/** * Checks the reCAPTCHA answer * * @param string $value The value to check * @return boolean True if valid false otherwise */ public function isValid($value) { $params = array('secret' => $this->_secretKey, 'response' => isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : '', 'remoteip' => iphorm_get_user_ip()); $qs = http_build_query($params); $response = wp_remote_get('https://www.google.com/recaptcha/api/siteverify?' . $qs); $response = wp_remote_retrieve_body($response); $response = iphorm_json_decode($response, true); if (!is_array($response) || !isset($response['success'])) { $this->addMessage($this->_messageTemplates['error']); return false; } if (!$response['success']) { if (isset($response['error-codes']) && is_array($response['error-codes']) && count($response['error-codes'])) { foreach ($response['error-codes'] as $error) { if (array_key_exists($error, $this->_messageTemplates)) { $message = $this->_messageTemplates[$error]; } else { $message = $this->_messageTemplates['invalid-input-response']; } $this->addMessage($message); return false; } } else { $this->addMessage($this->_messageTemplates['error']); return false; } } return true; }
/** * Process the form and returns the response * * @return string */ function iphorm_process_form() { $ajax = isset($_POST['iphorm_ajax']) && $_POST['iphorm_ajax'] == 1; $swfu = isset($_POST['iphorm_swfu']) && $_POST['iphorm_swfu'] == 1; if (isset($_POST['iphorm_id']) && isset($_POST['iphorm_uid']) && ($form = iphorm_get_form($_POST['iphorm_id'], $_POST['iphorm_uid'])) instanceof iPhorm && $form->getActive()) { // Strip slashes from the submitted data (WP adds them automatically) $_POST = stripslashes_deep($_POST); // Pre-process action hooks do_action('iphorm_pre_process', $form); do_action('iphorm_pre_process_' . $form->getId(), $form); $response = ''; // If we have files uploaded via SWFUpload, merge them into $_FILES if ($swfu && isset($_SESSION['iphorm-' . $form->getUniqId()])) { $_FILES = array_merge($_FILES, $_SESSION['iphorm-' . $form->getUniqId()]); } // Set the form element values $form->setValues($_POST); // Calculate which elements are hidden by conditional logic and which groups are empty $form->calculateElementStatus(); // Pre-validate action hooks do_action('iphorm_pre_validate', $form); do_action('iphorm_pre_validate_' . $form->getId(), $form); if ($form->isValid()) { // Post-validate action hooks do_action('iphorm_post_validate', $form); do_action('iphorm_post_validate_' . $form->getId(), $form); // Process any uploads first $attachments = array(); $elements = $form->getElements(); foreach ($elements as $element) { if ($element instanceof iPhorm_Element_File) { $elementName = $element->getName(); if (array_key_exists($elementName, $_FILES) && is_array($_FILES[$elementName])) { $file = $_FILES[$elementName]; if (is_array($file['error'])) { // Process multiple upload field foreach ($file['error'] as $key => $error) { if ($error === UPLOAD_ERR_OK) { $pathInfo = pathinfo($file['name'][$key]); $extension = isset($pathInfo['extension']) ? $pathInfo['extension'] : ''; $filenameFilter = new iPhorm_Filter_Filename(); $filename = strlen($extension) ? str_replace(".{$extension}", '', $pathInfo['basename']) : $pathInfo['basename']; $filename = $filenameFilter->filter($filename); $filename = apply_filters('iphorm_filename_' . $element->getName(), $filename, $element, $form); if (strlen($extension)) { $filename = strlen($filename) ? "{$filename}.{$extension}" : "upload.{$extension}"; } else { $filename = strlen($filename) ? $filename : 'upload'; } $fullPath = $file['tmp_name'][$key]; $value = array('text' => $filename); if ($element->getSaveToServer()) { $result = iphorm_save_uploaded_file($fullPath, $filename, $element, $form->getId()); if ($result !