function upload()
{
if (!isset($_FILES['upload'])) {
$this->directrender('S3/S3');
return;
}
global $params;
// Params to vars
$client_id = '1b5cc674ae2f335';
// Validations
$this->startValidations();
$this->validate($_FILES['upload']['error'] === 0, $err, 'upload error');
$this->validate($_FILES['upload']['size'] <= 10 * 1024 * 1024, $err, 'size too large');
// Code
if ($this->isValid()) {
$fname = $_FILES['upload']['tmp_name'];
require_once $GLOBALS['dirpre'] . 'includes/S3/SimpleImage.php';
$image = new SimpleImage();
$this->validate($image->load($fname), $err, 'invalid image type');
if ($this->isValid()) {
if ($image->getHeight() > 1000) {
$image->resizeToHeight(1000);
}
$image->save($fname);
function getMIME($fname)
{
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $fname);
finfo_close($finfo);
return $mime;
}
$filetype = explode('/', getMIME($fname));
$valid_formats = array("jpg", "png", "gif", "jpeg");
$this->validate($filetype[0] === 'image' and in_array($filetype[1], $valid_formats), $err, 'invalid image type');
if ($this->isValid()) {
require_once $GLOBALS['dirpre'] . 'includes/S3/s3_config.php';
//Rename image name.
$actual_image_name = time() . "." . $filetype[1];
$this->validate($s3->putObjectFile($fname, $bucket, $actual_image_name, S3::ACL_PUBLIC_READ), $err, 'upload failed');
if ($this->isValid()) {
$reply = "https://{$bucket}.s3.amazonaws.com/{$actual_image_name}";
$this->success('image successfully uploaded');
$this->directrender('S3/S3', array('reply' => "up(\"{$reply}\");"));
return;
}
}
}
}
$this->error($err);
$this->directrender('S3/S3');
}
$s = explode('$#$', $subject2);
$s[1] = $s[1] != '' ? $s[1] : $s[0];
### email tracking via 3rd party?
### if in Tell-A-Friend Mode, then overwrite header stuff...
if ($taf_youremail && $taf_friendsemail && $isTAF == '1') {
$field_email = "\"{$taf_friendsname}\" <{$taf_friendsemail}>";
} else {
$field_email = $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] != '' ? $field_email . $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] : $field_email;
}
$mail = new cf_mail($no, $frommail, $field_email, $replyto);
### auto conf attachment?
$a = $cformsSettings['form' . $no]['cforms' . $no . '_cattachment'][0];
$a = substr($a, 0, 1) == '/' ? $a : dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . $a;
if ($a != '' && file_exists($a)) {
$n = substr($a, strrpos($a, $cformsSettings['global']['cforms_IIS']) + 1, strlen($a));
$m = getMIME(strtolower(substr($n, strrpos($n, '.') + 1, strlen($n))));
$mail->add_file($a, $n, 'base64', $m);
### optional name
}
$mail->char_set = 'utf-8';
### CC or auto conf?
if ($ccme && $trackf[data][$ccme] != '') {
if ($smtpsettings[0] == '1') {
$sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[1], $message, $formdata, $htmlmessage, $htmlformdata, 'ac');
} else {
$mail->subj = $s[1];
if ($mail->html_show) {
// 3.2.2012 changed from html_show_ac > admin email setting dictates this!
$mail->is_html(true);
$mail->body = $cformsSettings['global']['cforms_style_doctype'] . $mail->eol . "<html xmlns=\"http://www.w3.org/1999/xhtml\">" . $mail->eol . "<head><title></title></head>" . $mail->eol . "<body {$cformsSettings['global']['cforms_style']['body']}>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol;
$mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
function cforms_phpmailer($no, $frommail, $field_email, $to, $vsubject, $message, $formdata, $htmlmessage, $htmlformdata, $file = 'ac')
{
global $smtpsettings, $phpmailer, $cformsSettings;
$eol = $cformsSettings['global']['cforms_crlf'][b] != 1 ? "\r\n" : "\n";
if (file_exists(dirname(__FILE__) . '/class.phpmailer.php') && !class_exists('PHPMailer')) {
require_once dirname(__FILE__) . '/class.phpmailer.php';
require_once dirname(__FILE__) . '/class.smtp.php';
if ($smtpsettings[6] == '1') {
require_once dirname(__FILE__) . '/class.pop3.php';
