if (isset($cnt_form["fields"]) && is_array($cnt_form["fields"]) && count($cnt_form["fields"])) {
$form_counter = 0;
$cnt_form['label_wrap'] = explode('|', $cnt_form['label_wrap']);
$cnt_form['label_wrap'][0] = !empty($cnt_form['label_wrap'][0]) ? trim($cnt_form['label_wrap'][0]) : '';
$cnt_form['label_wrap'][1] = !empty($cnt_form['label_wrap'][1]) ? trim($cnt_form['label_wrap'][1]) : '';
$form_field_hidden = '';
$cnt_form['regx_pattern'] = array('A-Z' => '/^[A-Z]+$/', 'a-Z' => '/^[a-zA-Z]+$/', 'a-z' => '/^[a-z]+$/', '0-9' => '/^[0-9]+$/', 'PHONE' => '/^[+]?([0-9]*[\\.\\s\\-\\(\\)\\/]|[0-9]+){3,24}$/', 'INT' => '/^[0-9\\-\\+]+$/', 'WORD' => '/^[\\w]+$/', 'LETTER+SPACE' => '/^[a-z _\\-\\:]+$/i');
if (!empty($_POST['cpID' . $crow["acontent_id"]]) && intval($_POST['cpID' . $crow["acontent_id"]]) == $crow["acontent_id"]) {
$POST_DO = true;
$POST_val = array();
$cache_nosave = true;
} else {
$POST_DO = false;
}
// make spam check
if ($POST_DO && !checkFormTrackingValue()) {
$POST_ERR['spamFormAlert' . time()] = '[span_class:spamFormAlert]Your IP ' . getRemoteIP() . ' is not allowed to send form![/class]';
}
foreach ($cnt_form["fields"] as $key => $value) {
$form_field = '';
$form_name = html_specialchars($cnt_form["fields"][$key]['name']);
$POST_name = $cnt_form["fields"][$key]['name'];
switch ($cnt_form["fields"][$key]['type']) {
case 'text':
/*
* Text
*/
if ($POST_DO && isset($_POST[$POST_name])) {
$POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name]));
if ($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') {
$POST_ERR[$key] = $cnt_form["fields"][$key]['error'];
}
if (isset($_POST['guestbook_email']) && !empty($guestbook['captcha'])) {
include_once PHPWCMS_ROOT . '/include/inc_ext/SPAF_FormValidator.class.php';
// instantiate the object
$spaf_obj = new SPAF_FormValidator();
$guestbook['post']['captcha'] = isset($_POST['guestbook_captcha']) ? clean_slweg($_POST['guestbook_captcha']) : '';
if ($spaf_obj->validRequest($guestbook['post']['captcha'])) {
// destroy successful code
$spaf_obj->destroy();
} else {
$guestbook['error']['captcha'] = 'Fill in the correct captcha code. Proof it twice!';
}
}
if (isset($_POST['guestbook_email']) && !$guestbook['flooding']) {
// make global spam check
if (!checkFormTrackingValue()) {
$guestbook['flooding'] = 1;
$guestbook['readform'] = 1;
$guestbook['spamalert'] = '<div class="spamFormAlert">Your IP ' . getRemoteIP() . ' is not allowed to send form!</div>';
}
}
// final guestbook form check and insert into db
if (isset($_POST['guestbook_email']) && !$guestbook['flooding']) {
// check URL and try to connect - if fails set to ''
if ($guestbook['post']['url']) {
$guestbook['post']['url'] = preg_replace('/(mailto|http|https):{0,1}/i', '', $guestbook['post']['url']);
list($guestbook['post']['url']) = explode('?', $guestbook['post']['url'], 2);
$guestbook['post']['url'] = str_replace('//', '', trim($guestbook['post']['url']));
if ($content["guestbook"]["gb_urlcheck"] && @ini_get('allow_url_fopen')) {
if ($guestbook['fp'] = @fopen('http://' . $guestbook['post']['url'], 'r')) {
@fclose($guestbook['fp']);
