function tdomf_widget_is_preview_avaliable($form_id = 1)
{
global $tdomf_form_widgets_preview;
if (!tdomf_get_option_form(TDOMF_OPTION_PREVIEW, $form_id)) {
return false;
}
$widget_order = tdomf_get_widget_order($form_id);
foreach ($widget_order as $id) {
if (isset($tdomf_form_widgets_preview[$id])) {
return true;
}
}
return false;
}
function tdomf_widget_subscribe_to_comments_comment_status($form_id)
{
$comment_status = true;
if (get_option('default_comment_status') == 'closed') {
$comment_status = false;
}
$widgets_in_use = tdomf_get_widget_order($form_id);
if (in_array("comments", $widgets_in_use)) {
$options = tdomf_widget_comments_get_options($form_id);
if ($options['user-comments']) {
$comment_status = true;
} else {
if ($options['overwrite']) {
$comment_status = $options['comments'];
}
}
}
return $comment_status;
}
function tdomf_widget_notifyme_hack_messages($form_id, $mode)
{
$widget_order = tdomf_get_widget_order($form_id);
if (in_array('notifyme', $widget_order) && tdomf_get_option_form(TDOMF_OPTION_MODERATION, $form_id)) {
if (isset($_REQUEST['tdomf_hack_messages_save'])) {
#if (get_magic_quotes_gpc()) {
$options = array('approved' => stripslashes($_REQUEST['tdomf_widget_notifyme_msg_approved']), 'rejected' => stripslashes($_REQUEST['tdomf_widget_notifyme_msg_rejected']), 'approved_subject' => stripslashes($_REQUEST['tdomf_widget_notifyme_msg_approved_subject']), 'rejected_subject' => stripslashes($_REQUEST['tdomf_widget_notifyme_msg_rejected_subject']));
#} else {
# $options = array( 'approved' => $_REQUEST['tdomf_widget_notifyme_msg_approved'],
# 'rejected' => $_REQUEST['tdomf_widget_notifyme_msg_rejected'],
# 'approved_subject' => $_REQUEST['tdomf_widget_notifyme_msg_approved_subject'],
# 'rejected_subject' => $_REQUEST['tdomf_widget_notifyme_msg_rejected_subject'] );
#}
tdomf_set_option_widget('notifyme', $options, $form_id);
} else {
if (isset($_REQUEST['tdomf_hack_messages_reset'])) {
tdomf_set_option_widget('notifyme', false, $form_id);
}
}
?>
<h3><?php
_e('Submission Approved Email', 'tdomf');
?>
</h3>
<input type="textfield" name="tdomf_widget_notifyme_msg_approved_subject" id="tdomf_widget_notifyme_msg_approved_subject" size="70" value="<?php
echo htmlentities(tdomf_widget_notify_get_message($form_id, 'approved_subject'), ENT_QUOTES, get_bloginfo('charset'));
?>
" />
<textarea title="true" rows="5" cols="70" name="tdomf_widget_notifyme_msg_approved" id="tdomf_widget_notifyme_msg_approved" ><?php
echo htmlentities(tdomf_widget_notify_get_message($form_id, 'approved'), ENT_NOQUOTES, get_bloginfo('charset'));
?>
</textarea>
<br/><br/>
<h3><?php
_e('Submission Rejected Email', 'tdomf');
?>
</h3>
<input type="textfield" name="tdomf_widget_notifyme_msg_rejected_subject" id="tdomf_widget_notifyme_msg_rejected_subject" size="70" value="<?php
echo htmlentities(tdomf_widget_notify_get_message($form_id, 'rejected_subject'), ENT_QUOTES, get_bloginfo('charset'));
?>
" />
<textarea title="true" rows="5" cols="70" name="tdomf_widget_notifyme_msg_rejected" id="tdomf_widget_notifyme_msg_rejected" ><?php
echo htmlentities(tdomf_widget_notify_get_message($form_id, 'rejected'), ENT_NOQUOTES, get_bloginfo('charset'));
?>
</textarea>
<br/><br/>
<?php
}
}
function tdomf_get_error_messages($show_links = true, $form_id = 0)
{
global $wpdb, $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
$roles = $wp_roles->role_objects;
$message = "";
#if(ini_get('register_globals') && !TDOMF_HIDE_REGISTER_GLOBAL_ERROR){
# $message .= "<font color=\"red\"><strong>".__("ERROR: <em>register_globals</em> is enabled. This is a security risk and also prevents TDO Mini Forms from working.")."</strong></font>";
#}
if (version_compare("5.0.0", phpversion(), ">")) {
$message .= sprintf(__("Warning: You are currently using PHP version %s. It is strongly recommended to use PHP5 with TDO Mini Forms.", "tdomf"), phpversion());
$message .= "<br/>";
}
if (get_option(TDOMF_OPTION_VERIFICATION_METHOD) == 'none') {