== false) { $fullPath = $result['fullPath']; $filename = $result['filename']; $value = array('url' => iphorm_get_wp_uploads_url() . '/' . $result['path'] . $filename, 'text' => $filename, 'fullPath' => $fullPath); } } if ($element->getAddAsAttachment()) { $attachments[] = array('fullPath' => $fullPath, 'type' => $file['type'][$key], 'filename' => $filename); } $element->addFile($value); } } } else { // Process single upload field if ($file['error'] === UPLOAD_ERR_OK) { $pathInfo = pathinfo($file['name']); $extension = isset($pathInfo['extension']) ? $pathInfo['extension'] : ''; $filenameFilter = new iPhorm_Filter_Filename(); $filename = strlen($extension) ? str_replace(".{$extension}", '', $pathInfo['basename']) : $pathInfo['basename']; $filename = $filenameFilter->filter($filename); $filename = apply_filters('iphorm_filename_' . $element->getName(), $filename, $element, $form); if (strlen($extension)) { $filename = strlen($filename) ? "{$filename}.{$extension}" : "upload.{$extension}"; } else { $filename = strlen($filename) ? $filename : 'upload'; } $fullPath = $file['tmp_name']; $value = array('text' => $filename); if ($element->getSaveToServer()) { $result = iphorm_save_uploaded_file($fullPath, $filename, $element, $form->getId()); if (is_array($result)) { $fullPath = $result['fullPath']; $filename = $result['filename']; $value = array('url' => iphorm_get_wp_uploads_url() . '/' . $result['path'] . $filename, 'text' => $filename, 'fullPath' => $fullPath); } } if ($element->getAddAsAttachment()) { $attachments[] = array('fullPath' => $fullPath, 'type' => $file['type'], 'filename' => $filename); } $element->addFile($value); } } } // end in $_FILES } // end instanceof file } // end foreach element // Save the entry to the database if ($form->getSaveToDatabase()) { global $wpdb; $currentUser = wp_get_current_user(); $entry = array('form_id' => $form->getId(), 'date_added' => gmdate('Y-m-d H:i:s'), 'ip' => mb_substr(iphorm_get_user_ip(), 0, 32), 'form_url' => isset($_POST['form_url']) ? mb_substr($_POST['form_url'], 0, 512) : '', 'referring_url' => isset($_POST['referring_url']) ? mb_substr($_POST['referring_url'], 0, 512) : '', 'post_id' => isset($_POST['post_id']) ? mb_substr($_POST['post_id'], 0, 32) : '', 'post_title' => isset($_POST['post_title']) ? mb_substr($_POST['post_title'], 0, 128) : '', 'user_display_name' => mb_substr(iphorm_get_current_userinfo('display_name'), 0, 128), 'user_email' => mb_substr(iphorm_get_current_userinfo('user_email'), 0, 128), 'user_login' => mb_substr(iphorm_get_current_userinfo('user_login'), 0, 128)); $wpdb->insert(iphorm_get_form_entries_table_name(), $entry); $entryId = $wpdb->insert_id; $form->setEntryId($entryId); $entryDataTableName = iphorm_get_form_entry_data_table_name(); foreach ($elements as $element) { if ($element->getSaveToDatabase() && !$element->isConditionallyHidden()) { $entryData = array('entry_id' => $entryId, 'element_id' => $element->getId(), 'value' => $element->getValueHtml()); $wpdb->insert($entryDataTableName, $entryData); } } } // Check if we need to send any emails if ($form->getSendNotification() || $form->getSendAutoreply()) { // Get a new PHP mailer instance $mailer = iphorm_new_phpmailer($form); // Create an email address validator, we'll need to use it later $emailValidator = new iPhorm_Validator_Email(); // Check if we should send the notification email if ($form->getSendNotification() && count($form->getRecipients())) { // Set the from address $notificationFromInfo = $form->getNotificationFromInfo(); $mailer->From = $notificationFromInfo['email']; $mailer->FromName = $notificationFromInfo['name']; // Set the BCC if (count($bcc = $form->getBcc())) { foreach ($bcc as $bccEmail) { $mailer->AddBCC($bccEmail); } } // Set the Reply-To header if (($replyToElement = $form->getNotificationReplyToElement()) instanceof iPhorm_Element_Email && $emailValidator->isValid($replyToEmail = $replyToElement->getValue())) { $mailer->AddReplyTo($replyToEmail); } // Set the subject $mailer->Subject = $form->replacePlaceholderValues($form->getSubject()); // Check for conditional recipient rules if (count($form->getConditionalRecipients())) { $recipients = array(); foreach ($form->getConditionalRecipients() as $rule) { if (isset($rule['element'], $rule['value'], $rule['operator'], $rule['recipient']) && ($rElement = $form->getElementById($rule['element'])) instanceof iPhorm_Element_Multi) { if ($rule['operator'] == 'eq') { if ($rElement->getValue() == $rule['value']) { $recipients[] = $rule['recipient']; } } else { if ($rElement->getValue() != $rule['value']) { $recipients[] = $rule['recipient']; } } } } if (count($recipients)) { foreach ($recipients as $recipient) { $mailer->AddAddress($form->replacePlaceholderValues($recipient)); } } else { // No conditional recipient rules were matched, use default recipients foreach ($form->getRecipients() as $recipient) { $mailer->AddAddress($form->replacePlaceholderValues($recipient)); } } } else { // Set the recipients foreach ($form->getRecipients() as $recipient) { $mailer->AddAddress($form->replacePlaceholderValues($recipient)); } } // Set the message content $emailHTML = ''; $emailPlain = ''; if ($form->getCustomiseEmailContent()) { if ($form->getNotificationFormat() == 'html') { $emailHTML = $form->getNotificationEmailContent(); } else { $emailPlain = $form->getNotificationEmailContent(); } // Replace any placeholder values $emailHTML = $form->replacePlaceholderValues($emailHTML, 'html', '<br />'); $emailPlain = $form->replacePlaceholderValues($emailPlain, 'plain', iphorm_get_email_newline()); } else { ob_start(); include IPHORM_INCLUDES_DIR . '/emails/email-html.php'; $emailHTML = ob_get_clean(); ob_start(); include IPHORM_INCLUDES_DIR . '/emails/email-plain.php'; $emailPlain = ob_get_clean(); } if (strlen($emailHTML)) { $mailer->MsgHTML($emailHTML); if (strlen($emailPlain)) { $mailer->AltBody = $emailPlain; } } else { $mailer->Body = $emailPlain; } // Attachments foreach ($attachments as $file) { $mailer->AddAttachment($file['fullPath'], $file['filename'], 'base64', $file['type']); } $mailer = apply_filters('iphorm_pre_send_notification_email', $mailer, $form, $attachments); $mailer = apply_filters('iphorm_pre_send_notification_email_' . $form->getId(), $mailer, $form, $attachments); try { // Send the message $mailer->Send(); } catch (Exception $e) { if (WP_DEBUG) { throw $e; } } } // Check if we should send the autoreply email if ($form->getSendAutoreply() && ($recipientElement = $form->getAutoreplyRecipientElement()) instanceof iPhorm_Element_Email && strlen($recipientEmailAddress = $recipientElement->getValue()) && $emailValidator->isValid($recipientEmailAddress)) { // Get a new PHP mailer instance $mailer = iphorm_new_phpmailer($form); // Set the subject $mailer->Subject = $form->replacePlaceholderValues($form->getAutoreplySubject()); // Set the from name/email $autoreplyFromInfo = $form->getAutoreplyFromInfo(); $mailer->From = $autoreplyFromInfo['email']; $mailer->FromName = $autoreplyFromInfo['name']; // Add the recipient address $mailer->AddAddress($recipientEmailAddress); // Build the email content $emailHTML = ''; $emailPlain = ''; if (strlen($autoreplyEmailContent = $form->getAutoreplyEmailContent())) { if ($form->getAutoreplyFormat() == 'html') { $emailHTML = $form->replacePlaceholderValues($autoreplyEmailContent, 'html', '<br />'); } else { $emailPlain = $form->replacePlaceholderValues($autoreplyEmailContent, 'plain', iphorm_get_email_newline()); } } if (strlen($emailHTML)) { $mailer->MsgHTML($emailHTML); } else { $mailer->Body = $emailPlain; } $mailer = apply_filters('iphorm_pre_send_autoreply_email', $mailer, $form, $attachments); $mailer = apply_filters('iphorm_pre_send_autoreply_email_' . $form->getId(), $mailer, $form, $attachments); try { // Send the autoreply $mailer->Send(); } catch (Exception $e) { if (WP_DEBUG) { throw $e; } } } } // Okay, so now we can save form data to the custom database table if configured if (count($fields = $form->getDbFields())) { foreach ($fields as $key => $value) { $fields[$key] = $form->replacePlaceholderValues($value); } if ($form->getUseWpDb()) { global $wpdb; $wpdb->insert($form->getDbTable(), $fields); } else { $cwpdb = new wpdb($form->getDbUsername(), $form->getDbPassword(), $form->getDbName(), $form->getDbHost()); $cwpdb->insert($form->getDbTable(), $fields); } } // Delete uploaded files and unset file upload info from session if (isset($_SESSION['iphorm-' . $form->getUniqId()])) { if (is_array($_SESSION['iphorm-' . $form->getUniqId()])) { foreach ($_SESSION['iphorm-' . $form->getUniqId()] as $file) { if (isset($file['tmp_name'])) { if (is_array($file['tmp_name'])) { foreach ($file['tmp_name'] as $multiFile) { if (is_string($multiFile) && strlen($multiFile) && file_exists($multiFile)) { unlink($multiFile); } } } else { if (is_string($file['tmp_name']) && strlen($file['tmp_name']) && file_exists($file['tmp_name'])) { unlink($file['tmp_name']); } } } } } unset($_SESSION['iphorm-' . $form->getUniqId()]); } // Unset CAPTCHA info from session if (isset($_SESSION['iphorm-captcha-' . $form->getUniqId()])) { unset($_SESSION['iphorm-captcha-' . $form->getUniqId()]); } // Post-process action hooks do_action('iphorm_post_process', $form); do_action('iphorm_post_process_' . $form->getId(), $form); $result = array('type' => 'success', 'data' => $form->getSuccessMessage()); if ($form->getSuccessType() == 'redirect') { $result['redirect'] = $form->getSuccessRedirectURL(); } if (!$ajax) { // Reset the form for non-JavaScript submit $successMessage = $form->getSuccessMessage(); $form->setSubmitted(true); $form->reset(); } else { // This counteracts the fact that wrapping the JSON response in a textarea decodes HTML entities if (isset($result['redirect'])) { $result['redirect'] = htmlspecialchars($result['redirect'], ENT_NOQUOTES); } $result['data'] = htmlspecialchars($result['data'], ENT_NOQUOTES); } } else { $result = array('type' => 'error', 'data' => $form->getErrors()); } if ($ajax) { $response = '<textarea>' . iphorm_json_encode($result) . '</textarea>'; } else { // Redirect if successful if (isset($result['type'], $result['redirect']) && $result['type'] == 'success') { return '<meta http-equiv="refresh" content="0;URL=\'' . esc_url($result['redirect']) . '\'">'; } // Displays the form again do_action('iphorm_pre_display', $form); do_action('iphorm_pre_display_' . $form->getId(), $form); ob_start(); include IPHORM_INCLUDES_DIR . '/form.php'; $response = ob_get_clean(); } return $response; } }
/** * Get the form value of a single placeholder * * Static version (element value placeholders will not be replaced) * * @param string $matches * @return string The the form value */ public static function getPlaceholderValue2($matches) { $original = $matches[0]; // Process any exact matches switch ($original) { case '{ip}': return iphorm_get_user_ip(); case '{post_id}': return iphorm_get_current_post_id(); case '{post_title}': return iphorm_get_current_post_title(); case '{url}': return iphorm_get_current_url(); case '{user_display_name}': $currentUser = wp_get_current_user(); if ($currentUser->ID == 0) { return ''; } else { return $currentUser->display_name; } case '{user_email}': $currentUser = wp_get_current_user(); if ($currentUser->ID == 0) { return ''; } else { return $currentUser->user_email; } case '{user_login}': $currentUser = wp_get_current_user(); if ($currentUser->ID == 0) { return ''; } else { return $currentUser->user_login; } case '{referring_url}': return isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; case '{current_date}': case '{submit_date}': return date_i18n('l, jS F Y'); case '{current_time}': case '{submit_time}': return date_i18n('g:i a'); case '{admin_email}': return get_bloginfo('admin_email'); } // Process variable tags if (stripos($original, '|') !== false) { $stripped = preg_replace('/(^{|}$)/', '', $original); $parts = explode('|', $stripped); switch ($parts[0]) { case 'current_date': case 'submit_date': case 'current_time': case 'submit_time': return date_i18n($parts[1]); } } return $original; }