/**
* displays the recommend-this-site form
*
* @param array $page page db row
* @param array $vars page meta data
*
* @return HTML of either the form
*/
function RecommendThisSite_send($page, $vars)
{
$yname = $_REQUEST['rts_yname'];
$yemail = $_REQUEST['rts_yemail'];
$fname = $_REQUEST['rts_fname'];
$femail = $_REQUEST['rts_femail'];
$tplvars = array('amailbody' => $vars['recommendthissite_emailtoadmin'], 'amailsubject' => $vars['recommendthissite_emailtoadmin_subject'], 'amailemail' => $vars['recommendthissite_emailtoadmin_email'], 'ymailbody' => $vars['recommendthissite_emailtosender'], 'ymailsubject' => $vars['recommendthissite_emailtosender_subject'], 'fmailbody' => $vars['recommendthissite_emailtothefriend'], 'fmailsubject' => $vars['recommendthissite_emailtothefriend_subject'], 'success' => $vars['recommendthissite_successmsg']);
foreach ($tplvars as $k => $v) {
$tplvars[$k] = str_replace(array('{{$smarty.server.HTTP_HOST}}', '{{$friend_name}}', '{{$friend_email}}', '{{$sender_name}}', '{{$sender_email}}'), array($_SERVER['HTTP_HOST'], htmlspecialchars($fname), htmlspecialchars($femail), htmlspecialchars($yname), htmlspecialchars($yemail)), $v);
}
cmsMail($yemail, $tplvars['amailemail'], $tplvars['ymailsubject'], $tplvars['ymailbody']);
cmsMail($femail, $femail, $tplvars['fmailsubject'], $tplvars['fmailbody']);
cmsMail($tplvars['amailemail'], 'noreply@' . str_replace('www.', '', $_SERVER['HTTP_HOST']), $tplvars['amailsubject'], $tplvars['amailbody']);
return $tplvars['success'];
}
/**
* check that a file can be accessed
*
* @param array $vars array
*
* @return null
*/
function ProtectedFiles_check($vars)
{
global $PAGEDATA;
$fname = $vars['requested_file'];
$protected_files = Core_cacheLoad('protected_files', 'all');
if (!$protected_files) {
$protected_files = dbAll('select * from protected_files');
Core_cacheSave('protected_files', 'all', $protected_files);
}
foreach ($protected_files as $pr) {
if (strpos($fname, $pr['directory'] . '/') === 0) {
if (!isset($pr['details'])) {
$details = array('type' => 1);
} else {
$details = json_decode($pr['details'], true);
}
switch ((int) $details['type']) {
case 1:
// { email
$email = '';
if (isset($_SESSION['protected_files_email']) && $_SESSION['protected_files_email']) {
$email = $_SESSION['protected_files_email'];
} elseif (isset($_SESSION['userdata']['email']) && $_SESSION['userdata']['email']) {
$email = $_SESSION['userdata']['email'];
} elseif (isset($_REQUEST['email']) && filter_var($_REQUEST['email'], FILTER_VALIDATE_EMAIL)) {
$email = $_REQUEST['email'];
}
if ($email) {
require_once SCRIPTBASE . 'ww.incs/common.php';
$_SESSION['protected_files_email'] = $email;
if (!isset($_SESSION['protected_files_stage2'])) {
$_SESSION['protected_files_stage2'] = 1;
$PAGEDATA = Page::getInstance(0);
$PAGEDATA->title = 'File Download';
list($smarty, $template) = ProtectedFiles_getTemplate($pr['template']);
$smarty->assign('METADATA', '<title>File Download</title>');
$smarty->assign('PAGECONTENT', '<p>Your download should begin in two seconds. ' . 'If it doesn\'t, please <a href="' . $_SERVER['REQUEST_URI'] . '">click here</a></p>' . '<script defer="defer">setTimeout(function(){document.location="' . htmlspecialchars($_SERVER['REQUEST_URI']) . '";},2000);</script><p>' . '<a href="' . $_SESSION['referer'] . '">Click here</a> to return to the referring page.</p>');
$smarty->display($template . '.html');
Core_quit();
} else {
cmsMail($pr['recipient_email'], '[' . $_SERVER['HTTP_HOST'] . '] protected file downloaded', 'protected file "' . addslashes($fname) . '" was downloaded by "' . addslashes($email) . '"');
ProtectedFiles_log($fname, 1, $email, $pr['id']);
unset($_SESSION['referer']);
}
} else {
unset($_SESSION['protected_files_stage2']);
if (!isset($_SESSION['referer'])) {
$_SESSION['referer'] = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
}
ProtectedFiles_log($fname, 0, '', $pr['id']);
$PAGEDATA = Page::getInstance(0);
$PAGEDATA->title = 'File Download';
list($smarty, $template) = ProtectedFiles_getTemplate($pr['template']);
$smarty->assign('METADATA', '<title>File Download</title>');
$smarty->assign('PAGECONTENT', $pr['message'] . '<form method="post" action="/f' . htmlspecialchars($fname) . '">' . '<input name="email" /><input type="submit" value="Please en' . 'ter your email address" /></form>');
$smarty->display($template . '.html');
Core_quit();
}
break;
// }
// }
case 2:
// { groups
if (isset($_SESSION['userdata']['groups'])) {
$valid = explode(',', $details['groups']);