$message .= __("Warning: Form input verification is disabled. This is a potential security risk.", "tdomf");
$message .= "<br/>";
}
# Revisions disabled => editing won't work well
if (!constant('WP_POST_REVISIONS')) {
$form_ids = tdomf_get_form_ids();
foreach ($form_ids as $a_form_id) {
if (tdomf_get_option_form(TDOMF_OPTION_FORM_EDIT, $a_form_id->form_id)) {
$message .= __("Error: Post Revisioning is disabled, post editing will not work correctly!", "tdomf");
$message .= "<br/>";
break;
}
}
}
if (isset($_REQUEST['form']) || $form_id != 0) {
if ($form_id == 0) {
$form_id = intval($_REQUEST['form']);
}
// permissions error
if (tdomf_get_option_form(TDOMF_OPTION_ALLOW_EVERYONE, $form_id) == false) {
$caps = tdomf_get_option_form(TDOMF_OPTION_ALLOW_CAPS, $form_id);
if (is_array($caps) && empty($caps)) {
$caps = false;
}
$users = tdomf_get_option_form(TDOMF_OPTION_ALLOW_USERS, $form_id);
if (is_array($users) && empty($users)) {
$users = false;
}
$publish = tdomf_get_option_form(TDOMF_OPTION_ALLOW_PUBLISH, $form_id);
$role_count = 0;
$role_publish_count = 0;
foreach ($roles as $role) {
if (isset($role->capabilities[TDOMF_CAPABILITY_CAN_SEE_FORM . '_' . $form_id])) {
$role_count++;
if (isset($role->capabilities['publish_posts'])) {
$role_publish_count++;
}
}
}
// if nothing set
if ($role_count == 0 && $caps == false && $users == false && $publish == false) {
if ($show_links) {
$message .= "<font color=\"red\">" . sprintf(__("<b>Warning</b>: No-one has been configured to be able to access the form! <a href=\"%s\">Configure on Options Page »</a>", "tdomf"), get_bloginfo('wpurl') . "/wp-admin/admin.php?page=tdomf_show_form_options_menu&form={$form_id}") . "</font><br/>";
} else {
$message .= "<font color=\"red\">" . __("<b>Warning</b>: No-one has been configured to be able to access the form!", "tdomf") . "</font><br/>";
}
tdomf_log_message("No-one has been configured to access this form ({$form_id})", TDOMF_LOG_BAD);
} else {
if ($caps == false && $users == false && $role_count == $role_publish_count && $publish == false) {
if ($show_links) {
$message .= "<font color=\"red\">" . sprintf(__("<b>Warning</b>: Only users who can <i>already publish posts</i>, can see the form! <a href=\"%s\">Configure on Options Page »</a>", "tdomf"), get_bloginfo('wpurl') . "/wp-admin/admin.php?page=tdomf_show_form_options_menu&form={$form_id}") . "</font><br/>";
} else {
$message .= "<font color=\"red\">" . __("<b>Warning</b>: Only users who can <i>already publish posts</i>, can see this form!", "tdomf") . "</font><br/>";
}
tdomf_log_message("Only users who can already publish can access the form ({$form_id})", TDOMF_LOG_BAD);
}
}
}
// form hacker modified
$mode = tdomf_generate_default_form_mode($form_id) . '-hack';
$curr_unmod_prev = trim(tdomf_preview_form(array('tdomf_form_id' => $form_id), $mode));
$org_unmod_prev = trim(tdomf_get_option_form(TDOMF_OPTION_FORM_PREVIEW_HACK_ORIGINAL, $form_id));
$hacked_prev = trim(tdomf_get_option_form(TDOMF_OPTION_FORM_PREVIEW_HACK, $form_id));
if ($hacked_prev != false && $curr_unmod_prev != $org_unmod_prev) {
$message .= "<font color=\"red\">";
$diffs = "admin.php?page=tdomf_show_form_hacker&form={$form_id}&mode={$mode}&diff&form2=cur&form1=org&type=preview";
$form_hacker = "admin.php?page=tdomf_show_form_hacker&form={$form_id}";
$dismiss = wp_nonce_url("admin.php?page=tdomf_show_form_hacker&form={$form_id}&dismiss&type=preview", 'tdomf-form-hacker');
$message .= sprintf(__("<b>Warning</b>: Form configuration has been changed that affect the preview output but Form Hacker has not been updated! <a href='%s'>Diff »</a> | <a href='%s'>Hack Form »</a> | <a href='%s'>Dismiss</a>", "tdomf"), $diffs, $form_hacker, $dismiss);
$message .= "</font><br/>";
}
$curr_unmod_form = trim(tdomf_generate_form($form_id, $mode));
$org_unmod_form = trim(tdomf_get_option_form(TDOMF_OPTION_FORM_HACK_ORIGINAL, $form_id));
$hacked_form = trim(tdomf_get_option_form(TDOMF_OPTION_FORM_HACK, $form_id));
