function upload_file()
{
global $CONF_FE, $_TABLES, $GLOBALS, $_CONF;
//upload the file
$field_name = COM_applyFilter($_POST['current_upload_file']);
$result_id = COM_applyFilter($_POST['res_id'], true);
$form_id = COM_applyFilter($_POST['form_id'], true);
$uploadfile = $_FILES[$field_name];
$fieldID = COM_applyFilter($_REQUEST['field_id'], true);
if ($result_id == 0) {
//form has not been saved yet
$result_id = nexform_dbsave($form_id, 0, false);
}
if (($rec = nexform_check4files($result_id, $field_name)) != 0) {
$retval = '';
$retval .= " <a href=\"{$CONF_FE['public_url']}/download.php?id={$rec}\" target=\"_new\">";
$retval .= "<img src=\"{$CONF_FE['image_url']}/document_sm.gif\" border=\"0\">{$uploadfile['name'][0]}</a> ";
$edit_group = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$form_id}'");
if (SEC_inGroup($edit_group)) {
$retval .= "<a href=\"#\" onClick='ajaxDeleteFile({$fieldID},{$rec},\"{$field_name}\"); return false;'>";
$retval .= "<img src=\"{$CONF_FE['image_url']}/delete.gif\" border=\"0\"></a> ";
}
$iserror = 'false';
} else {
//COM_fileLog("upload error:" . $GLOBALS['fe_errmsg']);
$errmsg = $GLOBALS['fe_errmsg'];
$err_fieldname = 'error_' . ppRandomFilename();
$retval = '';
if ($errmsg == '') {
$errmsg = 'Your file could not be uploaded.';
}
$retval .= "<table id=\"tbl_{$err_fieldname}\"><tr id=\"{$err_fieldname}\"><td><img src=\"{$_CONF['layout_url']}/nexform/images/error.gif\"></td><td>{$errmsg}<br><center><font size=\"1\"><a href=\"#\" onClick=\"ajaxClearErrorMessage('{$err_fieldname}'); return false;\">[ Clear Message ]</a></font></center></td></tr></table>";
$iserror = 'true';
}
return array($retval, $fieldID, $field_name, $form_id, $result_id, $iserror);
}
if ($dup_form_check !== NULL) {
//form already exists
if ($mode == 'draft' and !isset($_POST['custom_handler'])) {
echo COM_refresh($form_return_url);
} else {
echo COM_refresh($_CONF['site_url'] . '/nexflow/index.php' . $optReturnVars);
}
exit;
}
DB_query("INSERT INTO {$_TABLES['nf_projectforms']} (formtype,created_by_taskid) VALUES ('{$formtype}', '{$taskid}');");
$project_formid = DB_insertID();
if ($newform == 1) {
nexform_dbupdate($form_id, $id);
$result_id = $id;
} else {
$result_id = nexform_dbsave($form_id, $postUID);
}
$nfclass = new nexflow($processid, $postUID);
/* Update the hit or results counter */
DB_query("UPDATE {$_TABLES['nxform_definitions']} SET responses = responses + 1 WHERE id='{$form_id}'");
$newproject = false;
if ($processid > 0 and $taskid > 0) {
$project_id = $nfclass->get_ProcessVariable('PID');
}
// Create new project tracking record if project does not yet exist
if ($project_id < 1 or DB_count($_TABLES['nf_projects'], 'id', $project_id) == 0) {
$processid = intval($processid);
DB_query("INSERT INTO {$_TABLES['nf_projects']} (originator_uid,wf_process_id,wf_task_id,status)\r\n VALUES ('{$postUID}','{$processid}','{$taskid}','1') ");
$project_id = DB_insertID();
$nfclass->set_ProcessVariable('PID', $project_id);
$newproject = true;
if ($completion_msg == '') {
echo COM_refresh($returnURL . '?msg=1&plugin=nexform');
} else {
echo COM_refresh($CONF_FE['public_url'] . "/complete.php?id={$form_id}");
}
exit;
} elseif ($_POST['formhandler'] == 'email+dbsave') {
/* Save results to Database */
$newform = COM_applyFilter($_REQUEST['newform'], true);
/* Save results to Database */
if ($newform == 1) {
//this form was already saved by the file uploader ajax
$result_id = COM_applyFilter($_REQUEST['res_id'], true);
nexform_dbupdate($form_id, $result_id);
} else {
nexform_dbsave($form_id);
}
/* Send results via email */
nexform_emailresults();
/* Update the hit or results counter */
DB_query("UPDATE {$_TABLES['nxform_definitions']} SET responses = responses + 1 WHERE id='{$form_id}'");
$completion_msg = DB_getItem($_TABLES['nxform_definitions'], 'after_post_text', "id={$form_id}");
if ($completion_msg == '') {
echo COM_refresh($returnURL . '?msg=1&plugin=nexform');
} else {
echo COM_refresh($CONF_FE['public_url'] . "/complete.php?id={$form_id}");
}
exit;
} else {
if (DB_count($_TABLES['nxform_definitions'], 'id', $id) == 1) {
echo COM_siteHeader();
$view_group = DB_getItem($_TABLES['nxform_definitions'], 'perms_view', "id='{$id}'");
if (!SEC_inGroup($view_group)) {
echo COM_siteHeader();
echo COM_startBlock("Access Error");
echo '<div style="text-align:center;padding-top:20px;">';
echo "You do not have sufficient access.";
echo "<p><button onclick='javascript:history.go(-1)'>Return</button></p><br>";
echo '</div>';
echo COM_endBlock();
echo COM_siteFooter();
exit;
}
$LANG_NAVBAR = $LANG_FRM_ADMIN_NAVBAR;
$formname = DB_getItem($_TABLES['nxform_definitions'], 'name', "id='{$id}'");
if ($epm == 1) {
$resid = nexform_dbsave($id);
$_GET['result'] = $resid;
$result = $resid;
}
$report_results = "<link rel=\"stylesheet\" href=\"{$_CONF['layout_url']}/style.css\">\n";
$report_results .= nexform_showform($id, $result, 'print', '', '', $style);
//now we can delete from the temporary tables now that we are done displaying them.
if ($epm == 1) {
$tmpres = DB_getItem($_TABLES['nxform_results'], 'related_results', "id={$resid}");
DB_query("DELETE FROM {$_TABLES['nxform_results']} WHERE id={$resid};");
DB_query("DELETE FROM {$_TABLES['nxform_resdata']} WHERE result_id={$resid};");
DB_query("DELETE FROM {$_TABLES['nxform_restext']} WHERE result_id={$resid};");
if ($tmpres != '') {
$resids = explode(',', $tmpres);
foreach ($resids as $resid) {
DB_query("DELETE FROM {$_TABLES['nxform_results']} WHERE id={$resid};");
