-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathprocessEOI.php
More file actions
375 lines (334 loc) · 13.1 KB
/
processEOI.php
File metadata and controls
375 lines (334 loc) · 13.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
<!--
filename: processEOI.php
authors: Xuan Tuan Minh Nguyen, Nathan Wijaya, Mai An Nguyen, Nhat Minh Tran, Amiru Manthrige
created: 28-Apr-2023
description: Script to process the job application form
-->
<?php
// initialise database connection
include "settings.php";
include "db_functions.php";
// check if the EOI table exists, if not create it
if(!check_table_existence($connection)) {
create_table($connection, "eoi");
}
// initialise form data variables
$job_reference_number = "";
$first_name = "";
$last_name = "";
$date_of_birth = "";
$date_of_birth_string = "";
$gender = "";
$street_address = "";
$suburb = "";
$state = "";
$postcode = "";
$email = "";
$phone = "";
$skills = [];
$other_skills = "";
$status = "";
// initialise error variables
$error = false;
$error_job_reference_number = "";
$error_first_name = "";
$error_last_name = "";
$error_date_of_birth = "";
$error_gender = "";
$error_street_address = "";
$error_suburb = "";
$error_state = "";
$error_postcode = "";
$error_email = "";
$error_phone = "";
$error_skills = "";
$error_other_skills = "";
// Checks if validation was triggered by a form submit, if not redirect the user
if ($_POST) {
// connect to database
// save the form data to variables and sanitise + existence checks
if (!empty($_POST["job_ref_no"])) {
$job_reference_number = sanitise_input($_POST["job_ref_no"]);
} else {
$error = true;
$error_job_reference_number = "Please enter a job reference number";
}
if (!empty($_POST["first_name"])) {
$first_name = sanitise_input($_POST["first_name"]);
} else {
$error = true;
$error_first_name = "Please enter your first name";
}
if (!empty($_POST["last_name"])) {
$last_name = sanitise_input($_POST["last_name"]);
} else {
$error = true;
$error_last_name = "Please enter your last name";
}
if (!empty($_POST["birth_date"])) {
$date_of_birth = sanitise_input($_POST["birth_date"]);
} else {
$error = true;
$error_date_of_birth = "Please enter your date of birth";
}
if (!empty($_POST["gender"])) {
$gender = sanitise_input($_POST["gender"]);
} else {
$error = true;
$error_gender = "Please select a gender";
}
if (!empty($_POST["address"])) {
$street_address = sanitise_input($_POST["address"]);
} else {
$error = true;
$error_street_address = "Please enter your street address";
}
if (!empty($_POST["suburb"])) {
$suburb = sanitise_input($_POST["suburb"]);
} else {
$error = true;
$error_suburb = "Please enter your suburb";
}
if (!empty($_POST["state"])) {
$state = sanitise_input($_POST["state"]);
} else {
$error = true;
$error_state = "Please select a state";
}
if (!empty($_POST["postcode"])) {
$postcode = sanitise_input($_POST["postcode"]);
} else {
$error = true;
$error_postcode = "Please enter your postcode";
}
if (!empty($_POST["email"])) {
$email = sanitise_input($_POST["email"]);
} else {
$error = true;
$error_email = "Please enter your email address";
}
if (!empty($_POST["phone"])) {
$phone = sanitise_input($_POST["phone"]);
} else {
$error = true;
$error_phone = "Please enter your phone number";
}
if (!empty($_POST["skills"])) {
// if skills is an array (which it should be), sanitise each skill
if (is_array($_POST["skills"])) {
foreach ($_POST["skills"] as $skill) {
$skills[] = sanitise_input($skill);
}
} else {
$skills[] = sanitise_input($_POST["skills"]);
}
} else {
$error = true;
$error_skills = "Please select at least one skill";
}
if (!empty($_POST["other_skills"])) {
$other_skills = sanitise_input($_POST["other_skills"]);
} elseif (!empty($_POST["skills"]) && in_array("other", $_POST["skills"])){
$error = true;
$error_other_skills = "Please enter any other skills you have";
}
// VALIDATION
// DATA TYPE CHECKS