if ($hacked_form != false && $curr_unmod_form != $org_unmod_form) {
$message .= "<font color=\"red\">";
$diffs = "admin.php?page=tdomf_show_form_hacker&form={$form_id}&mode={$mode}&diff&form2=cur&form1=org";
$form_hacker = "admin.php?page=tdomf_show_form_hacker&form={$form_id}";
$dismiss = wp_nonce_url("admin.php?page=tdomf_show_form_hacker&form={$form_id}&dismiss", 'tdomf-form-hacker');
$message .= sprintf(__("<b>Warning</b>: Form configuration has been changed that affect the generated form but Form Hacker has not been updated! <a href='%s'>Diff »</a> | <a href='%s'>Hack Form »</a> | <a href='%s'>Dismiss</a>", "tdomf"), $diffs, $form_hacker, $dismiss);
$message .= "</font><br/>";
}
// widget errors
global $tdomf_form_widgets_admin_errors;
$mode = "new-post";
if (tdomf_get_option_form(TDOMF_OPTION_SUBMIT_PAGE, $form_id)) {
$mode = "new-page";
}
$uri = "admin.php?page=tdomf_show_form_menu&form=" . $form_id;
do_action('tdomf_control_form_start', $form_id, $mode);
$widget_order = tdomf_get_widget_order($form_id);
$widgets = tdomf_filter_widgets($mode, $tdomf_form_widgets_admin_errors);
foreach ($widget_order as $w) {
if (isset($widgets[$w])) {
$widget_message = call_user_func($widgets[$w]['cb'], $form_id, $widgets[$w]['params']);
if (!empty($widget_message)) {
$message .= "<font color=\"red\">" . $widget_message . sprintf(__(" <a href='%s'>Fix »</a>", "tdomf"), $uri) . "</font><br/>";
}
}
}
// @todo check that key is unique in custom fields
}
if (get_option(TDOMF_OPTION_EXTRA_LOG_MESSAGES) && !get_option(TDOMF_OPTION_DISABLE_ERROR_MESSAGES)) {
$message .= "<font color=\"red\">";
if ($show_links) {
$message .= sprintf(__("<b>Warning:</b> You have enabled 'Extra Debug Messages' and disabled 'Disable Error Messages'. This invokes a special mode where all PHP errors are turned on. This can lead to unexpected problems and could be considered a security leak! <a href=\"%s\">Change on the Options Page »</a>", "tdomf"), get_bloginfo('wpurl') . "/wp-admin/admin.php?page=tdomf_show_options_menu");
} else {
$message .= __("<b>Warning:</b> You have enabled 'Extra Debug Messages' and disabled 'Disable Error Messages'. This invokes a special mode where all PHP errors are turned on. This can lead to unexpected problems and could be considered a security leak! This should only be used for debugging purposes.", "tdomf");
}
$message .= "</font><br/>";
}
$create_user_link = get_bloginfo('wpurl') . "/wp-admin/admin.php?page=tdomf_show_options_menu&action=create_dummy_user";
if (function_exists('wp_nonce_url')) {
$create_user_link = wp_nonce_url($create_user_link, 'tdomf-create-dummy-user');
}
if (get_option(TDOMF_DEFAULT_AUTHOR) == false) {
$message .= "<font color=\"red\">" . sprintf(__("<b>Error</b>: No default author set! <a href=\"%s\">Create dummy user for default author automatically »</a>", "tdomf"), $create_user_link) . "</font><br/>";
tdomf_log_message("Option Default Author not set!", TDOMF_LOG_BAD);
} else {
$def_aut = new WP_User(get_option(TDOMF_DEFAULT_AUTHOR));
if (empty($def_aut->data->ID)) {
// User does not exist! Deleting option
delete_option(TDOMF_DEFAULT_AUTHOR);
$message .= "<font color=\"red\">" . sprintf(__("<b>Error</b>: Current Default Author does not exist! <a href=\"%s\">Create dummy user for default author automatically »</a>", "tdomf"), $create_user_link) . "</font><br/>";
tdomf_log_message("Current Default Author does not exist! Deleting option.", TDOMF_LOG_BAD);
}
if ($def_aut->has_cap("publish_posts")) {
$message .= "<font color=\"red\">" . sprintf(__("<b>Error</b>: Default author can publish posts. Default author should not be able to publish posts! <a href=\"%s\">Create a dummy user for default author automatically »</a>", "tdomf"), $create_user_link) . "</font><br/>";
tdomf_log_message("Option Default Author is set to an author who can publish posts.", TDOMF_LOG_BAD);
}
}
if (function_exists('wp_get_http')) {
