trim($_POST['yearOfBirthOfPersonalUser']) . '-' . trim($_POST['monthOfBirthOfPersonalUser']) . '-' . trim($_POST['dayOfBirthOfPersonalUser']); #This is the date of birth of the personal user on ChurchMapped $sexofuseronchurchmapped = trim($_POST['genderOfPersonalUser']); #This is the sex of the personal user on ChurchMapped $handleofchurchmappeduser = trim($_POST['churchmappedHandleOfPersonalUser']); #This is the handle of the ChurchMapped user $primaryemailofchurchmappeduser = trim($_POST['emailOfPersonalUser']); #This is the email address of the ChurchMapped user $passwordofchurchmappeduser = md5($passwordhash . $_POST['passwordOfPersonalUser']); #This is the password of the ChurchMapped user. Remember that we don't use the trim() function for the password. We also use the variable $passwordhash for the SALT. The password is stored in the database via the md5() function. $haschurchmappeduserconfirmedemailaddress = 1; #This variable is used for whether the ChurchMapped user has activated their account by clicking the link in the email. Note that in the situation where a user uses a protected salutation, we have to manually update this value in the database to 2. $whetheruserrequiresextraauthorisation = 1; #This is used for whether the user requires extra authorisation. Where a user uses a protected salutation such as "Fr.", we set this value to 1, which prevents the user with the protected salutation from logging in. It is only after we are happy with our checks do we manually change this to 2. However, this is different for users who are not using a protected salutation (e.g. Mr.). In this case, we set the value to 2. $countryofresidenceofuseronchurchmapped = trim(intval($_POST['countryOfPersonalUser'])); #We use the method intval() to ensure once again that the value is in fact an integer. We use the trim() method to remove any whitespace $countryofplaceofworkofuseronchurchmapped = trim(intval($_POST['countryOfWorkOfPersonalUser'])); #We use the method intval() to ensure that the value is in fact an integer. We use the trim() method to remove any whitespace $personaladdresslineoneofuserchurchmapped = trim($_POST['addressLineOneOfPersonalUser']); #This is the address line one of the personal user $personaladdresslinetwoofuserchurchmapped = trim($_POST['addressLineTwoOfPersonalUser']); #This is the address line two of the personal user $personaladdresslinethreeofuserchurchmapped = trim($_POST['addressLineThreeOfPersonalUser']); #This is the address line three of the personal user $cityofresidenceofuseronchurchmapped = trim($_POST['cityOfPersonalUser']); #This is the city of residence of the user on ChurchMapped $postcodeofresidenceofuseronchurchmapped = trim($_POST['postcodeOfPersonalUser']); #This is the postcode of the user on ChurchMapped $continentofuseronchurchmapped = trim(intval($_POST['continentOfPersonalUser'])); #This is the continent of residence of the user on ChurchMapped. We use the method intval() to ensure once again that the value is in fact an integer. We use the trim() method to remove any whitespace. $continentofworkofuseronchurchmapped = trim(intval($_POST['continentOfWorkOfPersonalUser'])); #This is the continent of the place of work of the user on ChurchMapped. We use the method intval() to ensure once again that the value is in fact an integer. We use the trim() method to remove any whitespace. $dateandtimeofregistrationofchurchmappeduser = date("Y-m-d H:i:s"); #This provides the date of the registation. Note that it is not user-generated. Furthermore, we do not need to use the trim() function here because it is not user-generated. $termsandconditionsagreedtobychurchmappeduser = trim(intval($_POST['termsAndConditionsVersionForPersonalUser'])); #This is the terms and conditions agreed to by the user $versionofprivacypolicyagreedtobychurchmappeduser = trim(intval($_POST['privacyPolicyVersionForPersonalUser'])); #This is the privacy policy agreed to by the ChurchMapped user $ipaddressatpointofregistration = $_SESSION['sessionIPAddress']; #This is the IP Address of the user, stored in the session variable. $dateandtimeofversionofagreementtotermsandconditions = date("Y-m-d H:i:s"); #This is the date and time at which a user agrees to the terms and conditions $dateandtimeofversionofagreementtoprivacypolicy = date("Y-m-d H:i:s"); #This is the date and time at which a user agrees to a particular privacy policy. #We finally insert the values into the database here wit the -> execute() method. $stmt->execute(); #This line of code fianlly executes the code above # Upon registration, we send an email to the user *and* support@churchmapped.com $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam = array(); #Here we create an array of the information relating to the user with a protected salutation. Note: We do not include their password, obviously! We use the implode() function and
for it to be included in the e-mail. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $salutationofuseronchurchmapped; #This is the salutation of the user on ChurchMapped $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $firstnameofuseronchurchmapped; #This is the first name of the user on ChurchMapped $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $middlenameofuseronchurchmapped; #This is the middle name of the user on ChurchMapped $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $surnameofuseronchurchmapped; #This is the surname of the user on ChurchMapped $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $dateofbirthofuseronchurchmapped; #This is the date of birth of the user on ChurchMapped $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $sexofuseronchurchmapped; #This is the sex of the user. Note that this is a number. It should be explained in the email. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $handleofchurchmappeduser; #This is the email of the user. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $primaryemailofchurchmappeduser; #This is the primary email address of the user. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $countryofresidenceofuseronchurchmapped; #This is the country of residence of the user in question. Note that this is an integer. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] =$countryofplaceofworkofuseronchurchmapped; #This is the country of work of the user in question. Note that this is an integer. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $personaladdresslineoneofuserchurchmapped; #This is the personal address (line one) of the user in question. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $personaladdresslinetwoofuserchurchmapped; #This is the personal address (line two) of the user in question. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $personaladdresslinethreeofuserchurchmapped; #This is the personal address (line three) of the user in question. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $cityofresidenceofuseronchurchmapped; #This is the city of residence of the user in question. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $postcodeofresidenceofuseronchurchmapped; #This is the postcode of the user in question. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $continentofuseronchurchmapped; #This is the continent of the user in question. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $continentofworkofuseronchurchmapped; #This is the continent of work of the user in question. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $dateandtimeofregistrationofchurchmappeduser; #This is the date and time of registration of the user in question. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $termsandconditionsagreedtobychurchmappeduser; #This is the version of the terms and conditions agreed to by the user in question. Note that this is an integer. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $versionofprivacypolicyagreedtobychurchmappeduser; #This is the version of the privacy policy agreed to by the user in question. Note that this is an integer. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $ipaddressatpointofregistration; #This is the IP address of the user in question $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $dateandtimeofversionofagreementtotermsandconditions; #This is the date and time the user agreed to the terms and conditions. $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam[] = $dateandtimeofversionofagreementtoprivacypolicy; #This is the date and time the user agreed to the privacy policy $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam = implode("

