function tdomf_load_widgets()
{
    if (file_exists(TDOMF_WIDGET_PATH)) {
        #tdomf_log_message_extra("Looking in ".TDOMF_WIDGET_PATH." for widgets...");
        if ($handle = opendir(TDOMF_WIDGET_PATH)) {
            while (false !== ($file = readdir($handle))) {
                if (preg_match('/.*\\.php$/', $file)) {
                    #tdomf_log_message_extra("Loading widget $file...");
                    require_once TDOMF_WIDGET_PATH . $file;
                }
            }
        } else {
            tdomf_log_message("Could not open directory " . TDOMF_WIDGET_PATH . "!", TDOMF_LOG_ERROR);
        }
    } else {
        tdomf_log_message("Could not find " . TDOMF_WIDGET_PATH . "!", TDOMF_LOG_ERROR);
    }
}
 function preview($args, $opts, $original_field_name = false)
 {
     $output = '';
     $value = false;
     if (isset($args[$this->prefix . 's'])) {
         $value = $args[$this->prefix . 's'];
     } else {
         if (isset($args[$original_field_name])) {
             $value = $args[$original_field_name];
         } else {
             tdomf_log_message("Select: can't get any input for preview!", TDOMF_LOG_ERROR);
         }
     }
     if ($value) {
         // prepare value
         if (is_array($value)) {
             foreach ($value as $v) {
                 if (isset($opts[$this->prefix . 'values'][$v])) {
                     if (!empty($output)) {
                         $output .= ", ";
                     }
                     $output .= $opts[$this->prefix . 'values'][$v];
                 }
             }
         } else {
             if (isset($opts[$this->prefix . 'values'][$value])) {
                 $output = $opts[$this->prefix . 'values'][$value];
             }
         }
         // format output
         if (!empty($output)) {
             if (!empty($opts[$this->prefix . 'title'])) {
                 $output = "<b>" . sprintf(__("%s: ", "tdomf"), $opts[$this->prefix . 'title']) . "</b>" . $output;
             }
         } else {
             tdomf_log_message("Select: values are bad for preview!", TDOMF_LOG_ERROR);
         }
     }
     return $output;
 }
 function adminEmail($args, $options, $post_ID, $postfix = '')
 {
     extract($args);
     $output = '';
     $widget_id = $postfix;
     if (empty($widget_id)) {
         $widget_id = 1;
     }
     $files = get_post_meta($post_ID, TDOMF_KEY_UPLOADED_FILES, true);
     if (is_array($files) && is_array($files[$widget_id])) {
         $files = $files[$widget_id];
         foreach ($files as $filepath) {
             $filepath = @realpath($filepath);
             if (file_exists($filepath)) {
                 // now scan custom fields for specific info on this file path
                 for ($i = 0; $i < $options['max']; $i++) {
                     $test = get_post_meta($post_ID, TDOMF_KEY_DOWNLOAD_PATH . $i, true);
                     $test = @realpath($test);
                     if ($filepath == $test) {
                         break;
                     }
                 }
                 if ($i >= $options['max']) {
                     tdomf_log_message('Upload Files Widget.adminEmail(): can\'t find details of ' . $filepath . ' (it may be a auto-generated thumbnail)');
                     $size = tdomf_filesize_format(filesize($filepath));
                     $output .= sprintf(__("A file was uploaded/generated with submission.\r\nPath: %s\r\nSize: %s\r\n\r\n", "tdomf"), $filepath, $size);
                 } else {
                     $name = get_post_meta($post_ID, TDOMF_KEY_DOWNLOAD_NAME . $i, true);
                     $uri = get_bloginfo('wpurl') . '/?tdomf_download=' . $post_ID . '&id=' . $i;
                     $size = tdomf_filesize_format(filesize($filepath));
                     $cmd = get_post_meta($post_ID, TDOMF_KEY_DOWNLOAD_CMD_OUTPUT . $i, true);
                     $type = get_post_meta($post_ID, TDOMF_KEY_DOWNLOAD_TYPE . $i, true);
                     $output .= sprintf(__("File %s was uploaded with submission.\r\nPath: %s\r\nSize: %s\r\nType: %s\r\nURL (can only be accessed by administrators until post published):\r\n%s\r\n\r\n", "tdomf"), $name, $filepath, $size, $type, $uri);
                     if ($cmd != false && !empty($cmd)) {
                         $output .= sprintf(__("User Command:\r\n\"%s %s\"\r\n\r\n%s\r\n\r\n", "tdomf"), $options['cmd'], $filepath, $cmd);
                     }
                 }
             } else {
                 tdomf_log_message('Upload Files Widget.adminEmail(): File ' . $filepath . ' does not actually exist!', TDOMF_LOG_ERROR);
             }
         }
     } else {
         // use old method
         for ($i = 0; $i < $options['max']; $i++) {
             $filepath = get_post_meta($post_ID, TDOMF_KEY_DOWNLOAD_PATH . $i, true);
             if (file_exists($filepath)) {
                 $name = get_post_meta($post_ID, TDOMF_KEY_DOWNLOAD_NAME . $i, true);
                 $uri = get_bloginfo('wpurl') . '/?tdomf_download=' . $post_ID . '&id=' . $i;
                 $size = tdomf_filesize_format(filesize($filepath));
                 $cmd = get_post_meta($post_ID, TDOMF_KEY_DOWNLOAD_CMD_OUTPUT . $i, true);
                 $type = get_post_meta($post_ID, TDOMF_KEY_DOWNLOAD_TYPE . $i, true);
                 $output .= sprintf(__("File %s was uploaded with submission.\r\nPath: %s\r\nSize: %s\r\nType: %s\r\nURL (can only be accessed by administrators until post published):\r\n%s\r\n\r\n", "tdomf"), $name, $filepath, $size, $type, $uri);
                 if ($cmd != false && !empty($cmd)) {
                     $output .= sprintf(__("User Command:\r\n\"%s %s\"\r\n\r\n%s\r\n\r\n", "tdomf"), $options['cmd'], $filepath, $cmd);
                 }
             }
         }
     }
     if ($output != '') {
         return $output;
     }
     return __("No files uploaded with this post/widget!", "tdomf");
 }
$message = tdomf_check_permissions_form($form_id, $post_id);
// Remove magic quote slashes and additionally ones Wordpress "cleverly" adds
tdomf_fixslashesargs();
// Now either generate a preview or create a post
//
$save_post_info = FALSE;
$hide_form = true;
$publish = false;
if ($message == NULL) {
    if ($is_edit) {
        $form_tag = $form_id . '_' . $post_id;
    } else {
        $form_tag = $form_id;
    }
    if (isset($_POST['tdomf_form' . $form_tag . '_send'])) {
        tdomf_log_message("Someone is attempting to submit something");
        $message = tdomf_validate_form($_POST, false);
        if ($message == NULL) {
            $args = $_POST;
            $args['ip'] = $_SERVER['REMOTE_ADDR'];
            $retVal = tdomf_create_post($args);
            // If retVal is an int it's a post id or an edit id
            $message = "<div class=\"tdomf_form_message\" id=\"tdomf_form" . $form_tag . "_message\" name=\"tdomf_form" . $form_tag . "_message\">";
            $publish = false;
            if (is_int($retVal)) {
                if ($is_edit) {
                    $edit_id = $retVal;
                    $edit = tdomf_get_edit($edit_id);
                    // @todo could probably test if $edit is real or not before proceeding
                    $post_id = $edit->post_id;
                    if ($edit->state == 'approved') {
Beispiel #5
0
function tdomf_widget_notifyme_post($args)
{
    global $current_user;
    get_currentuserinfo();
    extract($args);
    if (isset($notifyme)) {
        if (!isset($notifyme_email)) {
            if (is_user_logged_in() && tdomf_check_email_address($current_user->user_email)) {
                $notifyme_email = $current_user->user_email;
            } else {
                if (isset($whoami_email)) {
                    $notifyme_email = $whoami_email;
                } else {
                    tdomf_log_message("Could not find a email address to store for notification!", TDOMF_LOG_ERROR);
                }
            }
        }
        setcookie("tdomf_notify_widget_email", $notifyme_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
        add_post_meta($post_ID, TDOMF_KEY_NOTIFY_EMAIL, $notifyme_email, true);
    }
    return NULL;
}
Beispiel #6
0
function tdomf_trust_user($user_id)
{
    #tdomf_log_message("Check if user $user_id's status needs to be updated");
    if ($user_id && $user_id != get_option(TDOMF_DEFAULT_AUTHOR)) {
        $trust_count = intval(get_option(TDOMF_OPTION_TRUST_COUNT));
        #tdomf_log_message("trust count = $trust_count");
        if ($trust_count >= 0) {
            $user_status = get_usermeta($user_id, TDOMF_KEY_STATUS);
            $user_role = new WP_User($user_id);
            if ($user_status != TDOMF_USER_STATUS_TRUSTED && !$user_role->has_cap("publish_posts")) {
                /** @todo bug: the counts here include posts that were automatically published, which isn't exactly correct, but it'll do. */
                $approved_submissions_count = tdomf_get_users_published_posts_count($user_id);
                #tdomf_log_message("User $user_id's approved submissions = $approved_submissions_count");
                $approved_edit_count = tdomf_get_edits(array('user_id' => $user_id, 'count' => true, 'state' => 'approved'));
                #tdomf_log_message("User $user_id's approved edits = $approved_edit_count");
                $approved_total = $approved_submissions_count + $approved_edit_count;
                // 0 is a valid trust count, means that at least one approved post makes the user truested
                if ($trust_count == 0 && $approved_total > 0 || $trust_count > 0 && $trust_count <= $approved_total) {
                    tdomf_log_message("User {$user_id} has {$approved_submissions_count} approved submissions and {$approved_edit_count} approved contributions. Automatically setting the user to trusted. Well done.", TDOMF_LOG_GOOD);
                    update_usermeta($user_id, TDOMF_KEY_FLAG, true);
                    update_usermeta($user_id, TDOMF_KEY_STATUS, TDOMF_USER_STATUS_TRUSTED);
                } else {
                    #tdomf_log_message("User $user_id's approved total $approved_total does hit trust count's threshold of $trust_count");
                }
            } else {
                #tdomf_log_message("User $user_id is already trusted (current status='$user_status') or can publish posts");
            }
        } else {
            #tdomf_log_message("trust count < 0, feature disabled");
        }
    } else {
        #tdomf_log_message("User $user_id is invalid or the default author", TDOMF_LOG_ERROR);
    }
}
function tdomf_clear_log()
{
    if (get_option(TDOMF_LOG) != false) {
        delete_option(TDOMF_LOG);
    }
    tdomf_log_message('Log cleared');
}
function tdomf_get_error_messages($show_links = true, $form_id = 0)
{
    global $wpdb, $wp_roles;
    if (!isset($wp_roles)) {
        $wp_roles = new WP_Roles();
    }
    $roles = $wp_roles->role_objects;
    $message = "";
    #if(ini_get('register_globals') && !TDOMF_HIDE_REGISTER_GLOBAL_ERROR){
    #  $message .= "<font color=\"red\"><strong>".__("ERROR: <em>register_globals</em> is enabled. This is a security risk and also prevents TDO Mini Forms from working.")."</strong></font>";