$post_uri = TDOMF_URLPATH . 'tdomf-form-post.php';
$headers = wp_get_http($post_uri, false, 1);
if ($headers != false && $headers["response"] != '200') {
$message .= "<font color=\"red\">";
$message .= sprintf(__("<b>Error</b>: Got a %d error when checking <a href=\"%s\">%s</a>! This will prevent posts from being submitted. The permissions may be wrong on the tdo-mini-forms folder.", "tdomf"), $headers["response"], $post_uri, $post_uri);
$message .= "</font><br/>";
tdomf_log_message("Did not receive a 200 response when checking {$post_uri}:<pre>" . var_export($headers, true) . "</pre>", TDOMF_LOG_ERROR);
}
$ajax_uri = TDOMF_URLPATH . 'tdomf-form-ajax.php';
$headers = wp_get_http($ajax_uri, false, 1);
if ($headers != false && $headers["response"] != '200') {
$message .= "<font color=\"red\">";
$message .= sprintf(__("<b>Error</b>: Got a %d error when checking <a href=\"%s\">%s</a>! This will prevent forms that use AJAX from submitting posts. The permissions may be wrong on the tdo-mini-forms folder.", "tdomf"), $headers["response"], $ajax_uri, $ajax_uri);
$message .= "</font><br/>";
tdomf_log_message("Did not receive a 200 response when checking {$ajax_uri}:<pre>" . var_export($headers, true) . "</pre>", TDOMF_LOG_ERROR);
}
$css_uri = TDOMF_URLPATH . 'tdomf-style-form.css';
$headers = wp_get_http($css_uri, false, 1);
if ($headers != false && $headers["response"] != '200') {
$message .= "<font color=\"red\">";
$message .= sprintf(__("<b>Error</b>: Got a %d error when checking <a href=\"%s\">%s</a>! This will make your forms, by default, look very ugly. The permissions may be wrong on the tdo-mini-forms folder.", "tdomf"), $headers["response"], $css_uri, $css_uri);
$message .= "</font><br/>";
tdomf_log_message("Did not receive a 200 response when checking {$css_uri}:<pre>" . var_export($headers, true) . "</pre>", TDOMF_LOG_ERROR);
}
}
return $message;
}
/**
* Determines if we need to show email input for this form or can the
* email address be sourced from elsewhere
*
* @access public
* @return Boolean
*/
function showEmailInput($form_id)
{
global $current_user, $tdomf_widget_whoami;
get_currentuserinfo();
$show_email_input = true;
if (is_user_logged_in() && tdomf_check_email_address($current_user->user_email)) {
// user has already set a valid email address!
$show_email_input = false;
} else {
$widgets_in_use = tdomf_get_widget_order($form_id);
if (in_array("who-am-i", $widgets_in_use) && isset($tdomf_widget_whoami)) {
$whoami_options = $tdomf_widget_whoami->getOptions($form_id);
if ($whoami_options['email-enable'] && $whoami_options['email-required']) {
// great, who-am-i widget will provide a valid email address!
$show_email_input = false;
}
}
if ($show_email_input && in_array('notifyme', $widgets_in_use)) {
// just as good! Notify me will supply an email address
$show_email_input = false;
}
}
return $show_email_input;
}
}
}
// URL for this form
$tdomf_upload_inline_url = TDOMF_URLPATH . 'tdomf-upload-inline.php';
// Permissions check
//
if (!tdomf_can_current_user_see_form($form_id)) {
tdomf_log_message("Someone with no permissions tried to access the inline-uplaod form!", TDOMF_LOG_BAD);
unset($form_data['tdomf_upload_key_' . $form_id . '_' . $index]);
$all_good = false;
tdomf_save_form_data($form_id, $form_data);
exit("TDOMF: Bad permissions");
}
// Widget in use check
//
if (empty($index) && !in_array("upload-files", tdomf_get_widget_order($form_id)) || !empty($index) && !in_array("upload-files" . $index, tdomf_get_widget_order($form_id))) {
unset($form_data['tdomf_upload_key_' . $form_id . '_' . $index]);
tdomf_save_form_data($form_id, $form_data);
exit("TDOMF: Upload feature not yet enabled");
}
// Grab options for uploads
//
#$options = tdomf_widget_upload_get_options($form_id);
global $tdomf_widget_uploadfiles;
$options = $tdomf_widget_uploadfiles->getOptions($form_id, $index);
// Placeholder for error messages
//
$errors = "";
// Files recorded in session
//
$sessioncount = 0;