", $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam); #Here we send an email to support@churchmapped.com # The mail() function takes the following parameters: to, subject, message, headers, parameters $toSupportTeam = "support@churchmapped.com"; $subjectRelatingToUserWithProtectedSalutation = "IMMEDIATE ATTENTION. Please verify user: A user has registered with a protected salutation. His or her name is:" . " " . $_POST['salutationOfPersonalUser'] . " " . $_POST['firstNameOfPersonalUser'] . $_POST['surnameOfPersonalUser']; $path_of_the_logo = "https://www.churchmapped.com/churchmappedlogo.png"; $dateToday = date("l jS F Y"); $type = pathinfo($path_of_the_logo, PATHINFO_EXTENSION); $contentofimage = file_get_contents($path_of_the_logo); $image64 = "data:image/" . $type . ';base64,' . base64_encode($contentofimage); $messageRelatingToUserWithProtectedSalutation = '

' . '

' . ''. $dateToday . '

Dear ChurchMapped Team' . ',' . '' . '

' . 'A user with a protected salutation has recently registered on the platform. Protected salutations are salutations such as Fr. and His Eminence. Due to the nature of our platform, we have to perform extra checks on this user. Please contact the user at the email address provided by him/her, namely: ' . ' ' . '' . $_POST['emailOfPersonalUser'] . '