    #}
    if (version_compare("5.0.0", phpversion(), ">")) {
        $message .= sprintf(__("Warning: You are currently using PHP version %s. It is strongly recommended to use PHP5 with TDO Mini Forms.", "tdomf"), phpversion());
        $message .= "<br/>";
    }
    if (get_option(TDOMF_OPTION_VERIFICATION_METHOD) == 'none') {
        $message .= __("Warning: Form input verification is disabled. This is a potential security risk.", "tdomf");
        $message .= "<br/>";
    }
    # Revisions disabled => editing won't work well
    if (!constant('WP_POST_REVISIONS')) {
        $form_ids = tdomf_get_form_ids();
        foreach ($form_ids as $a_form_id) {
            if (tdomf_get_option_form(TDOMF_OPTION_FORM_EDIT, $a_form_id->form_id)) {
                $message .= __("Error: Post Revisioning is disabled, post editing will not work correctly!", "tdomf");
                $message .= "<br/>";
                break;
            }
        }
    }
    if (isset($_REQUEST['form']) || $form_id != 0) {
        if ($form_id == 0) {
            $form_id = intval($_REQUEST['form']);
        }
        // permissions error
        if (tdomf_get_option_form(TDOMF_OPTION_ALLOW_EVERYONE, $form_id) == false) {
            $caps = tdomf_get_option_form(TDOMF_OPTION_ALLOW_CAPS, $form_id);
            if (is_array($caps) && empty($caps)) {
                $caps = false;
            }
            $users = tdomf_get_option_form(TDOMF_OPTION_ALLOW_USERS, $form_id);
            if (is_array($users) && empty($users)) {
                $users = false;
            }
            $publish = tdomf_get_option_form(TDOMF_OPTION_ALLOW_PUBLISH, $form_id);
            $role_count = 0;
            $role_publish_count = 0;
            foreach ($roles as $role) {
                if (isset($role->capabilities[TDOMF_CAPABILITY_CAN_SEE_FORM . '_' . $form_id])) {
                    $role_count++;
                    if (isset($role->capabilities['publish_posts'])) {
                        $role_publish_count++;
                    }
                }
            }
            // if nothing set
            if ($role_count == 0 && $caps == false && $users == false && $publish == false) {
                if ($show_links) {
                    $message .= "<font color=\"red\">" . sprintf(__("<b>Warning</b>: No-one has been configured to be able to access the form! <a href=\"%s\">Configure on Options Page &raquo;</a>", "tdomf"), get_bloginfo('wpurl') . "/wp-admin/admin.php?page=tdomf_show_form_options_menu&form={$form_id}") . "</font><br/>";
                } else {
                    $message .= "<font color=\"red\">" . __("<b>Warning</b>: No-one has been configured to be able to access the form!", "tdomf") . "</font><br/>";
                }
                tdomf_log_message("No-one has been configured to access this form ({$form_id})", TDOMF_LOG_BAD);
            } else {
                if ($caps == false && $users == false && $role_count == $role_publish_count && $publish == false) {
                    if ($show_links) {
                        $message .= "<font color=\"red\">" . sprintf(__("<b>Warning</b>: Only users who can <i>already publish posts</i>, can see the form! <a href=\"%s\">Configure on Options Page &raquo;</a>", "tdomf"), get_bloginfo('wpurl') . "/wp-admin/admin.php?page=tdomf_show_form_options_menu&form={$form_id}") . "</font><br/>";
                    } else {
                        $message .= "<font color=\"red\">" . __("<b>Warning</b>: Only users who can <i>already publish posts</i>, can see this form!", "tdomf") . "</font><br/>";
                    }
                    tdomf_log_message("Only users who can already publish can access the form ({$form_id})", TDOMF_LOG_BAD);
                }
            }
        }
        // form hacker modified
        $mode = tdomf_generate_default_form_mode($form_id) . '-hack';
        $curr_unmod_prev = trim(tdomf_preview_form(array('tdomf_form_id' => $form_id), $mode));
        $org_unmod_prev = trim(tdomf_get_option_form(TDOMF_OPTION_FORM_PREVIEW_HACK_ORIGINAL, $form_id));
        $hacked_prev = trim(tdomf_get_option_form(TDOMF_OPTION_FORM_PREVIEW_HACK, $form_id));
        if ($hacked_prev != false && $curr_unmod_prev != $org_unmod_prev) {
            $message .= "<font color=\"red\">";
            $diffs = "admin.php?page=tdomf_show_form_hacker&form={$form_id}&mode={$mode}&diff&form2=cur&form1=org&type=preview";
            $form_hacker = "admin.php?page=tdomf_show_form_hacker&form={$form_id}";
            $dismiss = wp_nonce_url("admin.php?page=tdomf_show_form_hacker&form={$form_id}&dismiss&type=preview", 'tdomf-form-hacker');
            $message .= sprintf(__("<b>Warning</b>: Form configuration has been changed that affect the preview output but Form Hacker has not been updated! <a href='%s'>Diff &raquo;</a> | <a href='%s'>Hack Form &raquo;</a> | <a href='%s'>Dismiss</a>", "tdomf"), $diffs, $form_hacker, $dismiss);
            $message .= "</font><br/>";
        }
        $curr_unmod_form = trim(tdomf_generate_form($form_id, $mode));
        $org_unmod_form = trim(tdomf_get_option_form(TDOMF_OPTION_FORM_HACK_ORIGINAL, $form_id));
        $hacked_form = trim(tdomf_get_option_form(TDOMF_OPTION_FORM_HACK, $form_id));
        if ($hacked_form != false && $curr_unmod_form != $org_unmod_form) {
            $message .= "<font color=\"red\">";
            $diffs = "admin.php?page=tdomf_show_form_hacker&form={$form_id}&mode={$mode}&diff&form2=cur&form1=org";
            $form_hacker = "admin.php?page=tdomf_show_form_hacker&form={$form_id}";
            $dismiss = wp_nonce_url("admin.php?page=tdomf_show_form_hacker&form={$form_id}&dismiss", 'tdomf-form-hacker');
            $message .= sprintf(__("<b>Warning</b>: Form configuration has been changed that affect the generated form but Form Hacker has not been updated! <a href='%s'>Diff &raquo;</a> | <a href='%s'>Hack Form &raquo;</a> | <a href='%s'>Dismiss</a>", "tdomf"), $diffs, $form_hacker, $dismiss);
            $message .= "</font><br/>";
        }
        // widget errors
        global $tdomf_form_widgets_admin_errors;
        $mode = "new-post";
        if (tdomf_get_option_form(TDOMF_OPTION_SUBMIT_PAGE, $form_id)) {
            $mode = "new-page";
        }
        $uri = "admin.php?page=tdomf_show_form_menu&form=" . $form_id;
        do_action('tdomf_control_form_start', $form_id, $mode);
        $widget_order = tdomf_get_widget_order($form_id);
        $widgets = tdomf_filter_widgets($mode, $tdomf_form_widgets_admin_errors);
        foreach ($widget_order as $w) {
            if (isset($widgets[$w])) {
                $widget_message = call_user_func($widgets[$w]['cb'], $form_id, $widgets[$w]['params']);
                if (!empty($widget_message)) {
                    $message .= "<font color=\"red\">" . $widget_message . sprintf(__(" <a href='%s'>Fix &raquo;</a>", "tdomf"), $uri) . "</font><br/>";
                }
            }
        }
        // @todo check that key is unique in custom fields
    }
    if (get_option(TDOMF_OPTION_EXTRA_LOG_MESSAGES) && !get_option(TDOMF_OPTION_DISABLE_ERROR_MESSAGES)) {
        $message .= "<font color=\"red\">";
        if ($show_links) {
            $message .= sprintf(__("<b>Warning:</b> You have enabled 'Extra Debug Messages' and disabled 'Disable Error Messages'. This invokes a special mode where all PHP errors are turned on. This can lead to unexpected problems and could be considered a security leak! <a href=\"%s\">Change on the Options Page &raquo;</a>", "tdomf"), get_bloginfo('wpurl') . "/wp-admin/admin.php?page=tdomf_show_options_menu");
        } else {
            $message .= __("<b>Warning:</b> You have enabled 'Extra Debug Messages' and disabled 'Disable Error Messages'. This invokes a special mode where all PHP errors are turned on. This can lead to unexpected problems and could be considered a security leak! This should only be used for debugging purposes.", "tdomf");
        }
        $message .= "</font><br/>";
    }
    $create_user_link = get_bloginfo('wpurl') . "/wp-admin/admin.php?page=tdomf_show_options_menu&action=create_dummy_user";
    if (function_exists('wp_nonce_url')) {
        $create_user_link = wp_nonce_url($create_user_link, 'tdomf-create-dummy-user');
    }
    if (get_option(TDOMF_DEFAULT_AUTHOR) == false) {
        $message .= "<font color=\"red\">" . sprintf(__("<b>Error</b>: No default author set! <a href=\"%s\">Create dummy user for default author automatically &raquo;</a>", "tdomf"), $create_user_link) . "</font><br/>";
        tdomf_log_message("Option Default Author not set!", TDOMF_LOG_BAD);
    } else {
        $def_aut = new WP_User(get_option(TDOMF_DEFAULT_AUTHOR));
        if (empty($def_aut->data->ID)) {
            // User does not exist! Deleting option
            delete_option(TDOMF_DEFAULT_AUTHOR);
            $message .= "<font color=\"red\">" . sprintf(__("<b>Error</b>: Current Default Author does not exist! <a href=\"%s\">Create dummy user for default author automatically &raquo;</a>", "tdomf"), $create_user_link) . "</font><br/>";
            tdomf_log_message("Current Default Author does not exist! Deleting option.", TDOMF_LOG_BAD);
        }
        if ($def_aut->has_cap("publish_posts")) {
            $message .= "<font color=\"red\">" . sprintf(__("<b>Error</b>: Default author can publish posts. Default author should not be able to publish posts! <a href=\"%s\">Create a dummy user for default author automatically &raquo;</a>", "tdomf"), $create_user_link) . "</font><br/>";
            tdomf_log_message("Option Default Author is set to an author who can publish posts.", TDOMF_LOG_BAD);
        }
    }
    if (function_exists('wp_get_http')) {
        $post_uri = TDOMF_URLPATH . 'tdomf-form-post.php';
        $headers = wp_get_http($post_uri, false, 1);
        if ($headers != false && $headers["response"] != '200') {
            $message .= "<font color=\"red\">";
            $message .= sprintf(__("<b>Error</b>: Got a %d error when checking <a href=\"%s\">%s</a>! This will prevent posts from being submitted. The permissions may be wrong on the tdo-mini-forms folder.", "tdomf"), $headers["response"], $post_uri, $post_uri);
            $message .= "</font><br/>";
            tdomf_log_message("Did not receive a 200 response when checking {$post_uri}:<pre>" . var_export($headers, true) . "</pre>", TDOMF_LOG_ERROR);
        }
        $ajax_uri = TDOMF_URLPATH . 'tdomf-form-ajax.php';
        $headers = wp_get_http($ajax_uri, false, 1);
        if ($headers != false && $headers["response"] != '200') {
            $message .= "<font color=\"red\">";
            $message .= sprintf(__("<b>Error</b>: Got a %d error when checking <a href=\"%s\">%s</a>! This will prevent forms that use AJAX from submitting posts. The permissions may be wrong on the tdo-mini-forms folder.", "tdomf"), $headers["response"], $ajax_uri, $ajax_uri);
            $message .= "</font><br/>";