// check if job reference number contains only alphanumeric characters
if (!preg_match("/^[a-zA-Z0-9]*$/", $job_reference_number) && empty($error_job_reference_number)) {
$error = true;
$error_job_reference_number = "Job reference number must contain only alphanumeric characters";
}
// check if first name contains only alphabetic characters
if (!preg_match("/^[a-zA-Z]*$/", $first_name) && empty($error_first_name)) {
$error = true;
$error_first_name = "First name must contain only alphabetic characters";
}
// check if last name contains only alphabetic characters
if (!preg_match("/^[a-zA-Z]*$/", $last_name) && empty($error_last_name)) {
$error = true;
$error_last_name = "Last name must contain only alphabetic characters";
}
// check if the date picker has been used (if date of birth is in yyyy-mm-dd format)
if (!preg_match("/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/", $date_of_birth) && empty($error_date_of_birth)) {
$error = true;
$error_date_of_birth = "Please enter a valid date of birth";
}
// check if state is one of the following: VIC,NSW,QLD,NT,WA,SA,TAS,ACT
if (!preg_match("/^(VIC|NSW|QLD|NT|WA|SA|TAS|ACT)$/", $state) && empty($error_state)) {
$error = true;
$error_state = "Please select a valid state";
}
// check if postcode is 4 characters long
// better to check postcode length before checking if it is in the selected state
if (strlen($postcode) != 4 && empty($error_postcode)) {
$error = true;
$error_postcode = "Postcode must be 4 characters long";
}
// check if postcode is in the selected state
if (empty($error_postcode)) {
if ($state == "VIC" && !preg_match("/^(3|8)[0-9]{3}$/", $postcode)) {
$error = true;
$error_postcode = "Please enter a valid Victorian postcode";
} elseif ($state == "NSW" && !preg_match("/^(1|2)[0-9]{3}$/", $postcode)) {
$error = true;
$error_postcode = "Please enter a valid New South Wales postcode";
} elseif ($state == "QLD" && !preg_match("/^(4|9)[0-9]{3}$/", $postcode)) {
$error = true;
$error_postcode = "Please enter a valid Queensland postcode";
} elseif ($state == "NT" && !preg_match("/^(0)[0-9]{3}$/", $postcode)) {
$error = true;
$error_postcode = "Please enter a valid Northern Territory postcode";
} elseif ($state == "WA" && !preg_match("/^(6)[0-9]{3}$/", $postcode)) {
$error = true;
$error_postcode = "Please enter a valid Western Australia postcode";
} elseif ($state == "SA" && !preg_match("/^(5)[0-9]{3}$/", $postcode)) {
$error = true;
$error_postcode = "Please enter a valid South Australia postcode";
} elseif ($state == "TAS" && !preg_match("/^(7)[0-9]{3}$/", $postcode)) {
$error = true;
$error_postcode = "Please enter a valid Tasmania postcode";
} elseif ($state == "ACT" && !preg_match("/^(0)[0-9]{3}$/", $postcode)) {
$error = true;
$error_postcode = "Please enter a valid Australian Capital Territory postcode";
}
}
// check if email address is valid
if (!filter_var($email, FILTER_VALIDATE_EMAIL) && empty($error_email)) {
$error = true;
$error_email = "Please enter a valid email address";
}
// RANGE CHECKS
// check if job reference number is 5 characters
if (strlen($job_reference_number) != 5 && empty($error_job_reference_number)) {
$error = true;
$error_job_reference_number = "Job reference number must be 5 characters long";
}
// check if first name is maximum 20 characters long
if (strlen($first_name) > 20 && empty($error_first_name)) {
$error = true;
$error_first_name = "First name must be 20 characters or less";
}
// check if last name is maximum 20 characters long
if (strlen($last_name) > 20 && empty($error_last_name)) {
$error = true;
$error_last_name = "Last name must be 20 characters or less";
}
// check if age is between 15 and 80 using date of birth
if (empty($error_date_of_birth)) {
// save date of birth string for later use
$date_of_birth_string = $date_of_birth;
// calculate age
$date_of_birth = date_create($date_of_birth);