This is what they submitted in their registration form:' . $informationAboutUserWithProtectedSalutationToBeIncludedInEmailToSupportTeam . '. If you are satisfied that the user is genuine and has provided you with satisfactory evidence, you need to manually go to the database churchma_USERS_ON_CHURCHMAPPED.users_on_churchmapped and change the value of the column whether_user_requires_extra_authorisation to 2 and the value of the column has_churchmapped_user_confirmed_email_address to 2 as well. We then send another email to the user notifying them that they can now log in. This is vital. In the situation where the user has not provided evidence of themselves to a satisfactory standard, simply leave the values as they are; in extreme cases, alert the manager to identify the issue in cases where you suspect it might be due to fraud.' . 'The social network that aspires to do better ❤' . 'See our terms and conditions here.| See our privacy policy here.| Visit ChurchMapped here.' . 'ChurchMapped® Limited is a registered company in England and Wales. Our company number is 12329590 and our registered office is at 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom. We are on the register of data fee payers courtesy of the Information Commissioner\'s Office (ICO) and our data protection registration number is ZA603587. Our VAT number is 340128834.

'; $headersToSupportTeamAboutUserWithProtectedSalutation = array(); #This array contains the headers for the email. $headersToSupportTeamAboutUserWithProtectedSalutation[] = "Content-Type: text/html; charset=utf-8"; $headersToSupportTeamAboutUserWithProtectedSalutation[] = "From: Support - ChurchMapped Team "; $headersToSupportTeamAboutUserWithProtectedSalutation = implode("\r\n", $headersToSupportTeamAboutUserWithProtectedSalutation); #This adds a \r\n to each line, which we need when sending mail. $dateTodayForEmailToUser = date("l jS F Y"); #We use this to date our emails to staff. mail($toSupportTeam, $subjectRelatingToUserWithProtectedSalutation, $messageRelatingToUserWithProtectedSalutation, $headersToSupportTeamAboutUserWithProtectedSalutation); #This finally sends the email to the ChurchMapped Support team. ### Here we send an email to the user with the protected salutation to inform them that we will be in touch shortly to determine whether they are in fact genuine. $headersToUserWithProtectedSalutation = array(); $headersToUserWithProtectedSalutation[] = "Content-Type: text/html; charset=utf-8"; $headersToUserWithProtectedSalutation[] = "From: Support - ChurchMapped Team "; $headersToUserWithProtectedSalutation[] = implode("\r\n", $headersToUserWithProtectedSalutation); #This adds a \r\n to each line, which we need when sending mail. $toUserWithProtectedSalutation = trim($_POST['emailOfPersonalUser']); #We can safely use $_POST['emailOfPersonalUser'] because we have already sanitised it and this segment of code only fires when our validation checks have been performed. $subjectForUserWithProtectedSalutation = "Thank you for registering with ChurchMapped!"; $messageForUserWithProtectedSalutation = '

' . '

' . '
' . $dateTodayForEmailToUser . '

Dear ' . trim($_POST['salutationOfPersonalUser']) . ' ' . trim($_POST['firstNameOfPersonalUser']) . ' ' . trim($_POST['surnameOfPersonalUser']) . ',' . '' . '

' . 'Thank you so much for registering on the ChurchMapped platform! We\'re delighted you would like to join the social network that truly cares. We have noticed that you use what we call a "protected" salutation, and so we need to perform extra validation checks to confirm your identity. Prior to this, you will be unable to log in to your account. Please expect another email in the upcoming few days from us here at the ChurchMapped Team and please have on hand information to prove your identity such as your passport and evidence of your position (for example, if you are a priest, a celebret will do). If you would like your information to be deleted prior to us confirming your identity, please email us expressing your request. Alternatively, accounts that are not activated within 6 months from the date of registration (all inclusive) will be automatically deleted from our systems, in line with our General Data Protection Regulation (GDPR) obligations.

Thank you so much once again!
Kind regards,
ChurchMapped Team' . '' . 'The social network that aspires to do better ❤' . 'See our terms and conditions here.| See our privacy policy here.| Visit ChurchMapped here.' . 'ChurchMapped® Limited is a registered company in England and Wales. Our company number is 12329590 and our registered office is at 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom. We are on the register of data fee payers courtesy of the Information Commissioner\'s Office (ICO) and our data protection registration number is ZA603587. Our VAT number is 340128834.