            tdomf_log_message("Did not receive a 200 response when checking {$ajax_uri}:<pre>" . var_export($headers, true) . "</pre>", TDOMF_LOG_ERROR);
        }
        $css_uri = TDOMF_URLPATH . 'tdomf-style-form.css';
        $headers = wp_get_http($css_uri, false, 1);
        if ($headers != false && $headers["response"] != '200') {
            $message .= "<font color=\"red\">";
            $message .= sprintf(__("<b>Error</b>: Got a %d error when checking <a href=\"%s\">%s</a>! This will make your forms, by default, look very ugly. The permissions may be wrong on the tdo-mini-forms folder.", "tdomf"), $headers["response"], $css_uri, $css_uri);
            $message .= "</font><br/>";
            tdomf_log_message("Did not receive a 200 response when checking {$css_uri}:<pre>" . var_export($headers, true) . "</pre>", TDOMF_LOG_ERROR);
        }
    }
    return $message;
}
function tdomf_save_post()
{
    $post_id = (int) $_POST['post_ID'];
    if ($_POST['tdomf_locked'] == "false") {
        delete_post_meta($post_id, TDOMF_KEY_LOCK);
        tdomf_log_message("Post {$post_id} is now set to unlocked. Post can be edited by valid TDO Mini Form forms.");
    } else {
        tdomf_log_message("Post {$post_id} is now set to locked. Post cannot be edited by any TDO Mini Form forms.");
        delete_post_meta($post_id, TDOMF_KEY_LOCK);
        add_post_meta($post_id, TDOMF_KEY_LOCK, true, true);
    }
    if ($_POST['tdomf_flag'] == "false") {
        delete_post_meta($post_id, TDOMF_KEY_FLAG);
        tdomf_log_message("Removed post {$post_id} from TDOMF");
        die("alert('" . sprintf(__('TDOMF: Post %d is no longer managed by TDOMF!', 'tdomf'), $post_id) . "')");
    } else {
        add_post_meta($post_id, TDOMF_KEY_FLAG, true, true);
        if (isset($_POST["tdomf_user"])) {
            $user_id = $_POST["tdomf_user"];
            if (!empty($user_id) && !is_numeric($user_id)) {
                if (($userdata = get_userdatabylogin($user_id)) != false) {
                    $user_id = $userdata->ID;
                } else {
                    die("alert('" . sprintf(__("TDOMF: The user %s is not a valid user and cannot be used for Submitter", "tdomf"), $user_id) . "')");
                }
            }
            delete_post_meta($post_id, TDOMF_KEY_USER_ID);
            add_post_meta($post_id, TDOMF_KEY_USER_ID, $user_id, true);
            tdomf_log_message("Submitter info for post {$post_id} added");
            die("alert('" . sprintf(__('TDOMF: TDO Mini Forms info for post %d updated', 'tdomf'), $post_id) . "')");
        } else {
            // do this so that we *know* that submitter user is not used
            delete_post_meta($post_id, TDOMF_KEY_USER_ID);
            $name = $_POST["tdomf_name"];
            delete_post_meta($post_id, TDOMF_KEY_NAME);
            add_post_meta($post_id, TDOMF_KEY_NAME, $name, true);
            $email = $_POST["tdomf_email"];
            delete_post_meta($post_id, TDOMF_KEY_EMAIL);
            add_post_meta($post_id, TDOMF_KEY_EMAIL, $email, true);
            $web = $_POST["tdomf_web"];
            delete_post_meta($post_id, TDOMF_KEY_WEB);
            add_post_meta($post_id, TDOMF_KEY_WEB, $web, true);
            tdomf_log_message("Submitter info for post {$post_id} added");
            die("alert('" . sprintf(__('TDOMF: TDO Mini Forms info for post %d updated', 'tdomf'), $post_id) . "')");
        }
    }
    tdomf_log_message("Error captured in EditPostPanel:tdomf_save_post");
    die("alert('<?php _e('TDOMF: Error! Incomplete information provided!','tdomf'); ?>')");
}
                            // Future versions of TDOMF will provide this as an option.
                            //
                            #die( "tdomfRedirect$form_tag('http://thedeadone.net/download/tdo-mini-forms-wordpress-plugin/');" );
                        }
                    }
                }
            }
            // If retVal is a string, something went wrong!
        } else {
            tdomf_ajax_exit($form_id, tdomf_get_message_instance(TDOMF_OPTION_MSG_SUB_ERROR, $form_id, false, false, $retVal), false, false, $post_id);
        }
    } else {
        tdomf_ajax_exit($form_id, tdomf_get_message_instance(TDOMF_OPTION_MSG_SUB_ERROR, $form_id, false, false, $message), false, false, $post_id);
    }
} else {
    if ($_POST['tdomf_action'] == "preview") {
        tdomf_log_message("Someone is attempting to preview something");
        $message = tdomf_validate_form($tdomf_args, true);
        if ($message == NULL) {
            tdomf_log_message("Submission validated. Generating preview...");
            $message = tdomf_preview_form($tdomf_args);
            tdomf_log_message("Now sending back to form using AJAX!");
            tdomf_ajax_exit($form_id, $message, false, true, $post_id);
        } else {
            tdomf_ajax_exit($form_id, sprintf(__("Your submission contained errors:<br/><br/>%s<br/><br/>Please correct and resubmit.", "tdomf"), $message), false, false, $post_id);
        }
    } else {
        tdomf_ajax_exit($form_id, sprintf(__("TDOMF (AJAX) ERROR: unrecognised action %s!", "tdomf"), $_POST['action']), true, false, $post_id);
    }
}
tdomf_ajax_exit($form_id, __("ERROR! Should never reach here.", "tdomf"), true, false, $post_id);
Beispiel #11
0
function tdomf_set_state_edit($edit_state, $edit_id)
{
    global $wpdb;
    #tdomf_log_message("Updating state of edit $edit_id to $edit_state");
    $returnVal = false;
    $key = "tdomf_edit_" . $edit_id;
    $edit_cache = wp_cache_get($key);
    $writedb = true;
    if ($edit_cache != false && is_array($edit_cache) && isset($edit_cache['state'])) {
        #tdomf_log_message("There is a cache for this edit: $edit_id",TDOMF_LOG_GOOD);
        if ($edit_cache['state'] == $edit_state) {
            tdomf_log_message("State does not need to be updated for {$edit_id}. It is already at " . $edit_state, TDOMF_LOG_GOOD);
            $writedb = false;
            $returnVal = true;
        }
    }
    if ($writedb) {
        #tdomf_log_message("Writing new state for $edit_id to db",TDOMF_LOG_GOOD);
        $table_name = $wpdb->prefix . TDOMF_DB_TABLE_EDITS;
        $query = "UPDATE {$table_name} \n                SET state = '" . $wpdb->escape($edit_state) . "'\n                WHERE edit_id = '" . $wpdb->escape($edit_id) . "'";
        $returnVal = $wpdb->query($query);
    }
    if ($returnVal && $writedb && is_array($edit_cache)) {
        #tdomf_log_message("Updating cache for $edit_id",TDOMF_LOG_GOOD);
        $edit_cache['state'] = $edit_state;
        wp_cache_set($key, $edit_cache);
        #tdomf_log_message("$edit_id Cache: <pre>" . var_export($edit_cache,true) . "</pre>");
    }
    return $returnVal;
}
Beispiel #12
0
function tdomf_import_form_from_file()
{
    $form_id = $_REQUEST['form_id'];
    $ok = true;
    $message = false;
    if (!tdomf_form_exists($form_id)) {
        tdomf_log_message("tdomf_import_form_from_file: bad form id: {$form_id}", TDOMF_LOG_ERROR);
        $ok = false;
    }
    if (!current_user_can('manage_options')) {
        $ok = false;
    }
    if ($ok) {
        check_admin_referer('tdomf-import-' . $form_id);
    }
    if ($ok) {
        if (isset($_FILES["import_file"])) {
            $thefile = $_FILES["import_file"];
            # tmp_name, name, error, size, type
            if (@is_uploaded_file($thefile['tmp_name'])) {
                tdomf_log_message("Import File Found");
                $fh = @fopen($thefile['tmp_name'], 'r');
                if ($fh != false) {
                    $form_import = fread($fh, filesize($thefile['tmp_name']));
                    fclose($fh);
                } else {
                    tdomf_log_message("Error opening file!");
                    $message = __("Error importing form", "tdomf", TDOMF_LOG_ERROR);
                    $ok = false;
                }
                @unlink($thefile['tmp_name']);
            } else {
                tdomf_log_message("Error uploading file! <pre>" . var_export($_FILES["import_file"], true) . "</pre>", TDOMF_LOG_ERROR);
                $message = __("Error importing form", "tdomf");
                $ok = false;
            }
        } else {
            tdomf_log_message("Error no 'import_file' value: <pre>" . var_export($_FILES, true) . "</pre>", TDOMF_LOG_ERROR);
            $message = __("Error importing form", "tdomf", TDOMF_LOG_ERROR);
            $ok = false;
        }
        /*$fh = @fopen('/storage/home/associat/c/cammy/form_export_1.txt', 'r');
          if($fh != false)
          {
             #$form_import = fread($fh, filesize('/storage/home/associat/c/cammy/form_export_1.txt') + 100);
             while (!feof($fh)) {
                 $form_import .= fread($fh, 8192);
             }
             fclose($fh);
             tdomf_log_message("Seralized form data: <pre>" . htmlentities($form_import) . "</pre>");
          } else {
              tdomf_log_message("Error opening file!" );
              $message = __("Error importing form","tdomf",TDOMF_LOG_ERROR);
              $ok = false;
          }*/
    }
    if ($ok) {
        #error_reporting(E_ALL);
        $form_data = unserialize($form_import);
        if (is_array($form_data)) {
            tdomf_import_form($form_id, $form_data['options'], $form_data['widgets'], $form_data['caps']);
            tdomf_log_message("Form import succeeded <pre>" . htmlentities(var_export($form_data, true)) . "</pre>", TDOMF_LOG_GOOD);
            $message = __("Form import successful", "tdomf");
        } else {
            if ($form_data == false) {
                tdomf_log_message("Form import failed. Couldn't unserialize data: <pre>" . htmlentities($form_import) . "</pre>", TDOMF_LOG_ERROR);
                $message = __("Failed to unserialize form data: Form import failed", "tdomf");
            } else {
                tdomf_log_message("Form import failed: Data invalid: <pre>" . htmlentities(var_export($form_data, true)) . "</pre>", TDOMF_LOG_ERROR);
                $message = __("Form import failed", "tdomf");
            }
            $ok = false;
        }
    }
    return $message;
}
 function tdomf_widget_subscribe_to_comments_post($args)
 {
     global $current_user, $sg_subscribe;
     $options = tdomf_widget_subscribe_to_comments_get_options($args['tdomf_form_id']);
     get_currentuserinfo();
     extract($args);
     if ($options['always_subscribe'] || $subscribe_to_comments) {
         if (!isset($subscribe_to_comments_email)) {
             if (is_user_logged_in() && tdomf_check_email_address($current_user->user_email)) {
                 $subscribe_to_comments_email = $current_user->user_email;
             } else {
                 if (isset($whoami_email)) {
                     $subscribe_to_comments_email = $whoami_email;
                 } else {
                     tdomf_log_message("Could not find a email address to use for comment subscribption!", TDOMF_LOG_ERROR);
                 }
             }
         }
         /* This method doesn't work because the post must be published...