$today = date_create(date("Y-m-d"));
$age = date_diff($date_of_birth, $today);
$age = $age->format("%y");
if ($age < 15 || $age > 80) {
$error = true;
$error_date_of_birth = "Age must be between 15 and 80 years old";
}
}
// check if street address is maximum 40 characters long
if (strlen($street_address) > 40 && empty($error_street_address)) {
$error = true;
$error_street_address = "Street address must be 40 characters or less";
}
// check if suburb is maximum 40 characters long
if (strlen($suburb) > 40 && empty($error_suburb)) {
$error = true;
$error_suburb = "Suburb must be 40 characters or less";
}
// check if phone number contains 8-12 digits or spaces
if (!preg_match("/^[0-9 ]{8,12}$/", $phone) && empty($error_phone)) {
$error = true;
$error_phone = "Phone number must contain 8-12 digits or spaces";
}
session_start();
// If there is no error, add the application to the database
if ($error === false) {
// Check if table exists
if (check_table_existence($connection, 'eoi') === true) {
// Extract skills from array
if (in_array("communication", $skills)) {
$skill_communication = 1;
} else {
$skill_communication = 0;
}
if (in_array("teamwork", $skills)) {
$skill_teamwork = 1;
} else {
$skill_teamwork = 0;
}
if (in_array("detail_oriented", $skills)) {
$skill_detail_oriented = 1;
} else {
$skill_detail_oriented = 0;
}
if (in_array("initiative", $skills)) {
$skill_initiative = 1;
} else {
$skill_initiative = 0;
}
if (in_array("time_management", $skills)) {
$skill_time_management = 1;
} else {
$skill_time_management = 0;
}
if (in_array("risk_management", $skills)) {
$skill_risk_management = 1;
} else {
$skill_risk_management = 0;
}
// If table exists, insert data into table
$data = add_eoi_data($connection, $job_reference_number, $first_name, $last_name, $date_of_birth_string, $gender, $street_address, $suburb, $state, $postcode, $email, $phone, $skill_communication, $skill_teamwork, $skill_detail_oriented, $skill_initiative, $skill_time_management, $skill_risk_management, $other_skills);
if($data === true) {
// delete form session variables
session_destroy();
// redirect to the application form with success parameter and application number set
redirect_if_success($connection);
} else {
header("location: apply.php");
exit;
}
}
} else {
// If there is an error, display the error messages and fill the inputs with the user's previous data (in the HTML form)
// store error messages in session variables
$_SESSION["error"] = true;
$_SESSION["error_job_reference_number"] = $error_job_reference_number;
$_SESSION["error_first_name"] = $error_first_name;
$_SESSION["error_last_name"] = $error_last_name;
$_SESSION["error_date_of_birth"] = $error_date_of_birth;
$_SESSION["error_gender"] = $error_gender;
$_SESSION["error_street_address"] = $error_street_address;
$_SESSION["error_suburb"] = $error_suburb;
$_SESSION["error_state"] = $error_state;
$_SESSION["error_postcode"] = $error_postcode;
$_SESSION["error_email"] = $error_email;
$_SESSION["error_phone"] = $error_phone;
$_SESSION["error_skills"] = $error_skills;
$_SESSION["error_other_skills"] = $error_other_skills;
// store user's previous data in session variables (so the user doesn't have to re-enter all the data)
$_SESSION["job_reference_number"] = $job_reference_number;
$_SESSION["first_name"] = $first_name;
$_SESSION["last_name"] = $last_name;
$_SESSION["date_of_birth"] = $_POST["birth_date"];
$_SESSION["gender"] = $gender;
$_SESSION["street_address"] = $street_address;
$_SESSION["suburb"] = $suburb;
$_SESSION["state"] = $state;
$_SESSION["postcode"] = $postcode;
$_SESSION["email"] = $email;
$_SESSION["phone"] = $phone;
$_SESSION["skills"] = $skills;
$_SESSION["other_skills"] = $other_skills;
// redirect to the application form
header("location: apply.php");
exit;
}
} else {
// Redirect to form, if process not triggered by a form submit
header("location: apply.php");
exit;
}
?>