'; mail($toUserWithProtectedSalutation, $messageForUserWithProtectedSalutation, $messageForUserWithProtectedSalutation, $headersToUserWithProtectedSalutation); #This line of code finally sends the email to the user with the protected salutation }else{ #Here we deal with the situation of where the user does not use a protected salutation. Unlike the case where a user has a protected salutation, with an "ordinary" user, we send the user an activation code in the GET variables. The activation code is comprised of two variables: $m and $d. $m signifies the email used to register. It is taken by using the method bin2hex() for the email address the user used when registering. For instance, the email babatunde.onabajo@churchmapped.com gives the hexadecimal value of 6261626174756e64652e6f6e6162616a6f406368757263686d61707065642e636f6d. $d is the date the user registered with hyphens and is given by date(Y-m-d) registered. If both values are correct, that is they match what is in our database, we activate the user by setting has_churchmapped_user_confirmed_email_address to 2 (by default, it is 1). We then send another mail (the script is in activateuser.html though on a local server this is activateuser.php for IDE purposes) informing them that their email address is now confirmed. # The advantage of using bin2hex() is that it provides only alphanumeric values, making them URL-friendly. This is in stark contrast to other methods like convert_uuencode(). #In our activation page we use the hex2bin() to convert the value taken from the URL and then check this in the database. #The activation page is over at: https://www.churchmapped.com/profiles/activateuser.html . Note that this is only used for personal profiles because for business profiles, like users on a personal account who use a protected salutation, we manually approve them ourselves. # Remember that when using information stored in GET variables, we should use prepared statements to prevent SQL injection attacks and other hacking attempts. # Remember that where a user is not using a protected salutation (e.g. "Fr."), we set whether_user_requires_extra_authorisation to 2. # This section uses prepared statements to insert values into the database. These are the values we insert into the database together with the type in brackets: # 1 # salutation_of_user_on_churchmapped (s) - $_POST['salutationOfPersonalUser'] # 2 # first_name_of_user_on_churchmapped (s) - $_POST['firstNameOfPersonalUser'] # 3 # middle_name_of_user_on_churchmapped (s) - $_POST['middleNameOfPersonalUser'] # 4 # surname_of_user_on_churchmapped (s) - $_POST['surnameOfPersonalUser'] # 5 # date_of_birth_of_personal_churchmapped_user (s) - $_POST['yearOfBirthOfPersonalUser'] . - . $_POST['monthOfBirthOfPersonalUser'] . - . $_POST['dayOfBirthOfPersonalUser'] (we have to concatenate the values) # 6 # sex_of_user_on_churchmapped (i) - $_POST['genderOfPersonalUser'] # 7 # handle_of_user_on_churchmapped (s) - $_POST['churchmappedHandleOfPersonalUser'] # 8 # primary_email_of_user_on_churchmapped (s) - $_POST['emailOfPersonalUser'] # 9 # password_of_user_on_churchmapped (s) - $_POST['passwordOfPersonalUser'] (don't forget to hash this!) # 10 # has_churchmapped_user_confirmed_email_address (i) - this takes a value of 1 where the user has not yet confirmed their email; otherwise, where they have confirmed it, it is 2. This is an integer. # 11 # whether_user_requires_extra_authorisation (i) - This takes two values: 1 indicates not approved and 2 indicates approved. It is used for situations where a user uses a protected salutation such as Fr. # 12 # country_of_residence_of_user_on_churchmapped (i) - $_POST['countryOfPersonalUser'] (This is the country of residence of the user. It is an integer value because that is the value we use for the stored procedure which checks the integer against the ID in the corresponding table.) # 13 # country_of_place_of_work_of_user_on_churchmapped (i) - $_POST['countryOfWorkOfPersonalUser'] (This is the country of work of the user. It is an integer value because that is the value we use for the stored procedure which checks the integer against the ID in the corresponding table). # 14 # personal_address_line_one_of_user_of_churchmapped (s) - $_POST['addressLineOneOfPersonalUser'] # 15 # personal_address_line_two_of_user_on_churchmapped (s) - $_POST['addressLineTwoOfPersonalUser'] # 16 # personal_address_line_three_of_user_on_churchmapped (s) - $_POST['addressLineThreeOfPersonalUser'] # 17 # city_of_residence_of_user_on_churchmapped (s) - $_POST['cityOfPersonalUser'] # 18 # postcode_of_residence_of_user_on_churchmapped (s) - $_POST['postcodeOfPersonalUser'] # 19 # continent_of_residence_of_churchmapped_user (i) - $_POST['continentOfPersonalUser'] (This is the continent of residence of the user. It is an integer value because that is the value we use for the stored procedure which seeks the integer against the ID in the corresponding table). # 20 # continent_of_place_of_work_of_churchmapped_user (i) - $_POST['continentOfWorkOfPersonalUser'] (This is the continent of the place where the user works. It is an integer value because that is the value we use for the stored procedure which seeks the integer against the ID in the corresponding table) # 21 # date_and_time_of_registration_of_churchmapped_user (s) - This is the date and time the user registers. This is a special field in that it is not user generated. Rather, we create it ourselves on the backend using PHP's date("Y-m-d H:i:s") function. We set the type to string (s) for the purposes of our prepared statement below. # 22 # version_of_terms_and_conditions_agreed_to_by_churchmapped_user (i) - $_POST['termsAndConditionsVersionForPersonalUser'] # 23 # version_of_privacy_policy_agreed_to_by_churchmapped_user (i) - $_POST['privacyPolicyVersionForPersonalUser'] # 24 # ip_address_at_point_of_registration (s) - This is the IP address of the user when they register. This is a special field in that it is not user generated. Rather, we obtain it by accessing the file getuserip.php, which sets the IP address to a session variable and has already been validated by us and so we can be assured it can't be used for potential SQL injection attacks. The IP address is stored in the session variable $_SESSION['sessionIPAddress']. Note that when testing this on a local server, it might not work because the local server does not have an IP address per se. # 25 # date_and_time_of_version_of_agreement_to_terms_of_conditions (s) - This is the date and time at which a user agrees to the terms and conditions. # 26 # date_and_time_of_version_of_agreement_to_privacy_policy (s) - This is the date and time of the agreement to a particular privacy policy by the user. # bind_param: sssssisssiiiisssssiisiisss $passwordhash = "YouAreTheSaltOfTheEarthACityOnAHill!!!July2021"; #This is the hash we use for the password of the ChurchMapped user. We should not change this, or where we change it, we have to reset the password for all ChurchMapped users. $stmt = $conn->prepare("INSERT INTO churchma_USERS_ON_CHURCHMAPPED.user_details_on_churchmapped(salutation_of_user_on_churchmapped, first_name_of_user_on_churchmapped, middle_name_of_user_on_churchmapped, surname_of_user_on_churchmapped, date_of_birth_of_personal_churchmapped_user, sex_of_user_on_churchmapped, handle_of_user_on_churchmapped, primary_email_of_user_on_churchmapped, password_of_user_on_churchmapped, has_churchmapped_user_confirmed_email_address, whether_user_requires_extra_authorisation, country_of_residence_of_user_on_churchmapped, country_of_place_of_work_of_user_on_churchmapped, personal_address_line_one_of_user_of_churchmapped, personal_address_line_two_of_user_on_churchmapped, personal_address_line_three_of_user_on_churchmapped, city_of_residence_of_user_on_churchmapped, postcode_of_residence_of_user_on_churchmapped, continent_of_residence_of_churchmapped_user, continent_of_place_of_work_of_churchmapped_user, date_and_time_of_registration_of_churchmapped_user, version_of_terms_and_conditions_agreed_to_by_churchmapped_user, version_of_privacy_policy_agreed_to_by_churchmapped_user, ip_address_at_point_of_registration, date_and_time_of_version_of_agreement_to_terms_of_conditions, date_and_time_of_version_of_agreement_to_privacy_policy) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->bind_param("sssssisssiiiisssssiisiisss", $salutationofuseronchurchmapped, $firstnameofuseronchurchmapped, $middlenameofuseronchurchmapped, $surnameofuseronchurchmapped, $dateofbirthofuseronchurchmapped, $sexofuseronchurchmapped, $handleofchurchmappeduser, $primaryemailofchurchmappeduser, $passwordofchurchmappeduser, $haschurchmappeduserconfirmedemailaddress, $whetheruserrequiresextraauthorisation, $countryofresidenceofuseronchurchmapped, $countryofplaceofworkofuseronchurchmapped, $personaladdresslineoneofuserchurchmapped, $personaladdresslinetwoofuserchurchmapped, $personaladdresslinethreeofuserchurchmapped, $cityofresidenceofuseronchurchmapped, $postcodeofresidenceofuseronchurchmapped, $continentofuseronchurchmapped, $continentofworkofuseronchurchmapped, $dateandtimeofregistrationofchurchmappeduser, $termsandconditionsagreedtobychurchmappeduser, $versionofprivacypolicyagreedtobychurchmappeduser, $ipaddressatpointofregistration, $dateandtimeofversionofagreementtotermsandconditions, $dateandtimeofversionofagreementtoprivacypolicy); #Don't forget to trim all the variables to remove whitespace; with the exception of password $salutationofuseronchurchmapped = trim($_POST['salutationOfPersonalUser']); #This is the salutation of the personal user on ChurchMapped $firstnameofuseronchurchmapped = trim($_POST['firstNameOfPersonalUser']); #This is the first name of the personal user on ChurchMapped $middlenameofuseronchurchmapped = trim($_POST['middleNameOfPersonalUser']); #This is the middle name of the personal user on ChurchMapped $surnameofuseronchurchmapped = trim($_POST['surnameOfPersonalUser']); #This is the surname of the personal user on ChurchMapped $dateofbirthofuseronchurchmapped = trim($_POST['yearOfBirthOfPersonalUser']) . '-' . trim($_POST['monthOfBirthOfPersonalUser']) . '-' . trim($_POST['dayOfBirthOfPersonalUser']); #This is the date of birth of the personal user on ChurchMapped $sexofuseronchurchmapped = trim($_POST['genderOfPersonalUser']); #This is the sex of the personal user on ChurchMapped $handleofchurchmappeduser = trim($_POST['churchmappedHandleOfPersonalUser']); #This is the handle of the ChurchMapped user $primaryemailofchurchmappeduser = trim($_POST['emailOfPersonalUser']); #This is the email address of the ChurchMapped user $passwordofchurchmappeduser = md5($passwordhash . $_POST['passwordOfPersonalUser']); #This is the password of the ChurchMapped user. Remember that we don't use the trim() function for the password. We also use the variable $passwordhash for the SALT. The password is stored in the database via the md5() function. $haschurchmappeduserconfirmedemailaddress = 1; #This variable is used for whether the ChurchMapped user has activated their account by clicking the link in the email. Note that in the situation where a user uses a protected salutation, we have to manually update this value in the database to 2. $whetheruserrequiresextraauthorisation = 2; #This is used for whether the user requires extra authorisation. Where a user uses a protected salutation such as "Fr.", we set this value to 1, which prevents the user with the protected salutation from logging in. It is only after we are happy with our checks do we manually change this to 2. However, this is different for users who are not using a protected salutation (e.g. Mr.). In this case, we set the value to 2. $countryofresidenceofuseronchurchmapped = trim(intval($_POST['countryOfPersonalUser'])); #We use the method intval() to ensure once again that the value is in fact an integer. We use the trim() method to remove any whitespace $countryofplaceofworkofuseronchurchmapped = trim(intval($_POST['countryOfWorkOfPersonalUser'])); #We use the method intval() to ensure that the value is in fact an integer. We use the trim() method to remove any whitespace $personaladdresslineoneofuserchurchmapped = trim($_POST['addressLineOneOfPersonalUser']); #This is the address line one of the personal user $personaladdresslinetwoofuserchurchmapped = trim($_POST['addressLineTwoOfPersonalUser']); #This is the address line two of the personal user $personaladdresslinethreeofuserchurchmapped = trim($_POST['addressLineThreeOfPersonalUser']); #This is the address line three of the personal user $cityofresidenceofuseronchurchmapped = trim($_POST['cityOfPersonalUser']); #This is the city of residence of the user on ChurchMapped $postcodeofresidenceofuseronchurchmapped = trim($_POST['postcodeOfPersonalUser']); #This is the postcode of the user on ChurchMapped $continentofuseronchurchmapped = trim(intval($_POST['continentOfPersonalUser'])); #This is the continent of residence of the user on ChurchMapped. We use the method intval() to ensure once again that the value is in fact an