            sg_subscribe_start();
            if(is_user_logged_in()) {
                $sg_subscribe->solo_subscribe("",$post_ID);
            } else {
                $sg_subscribe->solo_subscribe($subscribe_to_comments_email,$post_ID);
            }
            if(isset($sg_subscribe->errors['solo_subscribe'])) {
                if(count($sg_subscribe->errors['solo_subscribe']) > 1) {
                    foreach($sg_subscribe->errors['solo_subscribe'] as $err) {
                        $errors = $err . "<br/>";
                    }
                    return $error;
                } else {
                    return $sg_subscribe->errors['solo_subscribe'][0];
                }
            }*/
         // this is how subscibe to email works
         add_post_meta($post_ID, '_sg_subscribe-to-comments', $subscribe_to_comments_email);
         // set comment email so that you can "unsubscribe"
         setcookie('comment_author_email_' . COOKIEHASH, $subscribe_to_comments_email, time() + 30000000, COOKIEPATH);
         setcookie('tdomf_subscribe_to_comments_widget_email', $subscribe_to_comments_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
     }
     return NULL;
 }
Beispiel #14
0
function tdomf_cleanup_spam()
{
    global $wpdb;
    if (!get_option(TDOMF_OPTION_SPAM_AUTO_DELETE)) {
        return;
    }
    // delete edit spam older than a month
    $edit_list = '';
    $time_diff = tdomf_timestamp_wp_sql(time() - 2592000);
    // 1 month in seconds
    $edits = tdomf_get_edits(array('state' => 'spam', 'older_than' => $time_diff));
    if (count($edits) > 0) {
        foreach ($edits as $edit) {
            $edit_list[] = $edit->edit_id;
            if ($edit->revision_id != 0) {
                wp_delete_post_revision($edit->revision_id);
            }
            if ($edit->current_revision_id != 0) {
                wp_delete_post_revision($last_edit[0]->current_revision_id);
            }
        }
        tdomf_delete_edits($edit_list);
        tdomf_log_message("Deleting spam edits older than a month: " . implode(",", $edit_list));
    }
    // delete spam more than a month old
    $query = "SELECT ID, post_modified_gmt\n             FROM {$wpdb->posts}\n             LEFT JOIN {$wpdb->postmeta} ON ({$wpdb->posts}.ID = {$wpdb->postmeta}.post_id)\n             WHERE meta_key = '" . TDOMF_KEY_SPAM . "'";
    $spam_posts = $wpdb->get_results($query);
    if (count($spam_posts) > 0) {
        $list = "";
        foreach ($spam_posts as $post) {
            // we use to use post_modified_gmt but since 2.6 or 2.7 this is
            // no longer set when the post is initially created in draft
            //
            $post_date_gmt = get_post_meta($post->ID, TDOMF_KEY_SUBMISSION_DATE, true);
            if ($post_date_gmt != false) {
                $post_date_ts = mysql2date('U', $post_date_gmt);
                $diff = time() - $post_date_ts;
                if ($diff >= 2952000) {
                    // 1 month (30 days)
                    $list .= $post->ID . ", ";
                    wp_delete_post($post->ID);
                }
                tdomf_log_message($post->ID . ' ' . $post_data_ts . ' ' . $diff);
            } else {
                // old way
                //
                $last_updated = strtotime($post->post_modified_gmt);
                $diff = time() - $last_updated;
                if ($diff >= 2952000) {
                    // 1 month (30 days)
                    $list .= $post->ID . ", ";
                    wp_delete_post($post->ID);
                }
            }
        }
        if ($list != "") {
            tdomf_log_message("Deleting spam posts older than a month: {$list}");
        }
    } else {
        #tdomf_log_message("No spam submissions to clean up!",TDOMF_LOG_GOOD);
    }
}
 function formHack($args, $options, $postfix = '')
 {
     $output = "";
     $field = $this->getField($options['type'], $this->index);
     if ($field != false) {
         extract($args);
         $options = $this->updateFieldOptions($options, $options['type'], $this->index);
         if (TDOMF_Widget::isEditForm($mode, $tdomf_form_id)) {
             #$fieldPrefix = $this->getFieldPrefix($options['type'],$this->index);
             $original_value = get_post_meta($args['post_ID'], $options['key'], true);
             $output .= "\t\t" . '<?php if(strpos($mode,\'-preview\') === false) {' . "\n";
             $output .= "\t\t\t" . '$post = get_post($post_id); if($post) {' . "\n";
             $output .= "\t\t\t\t" . 'if(!isset($post_args[\'' . $field->getId() . '\'])) {' . "\n";
             $output .= "\t\t\t\t\t" . '$post_args[\'' . $field->getId() . '\'] = get_post_meta($post_id,\'' . $options['key'] . '\',true); }' . "\n";
             $output .= "\t\t" . '} } ?>' . "\n\n";
         }
         $output .= $field->formHack($args, $options);
     } else {
         tdomf_log_message('TDOMF_WidgetCustomFields->formHack(): ERROR: Cant find field', TDOMF_LOG_ERROR);
     }
     return $output;
 }
Beispiel #16
0
 function wp_notify_postauthor($comment_id, $comment_type = '')
 {
     $comment = get_comment($comment_id);
     $post = get_post($comment->comment_post_ID);
     $user = get_userdata($post->post_author);
     if ('' == $user->user_email) {
         return false;
     }
     // If there's no email to send the comment to
     $comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
     $blogname = get_option('blogname');
     // This little bit of code checks if the comment belongs to a post
     // submitted via TDOMF. If the author is set to the default TDOMF author
     // or the TDOMF submitter author does not have spam/delete rights on the
     // comment, then redirect email to author
     //
     $user_email = $user->user_email;
     if (get_post_meta($comment->comment_post_ID, TDOMF_KEY_FLAG, true) != false) {
         // default tdomf author
         if ($post->post_author == get_option(TDOMF_DEFAULT_AUTHOR)) {
             tdomf_log_message("wp_notify_postauthor: Comment {$comment_id} action email is destined for default author. Redirecting to admin.");
             $user_email = get_option('admin_email');
         } else {
             // user must have the edit post right to delete or spam a comment
             $user_role = new WP_User($post->post_author);
             if (!$user_role->has_cap('edit_post', $comment->comment_post_ID)) {
                 tdomf_log_message("wp_notify_postauthor: Comment {$comment_id} action email is destined for tdomf submitter with incorrect rights. Redirecting to admin.");
                 $user_email = get_option('admin_email');
             } else {
                 #tdomf_log_message("wp_notify_postauthor: Comment $comment_id action email is destined for tdomf submitter with correct rights.", TDOMF_LOG_GOOD);
             }
         }
         $user_email = get_option('admin_email');
     } else {
         #tdomf_log_message("wp_notify_postauthor: Comment $comment_id action email for non tdomf mail.");
     }
     if (empty($comment_type)) {
         $comment_type = 'comment';
     }
     if ('comment' == $comment_type) {
         $notify_message = sprintf(__('New comment on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title) . "\r\n";
         $notify_message .= sprintf(__('Author : %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain) . "\r\n";
         $notify_message .= sprintf(__('E-mail : %s'), $comment->comment_author_email) . "\r\n";
         $notify_message .= sprintf(__('URL    : %s'), $comment->comment_author_url) . "\r\n";
         $notify_message .= sprintf(__('Whois  : http://ws.arin.net/cgi-bin/whois.pl?queryinput=%s'), $comment->comment_author_IP) . "\r\n";
         $notify_message .= __('Comment: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
         $notify_message .= __('You can see all comments on this post here: ') . "\r\n";
         $subject = sprintf(__('[%1$s] Comment: "%2$s"'), $blogname, $post->post_title);
     } elseif ('trackback' == $comment_type) {
         $notify_message = sprintf(__('New trackback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title) . "\r\n";
         $notify_message .= sprintf(__('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain) . "\r\n";
         $notify_message .= sprintf(__('URL    : %s'), $comment->comment_author_url) . "\r\n";
         $notify_message .= __('Excerpt: ') . "\r\n" . $comment->comment_content . "\r\n\r\n";
         $notify_message .= __('You can see all trackbacks on this post here: ') . "\r\n";
         $subject = sprintf(__('[%1$s] Trackback: "%2$s"'), $blogname, $post->post_title);
     } elseif ('pingback' == $comment_type) {
         $notify_message = sprintf(__('New pingback on your post #%1$s "%2$s"'), $comment->comment_post_ID, $post->post_title) . "\r\n";
         $notify_message .= sprintf(__('Website: %1$s (IP: %2$s , %3$s)'), $comment->comment_author, $comment->comment_author_IP, $comment_author_domain) . "\r\n";
         $notify_message .= sprintf(__('URL    : %s'), $comment->comment_author_url) . "\r\n";
         $notify_message .= __('Excerpt: ') . "\r\n" . sprintf('[...] %s [...]', $comment->comment_content) . "\r\n\r\n";
         $notify_message .= __('You can see all pingbacks on this post here: ') . "\r\n";
         $subject = sprintf(__('[%1$s] Pingback: "%2$s"'), $blogname, $post->post_title);
     }
     $notify_message .= get_permalink($comment->comment_post_ID) . "#comments\r\n\r\n";
     if (function_exists('admin_url')) {
         $notify_message .= sprintf(__('Delete it: %s'), admin_url("comment.php?action=cdc&c={$comment_id}")) . "\r\n";
         $notify_message .= sprintf(__('Spam it: %s'), admin_url("comment.php?action=cdc&dt=spam&c={$comment_id}")) . "\r\n";
     } else {
         $notify_message .= sprintf(__('Delete it: %s'), get_bloginfo('wpurl') . '/wp-admin/comment.php?action=cdc&c=$comment_id') . "\r\n";
         $notify_message .= sprintf(__('Spam it: %s'), get_bloginfo('wpurl') . '/comment.php?action=cdc&dt=spam&c=$comment_id') . "\r\n";
     }
     $wp_email = 'wordpress@' . preg_replace('#^www\\.#', '', strtolower($_SERVER['SERVER_NAME']));
     if ('' == $comment->comment_author) {
         $from = "From: \"{$blogname}\" <{$wp_email}>";
         if ('' != $comment->comment_author_email) {
             $reply_to = "Reply-To: {$comment->comment_author_email}";
         }
     } else {
         $from = "From: \"{$comment->comment_author}\" <{$wp_email}>";
         if ('' != $comment->comment_author_email) {
             $reply_to = "Reply-To: \"{$comment->comment_author_email}\" <{$comment->comment_author_email}>";
         }
     }
     $message_headers = "{$from}\n" . "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"\n";
     if (isset($reply_to)) {
         $message_headers .= $reply_to . "\n";
     }
     $notify_message = apply_filters('comment_notification_text', $notify_message, $comment_id);
     $subject = apply_filters('comment_notification_subject', $subject, $comment_id);
     $message_headers = apply_filters('comment_notification_headers', $message_headers, $comment_id);
     @wp_mail($user_email, $subject, $notify_message, $message_headers);
     return true;
 }
             $myfiles[$i] = array("name" => $upload_file_name, "path" => $uploaded_file, "size" => $upload_size, "type" => $upload_type);
             $count++;
             tdomf_log_message("File {$upload_file_name} saved to tmp area as {$uploaded_file}. It has a size of {$upload_size} and type of {$upload_type}");
             // within an hour, delete the file if not claimed!