}
}
### pop before smtp?
if ($smtpsettings[6] == '1' && class_exists('POP3')) {
$debuglevel = 0;
$pop = new POP3();
$pop->Authorise($smtpsettings[7], $smtpsettings[8], 30, $smtpsettings[9], $smtpsettings[10], $debuglevel);
}
$mail = new PHPMailer();
$mail->ClearAllRecipients();
$mail->ClearAddresses();
$mail->ClearAttachments();
$mail->CharSet = 'utf-8';
$mail->SetLanguage('en', dirname(__FILE__) . '/');
$mail->PluginDir = dirname(__FILE__) . '/';
$mail->IsSMTP();
$mail->Host = $smtpsettings[1];
if ((int) $cformsSettings['form' . $no]['cforms' . $no . '_emailpriority'] > 0) {
$mail->Priority = (int) $cformsSettings['form' . $no]['cforms' . $no . '_emailpriority'];
}
### $mail->SMTPDebug = true;
if ($smtpsettings[4] != '') {
$mail->SMTPSecure = $smtpsettings[4];
### sets the prefix to the servier
$mail->Port = $smtpsettings[5];
### set the SMTP port
}
if ($smtpsettings[2] != '') {
$mail->SMTPAuth = true;
### turn on SMTP authentication
$mail->Username = $smtpsettings[2];
### SMTP username
$mail->Password = $smtpsettings[3];
### SMTP password
}
$temp2 = array();
###from
if (preg_match('/([\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4})/', $frommail, $temp)) {
$mail->From = $temp[0];
}
if (preg_match('/(.*)\\s+(([\\w-\\.]+@|<)).*/', $frommail, $temp2)) {
$mail->FromName = str_replace('"', '', $temp2[1]);
} else {
$mail->FromName = $temp[0];
}
$temp2 = array();
### reply-to
if (preg_match('/([\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4})/', $field_email, $temp)) {
if (preg_match('/(.*)\\s+(([\\w-\\.]+@|<)).*/', $field_email, $temp2)) {
$mail->AddReplyTo($temp[0], str_replace('"', '', $temp2[1]));
} else {
$mail->AddReplyTo($temp[0]);
}
}
### TAF: add CC
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'], 0, 1) == '1' && $file == 'ac') {
$mail->AddCC($temp[0], str_replace('"', '', $temp2[1]));
}
### bcc
$te = array();
$t = array();
$addresses = explode(',', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_bcc']));
foreach ($addresses as $a) {
if (preg_match('/([\\w-+\\.]+@([\\w-]+\\.)+[\\w-]{2,4})/', $a, $te)) {
$mail->AddBCC($te[0]);
}
}
###to
###if( preg_match('/[\w-\.]+@([\w-]+\.)+[\w-]{2,4}/',$to,$temp) )
### $mail->AddAddress($temp[0]);
$addresses = explode(',', $to);
foreach ($addresses as $address) {
if (preg_match('/([\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4})/', $address, $temp)) {
if (preg_match('/(.*)\\s+(([\\w-\\.]+@|<)).*/', $address, $temp2)) {
$mail->AddAddress($temp[0], str_replace('"', '', $temp2[1]));
} else {
$mail->AddAddress($temp[0]);
}
}
}
###
### HTML email ?
###
if ($htmlmessage != '') {
$htmlmessage = str_replace('=3D', '=', $htmlmessage);
###remove 3D's
$htmlformdata = str_replace('=3D', '=', $htmlformdata);
###remove 3D's,
$mail->IsHTML(true);
$mail->Body = "<html>" . $eol . "<body>" . stripslashes($htmlmessage) . (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 1, 1) == '1' && $htmlformdata != '' ? $eol . $htmlformdata : '') . $eol . "</body></html>" . $eol;
$mail->AltBody = stripslashes($message) . (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 0, 1) == '1' && $formdata != '' ? $eol . $formdata : '');
} else {
$mail->Body = stripslashes($message) . (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 0, 1) == '1' && $formdata != '' ? $eol . $formdata : '');
}
###
### adding attachments
###
global $fdata;
if ($file == '1' && !$cformsSettings['form' . $no]['cforms' . $no . '_noattachments']) {
foreach ($fdata as $file) {
if ($file[name] != '') {
$n = substr($file[name], strrpos($file[name], $cformsSettings['global']['cforms_IIS']) + 1, strlen($file[name]));
$m = getMIME(strtolower(substr($n, strrpos($n, '.') + 1, strlen($n))));
$mail->AddAttachment($file[name], $n, 'base64', $m);
### optional name
}
}
### for
}
### end adding attachments
$mail->Subject = $vsubject;
$sentadmin = $mail->Send();
if ($sentadmin) {
return 1;
} else {
return $mail->ErrorInfo;
}
}
function cforms_submitcomment($content)
{
global $cformsSettings, $wpdb, $subID, $smtpsettings, $track, $trackf, $Ajaxpid, $AjaxURL, $wp_locale, $abspath;
$WPsuccess = false;