integer. We use the trim() method to remove any whitespace. $continentofworkofuseronchurchmapped = trim(intval($_POST['continentOfWorkOfPersonalUser'])); #This is the continent of the place of work of the user on ChurchMapped. We use the method intval() to ensure once again that the value is in fact an integer. We use the trim() method to remove any whitespace. $dateandtimeofregistrationofchurchmappeduser = date("Y-m-d H:i:s"); #This provides the date of the registation. Note that it is not user-generated. Furthermore, we do not need to use the trim() function here because it is not user-generated. $termsandconditionsagreedtobychurchmappeduser = trim(intval($_POST['termsAndConditionsVersionForPersonalUser'])); #This is the terms and conditions agreed to by the user $versionofprivacypolicyagreedtobychurchmappeduser = trim(intval($_POST['privacyPolicyVersionForPersonalUser'])); #This is the privacy policy agreed to by the ChurchMapped user $ipaddressatpointofregistration = $_SESSION['sessionIPAddress']; #This is the IP Address of the user, stored in the session variable. $dateandtimeofversionofagreementtotermsandconditions = date("Y-m-d H:i:s"); #This is the date and time at which a user agrees to the terms and conditions $dateandtimeofversionofagreementtoprivacypolicy = date("Y-m-d H:i:s"); #This is the date and time at which a user agrees to a particular privacy policy. #We finally insert the values into the database here wit the -> execute() method. $stmt->execute(); #This line of code finally executes the code above #Here we send the activation email to the user. There is no need to send an additional mail to the ChurchMapped Support team, in contrast to users using a protected salutation or for business users. However, we should secretly send a mail to joinus@churchmapped.com each time 1) attempts to register (i.e. register but have not activated their account yet) 2) successfully registers upon activating their email address. #Remember that: Unlike the case where a user has a protected salutation, with an "ordinary" user, we send the user an activation code in the GET variables. The activation code is comprised of two variables: $m and $d. $m signifies the email used to register. It is taken by using the method bin2hex() for the email address the user used when registering. For instance, the email babatunde.onabajo@churchmapped.com gives the hexadecimal value of 6261626174756e64652e6f6e6162616a6f406368757263686d61707065642e636f6d. $d is the date the user registered without any hyphens and is given by date(Ymd) registered. If both values are correct, that is they match what is in our database, we activate the user by setting has_churchmapped_user_confirmed_email_address to 2 (by default, it is 1). We then send another mail (the script is in activateuser.html though on a local server this is activateuser.php for IDE purposes) informing them that their email address is now confirmed. #Note that we do not have to do further input validation checks here because if we have reached this stage of our code, the input is valid. # The mail() function takes the following parameters: to, subject, message, headers, parameters $headersToUserWithoutProtectedSalutation = array(); $m = bin2hex($_POST['emailOfPersonalUser']); #The variable $m converts the email of the personal user to hexadecimal format. $d = bin2hex((date("Y-m-d"))); #The variable $d converts the date of today (which is the proxy for the date the user registered and the date the email is sent) to hexadecimal format. This will be used by the file activateuser.php (local)/activateuser.html (production) to find where in the database the user registered and on what day they did. Because this can only point to one user (i.e. email account and date they registered), we can safely activate the user's account. $emailOfUserWithoutProtectedSalutation = $_POST['emailOfPersonalUser']; $subjectOfEmailToUserWithoutProtectedSalutation = "Thank you for joining the ChurchMapped social network! Please read below to activate your account"; $path_of_the_logo = "https://www.churchmapped.com/churchmappedlogo.png"; $type = pathinfo($path_of_the_logo, PATHINFO_EXTENSION); $contentofimage = file_get_contents($path_of_the_logo); $image64 = "data:image/" . $type . ';base64,' . base64_encode($contentofimage); $messageInEmailForUserWithoutProtectedSalutation = '