             wp_schedule_single_event(time() + TDOMF_UPLOAD_TIMEOUT, 'tdomf_delete_tmp_file_hook', array($uploaded_file));
         } else {
             tdomf_log_message("move_uploaded_file failed!");
             $errors .= sprintf(__("Could not move uploaded file %s to storage area!<br/>", "tdomf"), $upload_file_name);
         }
     } else {
         tdomf_log_message("file {$upload_file_name} uploaded with bad extension: {$ext}");
         $errors .= sprintf(__("Files with %s extensions are forbidden.<br/>", "tdomf"), $ext);
     }
 } else {
     if ($upload_error != 0 && !empty($upload_file_name)) {
         tdomf_log_message("There was a reported error {$upload_error} with the uploaded file!");
         switch ($upload_error) {
             case 1:
                 $errors .= sprintf(__("Sorry but %s was too big. It exceeded the server configuration.<br/>", "tdomf"), $upload_file_name);
                 break;
             case 2:
                 $errors .= sprintf(__("Sorry but %s was too big. It was greater than %s. It exceeded the configured maximum.<br/>", "tdomf"), $upload_file_name, tdomf_filesize_format($options['size']));
                 break;
             case 3:
                 $errors .= sprintf(__("Sorry but only part of %s was uploaded.<br/>", "tdomf"), $upload_file_name);
                 break;
             case 4:
                 $errors .= __("Sorry file does not exist.<br/>", "tdomf");
                 break;
             default:
                 $errors .= sprintf(__("Upload of %s failed for an unknown reason. (%s)<br/>", "tdomf"), $upload_file_name, $upload_error);
function tdomf_moderation_handler()
{
    $message .= "";
    # this means a post was deleted
    #
    if (isset($_REQUEST['deleted'])) {
        $message .= __("Submissions deleted. ", "tdomf");
    }
    // bulk actions
    if (isset($_REQUEST['doaction']) && isset($_REQUEST['action']) && isset($_REQUEST['post'])) {
        $posts = $_REQUEST['post'];
        $action = $_REQUEST['action'];
        if ($action != -1 && is_array($posts) && !empty($posts)) {
            check_admin_referer('tdomf-moderate-bulk');
            switch ($action) {
                case 'spam_recheck':
                    $spam_list = array();
                    $ham_list = array();
                    foreach ($posts as $post) {
                        if (tdomf_check_submissions_spam($post)) {
                            $ham_list[] = $post;
                        } else {
                            $spam_list[] = $post;
                        }
                    }
                    tdomf_log_message('Akismet thinks these submissions are spam: ' . implode(", ", $spam_list));
                    $message .= sprintf(__("Marked these submissions as spam: %s.", "tdomf"), implode(", ", $spam_list));
                    tdomf_log_message('Akismet thinks these posts are not spam: ' . implode(", ", $ham_list));
                    $message .= " ";
                    $message .= sprintf(__("Marked these submissions as not spam: %s.", "tdomf"), implode(", ", $ham_list));
                    break;
                case 'delete':
                    foreach ($posts as $p) {
                        wp_delete_post($p);
                    }
                    tdomf_log_message('Deleted ' . implode(", ", $posts) . ' posts');
                    $message .= sprintf(__("Deleted submissions: %s", "tdomf"), implode(", ", $posts));
                    break;
                case 'publish_now':
                    $list = "";
                    foreach ($posts as $p) {
                        if (!get_post_meta($p, TDOMF_KEY_SPAM)) {
                            // if we're going to publish the post, then it's not spam!
                            tdomf_ham_post($p);
                        }
                        tdomf_publish_post($p, false);
                        $list .= "<a href=\"" . get_permalink($p) . "\">" . $p . "</a>, ";
                    }
                    tdomf_log_message("Published {$list} posts");
                    $message .= sprintf(__("Attempted to published these submissions immediately: %s", "tdomf"), $list);
                    break;
                case 'publish':
                    $list = "";
                    foreach ($posts as $p) {
                        if (!get_post_meta($p, TDOMF_KEY_SPAM)) {
                            // if we're going to publish the post, then it's not spam!
                            tdomf_ham_post($p);
                        }
                        tdomf_publish_post($p);
                        $list .= "<a href=\"" . get_permalink($p) . "\">" . $p . "</a>, ";
                    }
                    tdomf_log_message("Published or queued {$list} posts");
                    $message .= sprintf(__("Attempted to publish or queue these submissions: %s", "tdomf"), $list);
                    break;
                case 'unpublish':
                    foreach ($posts as $p) {
                        tdomf_unpublish_post($p);
                    }
                    tdomf_log_message("Un-published " . implode(", ", $posts) . " posts");
                    $message .= sprintf(__("Attempted to un-publish theses submissions: %s", "tdomf"), implode(", ", $posts));
                    break;
                case 'spamit':
                    $spams = array();
                    foreach ($posts as $p) {
                        if (!get_post_meta($p, TDOMF_KEY_SPAM)) {
                            tdomf_spam_post($p);
                            $spams[] = $p;
                        }
                    }
                    tdomf_log_message("Marked as spam " . implode(", ", $spams) . " posts");
                    $message .= sprintf(__("Marked these submissions as spam: %s", "tdomf"), implode(", ", $spams));
                    break;
                case 'hamit':
                    $hams = array();
                    foreach ($posts as $p) {
                        if (get_post_meta($p, TDOMF_KEY_SPAM)) {
                            tdomf_spam_post($p);
                            $hams[] = $p;
                        }
                    }
                    if (!empty($hams)) {
                        tdomf_log_message("Marked as ham " . implode(", ", $hams) . " posts");
                        $message .= sprintf(__("Marked these submissions as not spam: %s", "tdomf"), implode(", ", $hams));
                    }
                    break;
                case 'lock':
                    $locks = array();
                    foreach ($posts as $p) {
                        if (!get_post_meta($p, TDOMF_KEY_LOCK)) {
                            add_post_meta($p, TDOMF_KEY_LOCK, true, true);
                            $locks[] = $p;
                        }
                    }
                    if (!empty($locks)) {
                        tdomf_log_message("Locked " . implode(", ", $locks) . " posts");
                        $message .= sprintf(__("Locked these posts/pages from editing: %s", "tdomf"), implode(", ", $locks));
                    }
                    break;
                case 'unlock':
                    $locks = array();
                    foreach ($posts as $p) {
                        if (get_post_meta($p, TDOMF_KEY_LOCK)) {
                            delete_post_meta($p, TDOMF_KEY_LOCK);
                            $locks[] = $p;
                        }
                    }
                    if (!empty($locks)) {
                        tdomf_log_message("Unlocked " . implode(", ", $locks) . " posts");
                        $message .= sprintf(__("Unlocked these posts/pages: %s", "tdomf"), implode(", ", $locks));
                    }
                    break;
                case 'edit_spam_recheck':
                    $spam_list = array();
                    $ham_list = array();
                    $edit_spam_list = array();
                    $edit_ham_list = array();
                    foreach ($posts as $post) {
                        $last_edit = tdomf_get_edits(array('post_id' => $post, 'limit' => 1));
                        if ($last_edit != false && !empty($last_edit)) {
                            if (tdomf_check_edit_spam($last_edit[0]->edit_id, false)) {
                                $ham_list[] = $post;
                                $edit_ham_list[] = $last_edit[0]->edit_id;
                            } else {
                                $spam_list[] = $post;
                                $edit_spam_list[] = $last_edit[0]->edit_id;
                            }
                        }
                    }
                    tdomf_log_message('Akismet thinks these edits are spam: ' . implode(", ", $edit_spam_list));
                    $message .= sprintf(__("Marked last contribution on these submissions as spam: %s.", "tdomf"), implode(", ", $spam_list));
                    tdomf_log_message('Akismet thinks these edits are not spam: ' . implode(", ", $edit_ham_list));
                    $message .= " ";
                    $message .= sprintf(__("Marked last contribution on these submissions as not spam: %s.", "tdomf"), implode(", ", $ham_list));
                    break;
                case 'edit_approve':
                    $edit_list = array();
                    $post_list = array();
                    foreach ($posts as $post) {
                        $last_edit = tdomf_get_edits(array('post_id' => $post, 'limit' => 1));
                        if (!empty($last_edit) && $last_edit[0]->state != 'approved') {
                            $edit_list[] = $last_edit[0]->edit_id;
                            $post_list[] = $post;
                            $user_id = $last_edit[0]->user_id;
                            if ($last_edit[0]->state == 'spam') {
                                tdomf_hamit_edit($last_edit[0]);
                            }
                            wp_restore_post_revision($edit->revision_id);
                            tdomf_set_state_edit('approved', $last_edit[0]->edit_id);
                            if ($user_id > 0) {
                                tdomf_trust_user($user_id);
                            }
                        }
                    }
                    tdomf_log_message('These edits have been approved: ' . implode(", ", $edit_list));
                    $message .= sprintf(__("Approved contributions on these submissions: %s.", "tdomf"), implode(", ", $post_list));
                    break;
                case 'edit_revert':
                    $edit_list = array();
                    $post_list = array();
                    foreach ($posts as $post) {
                        $last_edit = tdomf_get_edits(array('post_id' => $post, 'limit' => 1));
                        if (!empty($last_edit) && $last_edit[0]->state == 'approved' && $last_edit[0]->revision_id != 0 && $last_edit[0]->current_revision_id != 0) {
                            $edit_list[] = $last_edit[0]->edit_id;
                            $post_list[] = $post;
                            wp_restore_post_revision($last_edit[0]->current_revision_id);
                            tdomf_set_state_edit('unapproved', $last_edit[0]->edit_id);
                        }
                    }
                    tdomf_log_message('These edits have been reverted: ' . implode(", ", $edit_list));
                    $message .= sprintf(__("Latest contribution on these submissions have been reverted: %s.", "tdomf"), implode(", ", $post_list));
                    break;
                case 'edit_delete':
                    $edit_list = array();
                    $post_list = array();
                    foreach ($posts as $post) {
                        $last_edit = tdomf_get_edits(array('post_id' => $post, 'limit' => 1));
                        if (!empty($last_edit) && $last_edit[0]->state != 'approved') {
                            $edit_list[] = $last_edit[0]->edit_id;
                            $post_list[] = $post;
                            if ($last_edit[0]->revision_id != 0) {
                                wp_delete_post_revision($edit->revision_id);
                                tdomf_log_message("Deleting revision " . $last_edit[0]->revision_id . " on post " . $post);
                            }
                            if ($last_edit[0]->current_revision_id != 0) {
                                wp_delete_post_revision($last_edit[0]->current_revision_id);
                                tdomf_log_message("Deleting revision " . $last_edit[0]->current_revision_id . " on post " . $post);
                            }
                        }
                        tdomf_delete_edits($edit_list);
                    }
                    tdomf_log_message('These edits have been deleted: ' . implode(", ", $edit_list));
                    $message .= sprintf(__("Latest contribution on these submissions have been deleted: %s.", "tdomf"), implode(", ", $post_list));
                    break;
                case 'edit_spamit':
                    $edit_list = array();
                    $post_list = array();
                    foreach ($posts as $post) {
                        $last_edit = tdomf_get_edits(array('post_id' => $post, 'limit' => 1));
                        if (!empty($last_edit) && $last_edit[0]->state != 'spam') {
                            $edit_list[] = $last_edit[0]->edit_id;
                            $post_list[] = $post;
                            tdomf_spamit_edit($last_edit[0]);
                        }
                    }
                    tdomf_log_message('These edits have been marked as spam: ' . implode(", ", $edit_list));
                    $message .= sprintf(__("Latest contribution on these submissions have been marked as spam: %s.", "tdomf"), implode(", ", $post_list));
                    break;
                case 'edit_hamit':
                    $edit_list = array();
                    $post_list = array();
                    foreach ($posts as $post) {
                        $last_edit = tdomf_get_edits(array('post_id' => $post, 'limit' => 1));
                        if (!empty($last_edit) && $last_edit[0]->state == 'soam') {
                            $edit_list[] = $last_edit[0]->edit_id;
                            $post_list[] = $post;
                            tdomf_hamit_edit($last_edit[0]);
                        }
                    }
                    tdomf_log_message('These edits have been marked as not spam: ' . implode(", ", $edit_list));
                    $message .= sprintf(__("Latest contribution on these submissions have been marked as not being spam: %s.", "tdomf"), implode(", ", $post_list));
                    break;
                default:
                    tdomf_log_message('Unexpected bulk action ' . $action . ' in moderation screen!', TDOMF_LOG_BAD);
                    $message .= sprintf(__("Unrecognised bulk action %s,", "tdomf"), $action);
                    break;
            }
        }
        // else no posts selected or bulk actions
        // individual actions
        // operations on posts/pages (submissions)
    } else {
        if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'publish_now') {
            $post_id = $_REQUEST['post'];
            check_admin_referer('tdomf-publish_' . $post_id);
            // if we're going to publish the post, then it's not spam!