foreach ($valid as $g) {
if ($g != '' && isset($_SESSION['userdata']['groups'][$g])) {
return;
// ok - this user is a member of a valid group
}
}
}
$PAGEDATA = Page::getInstance(0);
$PAGEDATA->title = 'File Download';
list($smarty, $template) = ProtectedFiles_getTemplate($pr['template']);
$smarty->assign('METADATA', '<title>File Download</title>');
$smarty->assign('PAGECONTENT', $pr['message'] . '<p>Please <a href="/_r?type=privacy">login</a> ' . 'to view this page</p>');
$smarty->display($template . '.html');
Core_quit();
// }
}
}
}
}
/**
* sends a form, or displays the form instead with errors on top
*
* @param array $page page db row
* @param array $vars page meta data
* @param array $form_fields array of fields
*
* @return HTML of either the result, or the form with errors on top
*/
function Form_send($page, $vars, $form_fields)
{
$c = '';
$plaintext = '';
$values = array();
$email = '';
foreach ($form_fields as $r2) {
$name = preg_replace('/[^a-zA-Z0-9_]/', '', $r2['name']);
$separator = "\n" . str_repeat('-', 80) . "\n";
$val = '';
switch ($r2['type']) {
case 'checkbox':
// {
$val = @$_REQUEST[$name];
$values[$r2['name']] = $val == 'on' ? 'yes' : 'no';
if ($val == 'on') {
$plaintext .= 'selected option: ' . htmlspecialchars($r2['name']) . $separator;
}
break;
// }
// }
case 'date':
case 'ccdate':
// {
$val = Core_dateM2H(@$_REQUEST[$name]);
if ($r2['type'] == 'ccdate') {
$val = preg_replace('#.* ([a-zA-Z]*, [0-9]+)#', "\$1", $val);
}
$values[$r2['name']] = $val;
$plaintext .= htmlspecialchars($r2['name']) . "\n" . htmlspecialchars($val) . $separator;
break;
// }
// }
case 'email':
// {
$val = @$_REQUEST[$name];
$values[$r2['name']] = $val;
$plaintext .= htmlspecialchars($r2['name']) . "\n" . htmlspecialchars($val) . $separator;
$email = $val;
break;
// }
// }
case 'file':
// { build $files array which emulates the $_FILES array
// { first remove old uploads
$dir = USERBASE . '/f/.files/forms/';
if (!is_dir($dir)) {
break;
}
$fs = new DirectoryIterator($dir);
$time = time();
foreach ($fs as $f) {
if ($f->isDot()) {
continue;
}
if ($f->isDir()) {
$diff = $time - $f->getMTime();
if ($diff > 600) {
// file is older than 10 minutes
CoreDirectory::delete($f->getPathname());
}
}
}
// }
$session_id = session_id();
$dir .= $session_id;
if (!is_dir($dir)) {
break;
}
$_FILES = array();
$uploads = new DirectoryIterator($dir);
foreach ($uploads as $upload) {
if ($upload->isDot() || $upload->isDir()) {
continue;
}
array_push($_FILES, array('name' => $upload->getFileName(), 'type' => mime_content_type($upload->getPathname()), 'tmp_name' => $upload->getPathname(), 'error' => 0, 'size' => $upload->getSize()));
}
break;
// }
// }
case 'html-block':
case 'next-page-link':
case 'previous-page-link':
case 'page-break':
// { not inputs - don't add them
break;
// }
// }
default:
// {
$val = @$_REQUEST[$name];
$values[$r2['name']] = $val;
$val = nl2br($val);
$plaintext .= htmlspecialchars($r2['name']) . "\n" . htmlspecialchars($val) . $separator;
// }
}
}
$from_field = preg_replace('/[^a-zA-Z]/', '', $vars['forms_replyto']);
$from = isset($_REQUEST[$from_field]) ? $_REQUEST[$from_field] : '';
if (@$vars['forms_create_user']) {
$id = dbOne('select id from user_accounts where email="' . addslashes($email) . '"', 'id');
if (!$id) {
dbQuery('insert into user_accounts set email="' . addslashes($email) . '",' . 'extras="' . addslashes(json_encode($values)) . '"');
$id = dbLastInsertId();
if (isset($_FILES) && count($_FILES)) {
@mkdir(USERBASE . '/f/user-files');
@mkdir(USERBASE . '/f/user-files/' . $id);
foreach ($_FILES as $file) {
copy($file['tmp_name'], USERBASE . '/f/user-files/' . $id . '/' . $file['name']);
}
}
}
}
if ($vars['forms_send_as_email']) {
$form = Form_readonly($page['id'], $vars, $form_fields);
$to = $vars['forms_recipient'];
$form = str_replace(array('<input type="submit" value="' . __('Submit Form') . '" />', '<form action="' . $_SERVER['REQUEST_URI'] . '" method="post" ' . 'class="ww_form" enctype="multipart/form-data">', '</form>'), '', $form);
cmsMail($to, $from, $_SERVER['HTTP_HOST'] . ' ' . __FromJson($page['name']), '<html><head></head><body>' . $form . '</body></html>', $_FILES);
if (is_dir(USERBASE . '/f/.files/forms/' . session_id())) {
// remove uploaded files
CoreDirectory::delete(USERBASE . '/f/.files/forms/' . session_id());
}
}
if ($vars['forms_record_in_db']) {
Form_saveValues($page['id'], $form_fields);
}
$c .= '<div id="thankyoumessage">' . $vars['forms_successmsg'] . '</div>';
return $c;
}