' . '

' . ''. '
Dear ' . trim($_POST['salutationOfPersonalUser']) . ' ' . trim($_POST['firstNameOfPersonalUser']) . ' ' . trim($_POST['surnameOfPersonalUser']) . ',' . '' . '

' . 'Thank you so much for registering on the ChurchMapped platform! We\'re delighted you would like to join the social network that truly cares. In order to join, please activate your account by clicking the following link: ' . 'https://www.churchmapped.com/profiles/activateuser.html?m=' . $m. '&d=' . $d . '

We\'re looking forward to seeing you. Thank you so much once again!
Kind regards,
ChurchMapped Team' . '' . 'The social network that aspires to do better ❤' . 'See our terms and conditions here.| See our privacy policy here.| Visit ChurchMapped here.' . 'ChurchMapped® Limited is a registered company in England and Wales. Our company number is 12329590 and our registered office is at 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom. We are on the register of data fee payers courtesy of the Information Commissioner\'s Office (ICO) and our data protection registration number is ZA603587. Our VAT number is 340128834.

'; $headersToUserWithoutProtectedSalutation[] = "Content-Type: text/html; charset=utf-8"; $headersToUserWithoutProtectedSalutation[] = "From: Support - ChurchMapped Team "; $headersToUserWithoutProtectedSalutation = implode("\r\n", $headersToUserWithoutProtectedSalutation); #This adds a \r\n to each line, which we need when sending mail. mail($emailOfUserWithoutProtectedSalutation, $subjectOfEmailToUserWithoutProtectedSalutation, $messageInEmailForUserWithoutProtectedSalutation , $headersToUserWithoutProtectedSalutation); #This finally sends an e-mail to the user with their ID code. #Here we send a mail to joinus@churchmapped.com, which we can use for data collection purposes. $headersToJoinUsAtChurchMapped = array(); $emailToJoinUsAtChurchMapped = "joinus@churchmapped.com"; $subjectOfEmailToJoinUsAtChurchMapped = "The following user has registered an account on ChurchMapped.com:" . " " . trim($_POST['salutationOfPersonalUser']) . " " . trim($_POST['firstNameOfPersonalUser']) . " " . trim($_POST['surnameOfPersonalUser']); $messageToJoinUsAtChurchMapped = '

' . '

' . ''. '
Dear ChurchMapped Team' . ',' . '
The following user has registered an account at on our platform, but has not yet activated their account:' . '
' . '
' . '' . '' . '' . 'When the user activates their account, a different email will be sent. This is an automated email that is being sent for data collection purposes.' . '

' . '

Kind regards,
ChurchMapped Team (Automated)' . '' . 'The social network that aspires to do better ❤' . 'See our terms and conditions here.| See our privacy policy here.| Visit ChurchMapped here.' . 'ChurchMapped® Limited is a registered company in England and Wales. Our company number is 12329590 and our registered office is at 27 Old Gloucester Street, London, WC1N 3AX, United Kingdom. We are on the register of data fee payers courtesy of the Information Commissioner\'s Office (ICO) and our data protection registration number is ZA603587. Our VAT number is 340128834.

'; $headersToJoinUsAtChurchMapped[] = "Content-Type: text/html; charset=utf-8"; $headersToJoinUsAtChurchMapped[] = "From: Support - ChurchMapped Team "; $headersToJoinUsAtChurchMapped = implode("\r\n", $headersToJoinUsAtChurchMapped); #This adds a \r\n to each line, which we need when sending mail. mail($emailToJoinUsAtChurchMapped, $subjectOfEmailToJoinUsAtChurchMapped, $messageToJoinUsAtChurchMapped, $headersToJoinUsAtChurchMapped); #This line of code finally sends an email to joinus@churchmapped.com } #This ends the segment of the if(){} statement where there are no errors found in the registration form. }else{ #If there are errors we publish them here to inform the user. echo "There was an issue with the information you entered into the registration form:"; foreach($errors as $particularerror){ #The foreach() loop basically displays all the errors. echo '
' . $particularerror . '
'; } } } echo ''; #Here we echo the JavaScript files that we need. echo ''; echo ''; ?>