            tdomf_ham_post($post_id);
            tdomf_publish_post($post_id, false);
            tdomf_log_message("Published post {$post_id}");
            $message .= sprintf(__("Published post <a href=\"%s\">%d</a>.", "tdomf"), get_permalink($post_id), $post_id);
        } else {
            if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'publish') {
                $post_id = $_REQUEST['post'];
                check_admin_referer('tdomf-publish_' . $post_id);
                // if we're going to publish the post, then it's not spam!
                tdomf_ham_post($post_id);
                tdomf_publish_post($post_id);
                tdomf_log_message("Published post {$post_id}");
                $message .= sprintf(__("Published post <a href=\"%s\">%d</a>.", "tdomf"), get_permalink($post_id), $post_id);
            } else {
                if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'unpublish') {
                    $post_id = $_REQUEST['post'];
                    check_admin_referer('tdomf-unpublish_' . $post_id);
                    tdomf_unpublish_post($post_id);
                    tdomf_log_message("Unpublished post {$post_id}");
                    $message .= sprintf(__("Unpublished post %d.", "tdomf"), $post_id);
                } else {
                    if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'spamit') {
                        $post_id = $_REQUEST['post'];
                        check_admin_referer('tdomf-spamit_' . $post_id);
                        if (!get_post_meta($post_id, TDOMF_KEY_SPAM)) {
                            tdomf_spam_post($post_id);
                            tdomf_log_message("Post {$post_id} submitted as spam");
                            $message .= sprintf(__("Post %d flagged as spam", "tdomf"), $post_id);
                        } else {
                            $message .= sprintf(__("Did not flag post %d as being spam as it is already flagged appropriately.", "tdomf"), $post_id);
                        }
                    } else {
                        if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'hamit') {
                            $post_id = $_REQUEST['post'];
                            check_admin_referer('tdomf-hamit_' . $post_id);
                            if (get_post_meta($post_id, TDOMF_KEY_SPAM)) {
                                tdomf_ham_post($post_id);
                                tdomf_log_message("Post {$post_id} submitted as ham");
                                $message .= sprintf(__("Post %d flagged as not being spam", "tdomf"), $post_id);
                            } else {
                                $message .= sprintf(__("Did not flag post %d as not being spam as it is already flagged appropriately.", "tdomf"), $post_id);
                            }
                        } else {
                            if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'lock') {
                                $post_id = $_REQUEST['post'];
                                check_admin_referer('tdomf-lock_' . $post_id);
                                if (!get_post_meta($post_id, TDOMF_KEY_LOCK)) {
                                    add_post_meta($post_id, TDOMF_KEY_LOCK, true, true);
                                    tdomf_log_message("Post {$post_id} locked");
                                    $message .= sprintf(__("Post %d is now locked from editing", "tdomf"), $post_id);
                                } else {
                                    $message .= sprintf(__("Post %d is already locked from editing.", "tdomf"), $post_id);
                                }
                            } else {
                                if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'unlock') {
                                    $post_id = $_REQUEST['post'];
                                    check_admin_referer('tdomf-unlock_' . $post_id);
                                    if (get_post_meta($post_id, TDOMF_KEY_LOCK)) {
                                        delete_post_meta($post_id, TDOMF_KEY_LOCK);
                                        tdomf_log_message("Post {$post_id} unlocked");
                                        $message .= sprintf(__("Post %d is now unlocked.", "tdomf"), $post_id);
                                    } else {
                                        $message .= sprintf(__("Post %d is already unlocked.", "tdomf"), $post_id);
                                    }
                                } else {
                                    if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'approve_edit') {
                                        $edit_id = $_REQUEST['edit'];
                                        check_admin_referer('tdomf-approve_edit_' . $edit_id);
                                        $edit = tdomf_get_edit($edit_id);
                                        if ($edit && ($edit->state == 'spam' || $edit->state == 'unapproved')) {
                                            if ($edit->state == 'spam') {
                                                tdomf_hamit_edit($edit);
                                            }
                                            wp_restore_post_revision($edit->revision_id);
                                            tdomf_set_state_edit('approved', $edit_id);
                                            if ($edit->user_id > 0) {
                                                tdomf_trust_user($edit->user_id);
                                            }
                                            tdomf_log_message("Edit {$edit_id} has been approved on post " . $edit->post_id);
                                            $message .= sprintf(__('Contribution to <a href="%s">Post %d</a> has been approved and published', "tdomf"), get_permalink($edit->post_id), $edit->post_id);
                                        } else {
                                            tdomf_log_message("Invalid {$action} performed on edit {$edit_id}", TDOMF_LOG_BAD);
                                            $message .= sprintf(__('Invalid action %s or invalid edit identifier %d!', 'tdomf'), $_REQUEST['action'], $edit_id);
                                        }
                                    } else {
                                        if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'revert_edit') {
                                            $edit_id = $_REQUEST['edit'];
                                            check_admin_referer('tdomf-revert_edit_' . $edit_id);
                                            $edit = tdomf_get_edit($edit_id);
                                            if ($edit && $edit->state == 'approved' && $edit->revision_id != 0 && $edit->current_revision_id != 0) {
                                                wp_restore_post_revision($edit->current_revision_id);
                                                tdomf_set_state_edit('unapproved', $edit_id);
                                                tdomf_log_message("Edit {$edit_id} on post " . $edit->post_id . " has been reverted");
                                                $message .= sprintf(__('Contribution to <a href="%s">Post %d</a> has reverted to previous revision', "tdomf"), get_permalink($edit->post_id), $edit->post_id);
                                            } else {
                                                tdomf_log_message("Invalid {$action} performed on edit {$edit_id}", TDOMF_LOG_BAD);
                                                $message .= sprintf(__('Invalid action %s or invalid edit identifier %d!', 'tdomf'), $_REQUEST['action'], $edit_id);
                                            }
                                        } else {
                                            if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete_edit') {
                                                $edit_id = $_REQUEST['edit'];
                                                check_admin_referer('tdomf-delete_edit_' . $edit_id);
                                                $edit = tdomf_get_edit($edit_id);
                                                if ($edit && $edit->state != 'approved') {
                                                    $post_id = $edit->post_id;
                                                    if ($edit->revision_id != 0) {
                                                        wp_delete_post_revision($edit->revision_id);
                                                        tdomf_log_message("Deleting revision {$revision_id} on post " . $post_id);
                                                    }
                                                    if ($edit->current_revision_id != 0) {
                                                        wp_delete_post_revision($edit->current_revision_id);
                                                        tdomf_log_message("Deleting revision {$current_revision_id} on post " . $post_id);
                                                    }
                                                    tdomf_delete_edits(array($edit_id));
                                                    tdomf_log_message("Edit {$edit_id} on post " . $post_id . " has been deleted");
                                                    $message .= sprintf(__('Contribution to <a href="%s">Post %d</a> has deleted', "tdomf"), get_permalink($edit->post_id), $edit->post_id);
                                                } else {
                                                    tdomf_log_message("Invalid {$action} performed on edit {$edit_id}", TDOMF_LOG_BAD);
                                                    $message .= sprintf(__('Invalid action %s or invalid edit identifier %d!', 'tdomf'), $_REQUEST['action'], $edit_id);
                                                }
                                            } else {
                                                if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'spamit_edit') {
                                                    $edit_id = $_REQUEST['edit'];
                                                    check_admin_referer('tdomf-spamit_edit_' . $edit_id);
                                                    $edit = tdomf_get_edit($edit_id);
                                                    if ($edit && $edit->state != 'spam') {
                                                        tdomf_spamit_edit($edit);
                                                        tdomf_log_message("Marking edit {$edit_id} as spam!");
                                                        $message .= sprintf(__('Contribution to <a href="%s">Post %d</a> has been flagged as spam', "tdomf"), get_permalink($edit->post_id), $edit->post_id);
                                                    } else {
                                                        tdomf_log_message("Invalid {$action} performed on edit {$edit_id}", TDOMF_LOG_BAD);
                                                        $message .= sprintf(__('Invalid action %s or invalid edit identifier %d!', 'tdomf'), $_REQUEST['action'], $edit_id);
                                                    }
                                                } else {
                                                    if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'hamit_edit') {
                                                        $edit_id = $_REQUEST['edit'];
                                                        check_admin_referer('tdomf-hamit_edit_' . $edit_id);
                                                        $edit = tdomf_get_edit($edit_id);
                                                        if ($edit && $edit->state == 'spam') {
                                                            tdomf_spamit_edit($edit);
                                                            tdomf_log_message("Marking edit {$edit_id} as not spam!");
                                                            $message .= sprintf(__('Contribution to <a href="%s">Post %d</a> has been flagged as not being spam', "tdomf"), get_permalink($edit->post_id), $edit->post_id);
                                                        } else {
                                                            tdomf_log_message("Invalid {$action} performed on edit {$edit_id}", TDOMF_LOG_BAD);
                                                            $message .= sprintf(__('Invalid action %s or invalid edit identifier %d!', 'tdomf'), $_REQUEST['action'], $edit_id);
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    if (!empty($message)) {
        ?>
      <div id="message" class="updated fade"><p><?php 
        echo $message;
        ?>
</p></div>
   <?php 
    }
}
 function handleLinkAction()
 {
     $post_id = false;
     if (isset($_GET['key']) && isset($_GET['tdomf_autorespondemail_post_id'])) {
         $key = $_GET['key'];
         $post_id = $_GET['tdomf_autorespondemail_post_id'];
         if (!wp_verify_nonce($key, 'tdomf-autorespondemail-' . $post_id)) {
             $message = __('TDOMF: nonce fail', 'tdomf');
             tdomf_log_message("[autorespondemail] nonce {$key} invalid for Post ID {$post_id}", TDOMF_LOG_ERROR);
             $post_id = false;
         }
     } else {
         $message = __('TDOMF: Bad input values', 'tdomf');
         tdomf_log_message("[autorespondemail] Missing 'key' and 'tdomf_autorespondemail_post_id'", TDOMF_LOG_ERROR);
     }
     if ($post_id) {
         $tdomf_key = get_post_meta($post_id, TDOMF_KEY_FLAG, true);
         if (!$tdomf_key) {
             $message = __('This is not a TDOMF post', 'tdomf');
             tdomf_log_message("[autorespondemail] Tried to flag post {$post_id} that isn't a TDOMF post", TDOMF_LOG_ERROR);
             $post_id = false;
         }
     }
     if ($post_id) {
         $form_id = get_post_meta($post_id, TDOMF_KEY_FORM_ID, true);
         if (!$form_id) {
             $message = __('No Form ID is set on this post', 'tdomf');
             tdomf_log_message("[autorespondemail] Form ID is not set on this post {$post_id}", TDOMF_LOG_ERROR);
             $post_id = false;
         }
     }
     if ($post_id) {
         $options = $this->getOptions($form_id);
         if (!$options['link']) {
             $message = __('This form is not configured', 'tdomf');
             tdomf_log_message("[autorespondemail] Form ID {$form_id} is not configured for autorespondemail on post {$post_id}", TDOMF_LOG_ERROR);
             $post_id = false;
         }
     }
     if ($post_id) {
         $field = get_post_meta($post_id, $options['link'], true);
         if (!empty($field)) {
             $message = __('You have already set this post!', 'tdomf');
             tdomf_log_message("[autorespondemail] Already flagged post {$post_id}", TDOMF_LOG_BAD);
             $post_id = false;
         }
     }
     if ($post_id) {
         update_post_meta($post_id, $options['link'], true);
         $message = __('Thank you', 'tdomf');
         tdomf_log_message("[autorespondemail] Flagged post {$post_id} (with Form ID {$form_id})", TDOMF_LOG_GOOD);
     }
     echo $message;
     exit;
 }
 /**
  * Validate widget input
  * 
  * @access public
  * @return Mixed
  */
 function validate($args, $options, $preview)
 {
     // don't bother validating for preview
     if ($preview) {
         return NULL;
     }
     extract($args);
     $output = "";
     if (empty($args['recaptcha_response_field'])) {
         return __('Please complete the reCAPTCHA.', 'tdomf');
     }
     if (!function_exists('recaptcha_check_answer')) {
         @(require_once TDOMF_RECAPTCHALIB_PATH);
     }
     $response = recaptcha_check_answer($options['privatekey'], $_SERVER['REMOTE_ADDR'], $args['recaptcha_challenge_field'], $args['recaptcha_response_field']);
     if (!$response->is_valid) {
         $form_data = tdomf_get_form_data($args['tdomf_form_id']);
         $form_data['recaptcha_error'] = $response->error;
         tdomf_save_form_data($args['tdomf_form_id'], $form_data);
         if ($response->error == 'incorrect-captcha-sol') {
             return __('That reCAPTCHA was incorrect.', 'tdomf');
         } else {
             tdomf_log_message('reCAPTCHA error ' . $response->error . '. Please refer to <a href="http://recaptcha.net/apidocs/captcha/">reCaptcha docs</a> for more information', TDOMF_LOG_ERROR);
             return __('Invalid reCAPTCHA configuration.', 'tdomf');
         }
     }
     return NULL;
 }
function tdomf_handle_form_options_actions()
{
    global $wpdb, $wp_roles;
    $message = "";
    $retValue = false;
    if (!isset($wp_roles)) {
        $wp_roles = new WP_Roles();
    }
    $roles = $wp_roles->role_objects;
    $caps = tdomf_get_all_caps();
    $remove_throttle_rule = false;
    $rule_id = 0;
    if (isset($_REQUEST['tdomf_form_id'])) {
        $form_id = intval($_REQUEST['tdomf_form_id']);
        $rules = tdomf_get_option_form(TDOMF_OPTION_THROTTLE_RULES, $form_id);
        if (is_array($rules)) {
            foreach ($rules as $id => $r) {
                if (isset($_REQUEST["tdomf_remove_throttle_rule_{$id}"])) {
                    $remove_throttle_rule = true;
                    $rule_id = $id;
                    break;
                }
            }
        }
    }
    if ($remove_throttle_rule) {
        check_admin_referer('tdomf-options-save');
        unset($rules[$rule_id]);
        tdomf_set_option_form(TDOMF_OPTION_THROTTLE_RULES, $rules, $form_id);
        $message .= "Throttle rule removed!<br/>";
        tdomf_log_message("Removed throttle rule");
    } else {
        if (isset($_REQUEST['tdomf_add_throttle_rule'])) {
            check_admin_referer('tdomf-options-save');
            $form_id = intval($_REQUEST['tdomf_form_id']);
            $rule = array();
            $rule['sub_type'] = $_REQUEST['tdomf_throttle_rule_sub_type'];
            $rule['count'] = $_REQUEST['tdomf_throttle_rule_count'];
            $rule['type'] = $_REQUEST['tdomf_throttle_rule_user_type'];
            $rule['opt1'] = isset($_REQUEST['tdomf_throttle_rule_opt1']);
            $rule['time'] = intval($_REQUEST['tdomf_throttle_rule_time']);
            $rules = tdomf_get_option_form(TDOMF_OPTION_THROTTLE_RULES, $form_id);
            if (!is_array($rules)) {
                $rules = array();
            }
            $rules[] = $rule;
            tdomf_set_option_form(TDOMF_OPTION_THROTTLE_RULES, $rules, $form_id);
            $message .= "Throttle rule added!<br/>";
            tdomf_log_message("Added a new throttle rule: " . var_export($rule, true));
        } else {
            if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'create_form_page') {
                check_admin_referer('tdomf-create-form-page');
                $form_id = intval($_REQUEST['form']);
                $page_id = tdomf_create_form_page($form_id);
                $message = sprintf(__("A page with the form has been created. <a href='%s'>View page &raquo;</a><br/>", "tdomf"), get_permalink($page_id));
            } else {
                if (isset($_REQUEST['save_settings']) && isset($_REQUEST['tdomf_form_id'])) {
                    check_admin_referer('tdomf-options-save');
                    $form_id = intval($_REQUEST['tdomf_form_id']);
                    // Edit or Submit
                    $edit_form = false;
                    if (isset($_REQUEST['tdomf_mode']) && $_REQUEST['tdomf_mode'] == "edit") {
                        $edit_form = true;
                    }
                    tdomf_set_option_form(TDOMF_OPTION_FORM_EDIT, $edit_form, $form_id);
                    // Allow pages with forms to be editted
                    $edit_page_form = isset($_REQUEST['tdomf_edit_page_form']);
                    tdomf_set_option_form(TDOMF_OPTION_EDIT_PAGE_FORM, $edit_page_form, $form_id);
                    // Allow authors to edit
                    $author_edit = false;
                    if (isset($_REQUEST['tdomf_author_edit'])) {
                        $author_edit = true;
                    }
                    tdomf_set_option_form(TDOMF_OPTION_ALLOW_AUTHOR, $author_edit, $form_id);
                    // Edit post within X seconds of being published
                    $time_edit = false;
                    if (isset($_REQUEST['tdomf_time_edit'])) {
                        $time_edit = intval($_REQUEST['tdomf_time_edit']);
                        if ($time_edit <= 0) {
                            $time_edit = false;
                        }
                    }
                    tdomf_set_option_form(TDOMF_OPTION_ALLOW_TIME, $time_edit, $form_id);
                    // Who can access the form?
                    if (isset($_REQUEST['tdomf_special_access_anyone']) && tdomf_get_option_form(TDOMF_OPTION_ALLOW_EVERYONE, $form_id) == false) {
                        tdomf_set_option_form(TDOMF_OPTION_ALLOW_EVERYONE, true, $form_id);
                        foreach ($roles as $role) {
                            // remove cap as it's not needed
                            if (isset($role->capabilities[TDOMF_CAPABILITY_CAN_SEE_FORM . '_' . $form_id])) {
                                $role->remove_cap(TDOMF_CAPABILITY_CAN_SEE_FORM . '_' . $form_id);
                            }
                        }
                        tdomf_set_option_form(TDOMF_OPTION_ALLOW_CAPS, array(), $form_id);
                    } else {
                        if (!isset($_REQUEST['tdomf_special_access_anyone'])) {
                            tdomf_set_option_form(TDOMF_OPTION_ALLOW_EVERYONE, false, $form_id);
                            // add cap to right roles
                            foreach ($roles as $role) {
                                if (isset($_REQUEST["tdomf_access_" . $role->name])) {
                                    $role->add_cap(TDOMF_CAPABILITY_CAN_SEE_FORM . '_' . $form_id);
                                } else {
                                    if (isset($role->capabilities[TDOMF_CAPABILITY_CAN_SEE_FORM . '_' . $form_id])) {
                                        $role->remove_cap(TDOMF_CAPABILITY_CAN_SEE_FORM . '_' . $form_id);
                                    }
                                }
                            }
                            // list caps that can access form
                            $allow_caps = array();
                            foreach ($caps as $cap) {
                                if (isset($_REQUEST['tdomf_access_caps_' . $cap])) {
                                    $allow_caps[] = $cap;
                                }
                            }
                            tdomf_set_option_form(TDOMF_OPTION_ALLOW_CAPS, $allow_caps, $form_id);
                            // convert user names to ids
                            $allow_users = array();
                            if (isset($_REQUEST['tdomf_access_users_list'])) {
                                $user_names = trim($_REQUEST['tdomf_access_users_list']);
                                if (!empty($user_names)) {
                                    $user_names = explode(' ', $user_names);
                                    foreach ($user_names as $user_name) {
                                        if (!empty($user_name)) {
                                            if (($userdata = get_userdatabylogin($user_name)) != false) {
                                                $allow_users[] = $userdata->ID;
                                            } else {
                                                $message .= "<font color='red'>" . sprintf(__("{$user_name} is not a valid user name. Ignoring.<br/>", "tdomf"), $form_id) . "</font>";
                                                tdomf_log_message("User login {$user_name} is not recognised by wordpress. Ignoring.", TDOMF_LOG_BAD);
                                            }
                                        }
                                    }
                                }
                            }
                            tdomf_set_option_form(TDOMF_OPTION_ALLOW_USERS, $allow_users, $form_id);
                        }
                    }
                    tdomf_set_option_form(TDOMF_OPTION_ALLOW_PUBLISH, isset($_REQUEST['tdomf_user_publish_override']), $form_id);
                    // Who gets notified?
                    $notify_roles = "";
                    foreach ($roles as $role) {
                        if (isset($_REQUEST["tdomf_notify_" . $role->name])) {
                            $notify_roles .= $role->name . ";";
                        }
                    }
                    if (!empty($notify_roles)) {
                        tdomf_set_option_form(TDOMF_NOTIFY_ROLES, $notify_roles, $form_id);
                    } else {
                        tdomf_set_option_form(TDOMF_NOTIFY_ROLES, false, $form_id);
                    }
                    $save = true;
                    $tdomf_admin_emails = $_POST['tdomf_admin_emails'];
                    $emails = explode(',', $tdomf_admin_emails);
                    foreach ($emails as $email) {
                        if (!empty($email)) {
                            if (!tdomf_check_email_address($email)) {
                                $message .= "<font color='red'>" . sprintf(__("The email %s is not valid! Please update 'Who Gets Notified' with valid email addresses.", "tdomf"), $email) . "</font><br/>";
                                $save = false;
                                break;
                            }
                        }
                    }
                    if ($save) {
                        tdomf_set_option_form(TDOMF_OPTION_ADMIN_EMAILS, $tdomf_admin_emails, $form_id);
                    }
                    // Default Category
                    $def_cat = $_POST['tdomf_def_cat'];
                    tdomf_set_option_form(TDOMF_DEFAULT_CATEGORY, $def_cat, $form_id);
                    // Restrict editing to posts submitted by tdomf
                    $edit_restrict_tdomf = isset($_REQUEST['tdomf_edit_tdomf_only']);
                    tdomf_set_option_form(TDOMF_OPTION_EDIT_RESTRICT_TDOMF, $edit_restrict_tdomf, $form_id);
                    $edit_restrict_cats = explode(',', trim($_REQUEST['tdomf_edit_cats']));
                    if (!empty($edit_restrict_cats)) {
                        $cats = array();
                        foreach ($edit_restrict_cats as $cat) {
                            $cat = intval(trim($cat));
                            if ($cat > 0) {
                                $cats[] = $cat;
                            }
                        }
                        $edit_restrict_cats = $cats;
                    } else {
                        $edit_restrict_cats = array();
                    }
                    tdomf_set_option_form(TDOMF_OPTION_EDIT_RESTRICT_CATS, $edit_restrict_cats, $form_id);
                    // add edit link
                    $add_edit_link = $_REQUEST['tdomf_add_edit_link'];
                    if ($add_edit_link == 'custom') {
                        $add_edit_link = $_REQUEST['tdomf_add_edit_link_custom_url'];
                    }
                    tdomf_set_option_form(TDOMF_OPTION_ADD_EDIT_LINK, $add_edit_link, $form_id);
                    $ajax_edit = isset($_REQUEST['tdomf_ajax_edit']);
                    tdomf_set_option_form(TDOMF_OPTION_AJAX_EDIT, $ajax_edit, $form_id);
                    // auto modify edit link
                    $auto_edit_link = $_REQUEST['tdomf_auto_edit_link'];
                    if ($auto_edit_link == 'custom') {
                        $auto_edit_link = $_REQUEST['tdomf_auto_edit_link_custom_url'];
                    }
                    tdomf_set_option_form(TDOMF_OPTION_AUTO_EDIT_LINK, $auto_edit_link, $form_id);
                    //Turn On/Off Moderation
                    $mod = false;
                    if (isset($_POST['tdomf_moderation'])) {
                        $mod = true;
                    }
                    tdomf_set_option_form(TDOMF_OPTION_MODERATION, $mod, $form_id);
                    $tdomf_redirect = isset($_POST['tdomf_redirect']);
                    tdomf_set_option_form(TDOMF_OPTION_REDIRECT, $tdomf_redirect, $form_id);
                    //Preview
                    $preview = false;
                    if (isset($_POST['tdomf_preview'])) {
                        $preview = true;
                    }
                    tdomf_set_option_form(TDOMF_OPTION_PREVIEW, $preview, $form_id);
                    //From email
                    if (trim($_POST['tdomf_from_email']) == "") {
                        tdomf_set_option_form(TDOMF_OPTION_FROM_EMAIL, false, $form_id);
                    } else {
                        tdomf_set_option_form(TDOMF_OPTION_FROM_EMAIL, $_POST['tdomf_from_email'], $form_id);
                    }
                    // Form name
                    if (trim($_POST['tdomf_form_name']) == "") {
                        tdomf_set_option_form(TDOMF_OPTION_NAME, "", $form_id);
                    } else {
                        tdomf_set_option_form(TDOMF_OPTION_NAME, strip_tags($_POST['tdomf_form_name']), $form_id);
                    }
                    // Form description
                    if (trim($_POST['tdomf_form_descp']) == "") {
                        tdomf_set_option_form(TDOMF_OPTION_DESCRIPTION, false, $form_id);
                    } else {
                        tdomf_set_option_form(TDOMF_OPTION_DESCRIPTION, $_POST['tdomf_form_descp'], $form_id);
                    }
                    // Include on "your submissions" page
                    //
                    $include = false;
                    if (isset($_POST['tdomf_include_sub'])) {
                        $include = true;
                    }
                    tdomf_set_option_form(TDOMF_OPTION_INCLUDED_YOUR_SUBMISSIONS, $include, $form_id);
                    if (get_option(TDOMF_OPTION_YOUR_SUBMISSIONS) && $include) {
                        $message .= sprintf(__("Saved Options for Form %d. <a href='%s'>See your form &raquo</a>", "tdomf"), $form_id, "users.php?page=tdomf_your_submissions#tdomf_form%d") . "<br/>";
                    } else {
                        $message .= sprintf(__("Saved Options for Form %d.", "tdomf"), $form_id) . "<br/>";
                    }
                    // widget count
                    //
                    $widget_count = 10;
                    if (isset($_POST['tdomf_widget_count'])) {
                        $widget_count = intval($_POST['tdomf_widget_count']);
                    }
                    if ($widget_count < 1) {
                        $widget_count = 1;
                    }
                    tdomf_set_option_form(TDOMF_OPTION_WIDGET_INSTANCES, $widget_count, $form_id);
                    //Submit page instead of post
                    //
                    $use_page = false;
                    if (isset($_POST['tdomf_use_type']) && $_POST['tdomf_use_type'] == 'page') {
                        $use_page = true;
                    }
                    tdomf_set_option_form(TDOMF_OPTION_SUBMIT_PAGE, $use_page, $form_id);
                    // Queue period
                    //
                    $tdomf_queue_period = intval($_POST['tdomf_queue_period']);
                    tdomf_set_option_form(TDOMF_OPTION_QUEUE_PERIOD, $tdomf_queue_period, $form_id);
                    // Queue on all
                    //
                    $tdomf_queue_on_all = isset($_POST['tdomf_queue_on_all']);
                    tdomf_set_option_form(TDOMF_OPTION_QUEUE_ON_ALL, $tdomf_queue_on_all, $form_id);
                    // ajax
                    //
                    $tdomf_ajax = isset($_POST['tdomf_ajax']);
                    tdomf_set_option_form(TDOMF_OPTION_AJAX, $tdomf_ajax, $form_id);
                    // Send moderation email even for published posts
                    //
                    $tdomf_mod_email_on_pub = isset($_POST['tdomf_mod_email_on_pub']);
                    tdomf_set_option_form(TDOMF_OPTION_MOD_EMAIL_ON_PUB, $tdomf_mod_email_on_pub, $form_id);
                    // Admin users auto-publish?
                    //
                    $tdomf_publish_no_mod = isset($_POST['tdomf_user_publish_auto']);
                    tdomf_set_option_form(TDOMF_OPTION_PUBLISH_NO_MOD, $tdomf_publish_no_mod, $form_id);
                    // Spam
                    //
                    $message .= tdomf_handle_spam_options_actions($form_id);
                    tdomf_log_message("Options Saved for Form ID {$form_id}");
                } else {
                    if (isset($_REQUEST['delete'])) {
                        $form_id = intval($_REQUEST['delete']);
                        check_admin_referer('tdomf-delete-form-' . $form_id);
                        if (tdomf_form_exists($form_id)) {
                            $count_forms = count(tdomf_get_form_ids());
                            if ($count_forms > 1) {
                                if (tdomf_delete_form($form_id)) {
                                    $message .= sprintf(__("Form %d deleted.<br/>", "tdomf"), $form_id);
                                } else {
                                    $message .= sprintf(__("Could not delete Form %d!<br/>", "tdomf"), $form_id);
                                }
                            } else {
                                $message .= sprintf(__("You cannot delete the last form! There must be at least one form in the system.<br/>", "tdomf"), $form_id);
                            }
                        } else {
                            $message .= sprintf(__("Form %d is not valid!<br/>", "tdomf"), $form_id);
                        }
                    } else {
                        if (isset($_REQUEST['copy'])) {
                            $form_id = intval($_REQUEST['copy']);
                            check_admin_referer('tdomf-copy-form-' . $form_id);
                            $copy_form_id = tdomf_copy_form($form_id);
                            if ($copy_form_id != 0) {
                                $message .= sprintf(__("Form %d copied with id %d.<br/>", "tdomf"), $form_id, $copy_form_id);
                                $retValue = $copy_form_id;
                            } else {
                                $message .= sprintf(__("Failed to copy Form %d!<br/>", "tdomf"), $form_id);
                            }
                        } else {
                            if (isset($_REQUEST['new'])) {
                                check_admin_referer('tdomf-new-form');
                                $form_id = tdomf_create_form(__('New Form', 'tdomf'), array());
                                if ($form_id != 0) {
                                    $message .= sprintf(__("New form created with %d.<br/>", "tdomf"), $form_id);
                                    $retValue = $form_id;
                                } else {
                                    $message .= __("Failed to create new Form!<br/>", "tdomf");
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    // Warnings
    $message .= tdomf_get_error_messages(false);
    if (!empty($message)) {
        ?>
   <div id="message" class="updated fade"><p><?php 
        echo $message;
        ?>
</p></div>
   <?php 
    }
    return $retValue;
}