### WP Comment flag
$isAjaxWPcomment = strpos($content, '***');
### WP comment feature
$content = explode('***', $content);
$content = $content[0];
$content = explode('+++', $content);
### Added special fields
if (count($content) > 3) {
$commentparent = $content[1];
$Ajaxpid = $content[2];
$AjaxURL = $content[3];
} else {
$Ajaxpid = $content[1];
$AjaxURL = $content[2];
}
$segments = explode('$#$', $content[0]);
$params = array();
$sep = strpos(__FILE__, '/') === false ? '\\' : '/';
$WPpluggable = $abspath . 'wp-includes' . $sep . 'pluggable.php';
if (file_exists($WPpluggable)) {
require_once $WPpluggable;
}
$CFfunctionsC = dirname(dirname(__FILE__)) . $cformsSettings['global']['cforms_IIS'] . 'cforms-custom' . $cformsSettings['global']['cforms_IIS'] . 'my-functions.php';
$CFfunctions = dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . 'my-functions.php';
if (file_exists($CFfunctionsC)) {
include_once $CFfunctionsC;
} else {
if (file_exists($CFfunctions)) {
include_once $CFfunctions;
}
}
if (function_exists('wp_get_current_user')) {
$user = wp_get_current_user();
}
for ($i = 1; $i <= sizeof($segments); $i++) {
$params['field_' . $i] = $segments[$i];
}
### fix reference to first form
if ($segments[0] == '1') {
$params['id'] = $no = '';
} else {
$params['id'] = $no = $segments[0];
}
### TAF flag
$isTAF = substr($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'], 0, 1);
### user filter ?
if (function_exists('my_cforms_ajax_filter')) {
$params = my_cforms_ajax_filter($params);
}
### init variables
$track = array();
$trackinstance = array();
$to_one = -1;
$ccme = false;
$field_email = '';
$off = 0;
$fieldsetnr = 1;
$taf_youremail = false;
$taf_friendsemail = false;
### form limit reached
if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && get_cforms_submission_left($no) == 0 || !cf_check_time($no)) {
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1);
return $pre . preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt'])) . $hide;
}
### for comment luv
get_currentuserinfo();
global $user_level;
### Subscribe-To-Comments
$isSubscribed == '';
if (class_exists('sg_subscribe')) {
global $sg_subscribe;
sg_subscribe_start();
$isSubscribed = $sg_subscribe->current_viewer_subscription_status();
}
$captchaopt = $cformsSettings['global']['cforms_captcha_def'];
for ($i = 1; $i <= sizeof($params) - 2; $i++) {
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
while (in_array($field_stat[1], array('fieldsetstart', 'fieldsetend', 'textonly', 'captcha', 'verification'))) {
if ($field_stat[1] == 'captcha' && !(is_user_logged_in() && !$captchaopt['fo'] == '1')) {
break;
}
if ($field_stat[1] == 'verification' && !(is_user_logged_in() && !$captchaopt['foqa'] == '1')) {
break;
}
if ($field_stat[1] == 'fieldsetstart') {
$track['$$$' . ((int) $i + (int) $off)] = 'Fieldset' . $fieldsetnr;
$track['Fieldset' . $fieldsetnr++] = $field_stat[0];
} elseif ($field_stat[1] == 'fieldsetend') {
$track['FieldsetEnd' . $fieldsetnr++] = '--';
}
### get next in line...
$off++;
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
if ($field_stat[1] == '') {
break 2;
}
### all fields searched, break both while & for
}
### filter all redundant WP comment fields if user is logged in
while (in_array($field_stat[1], array('cauthor', 'email', 'url')) && $user->ID) {
$temp = explode('|', $field_stat[0], 3);
### get field name
$temp = explode('#', $temp[0], 2);
switch ($field_stat[1]) {
case 'cauthor':
$track['cauthor'] = $track[$temp[0]] = $user->display_name;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
case 'email':
$track['email'] = $track[$temp[0]] = $field_email = $user->user_email;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
case 'url':
$track['url'] = $track[$temp[0]] = $user->user_url;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
}
$off++;
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
if ($field_stat[1] == '') {
break 2;
}
### all fields searched, break both while & for
}
$field_name = $field_stat[0];
$field_type = $field_stat[1];
### remove [id: ] first
if (strpos($field_name, '[id:') !== false) {
$idPartA = strpos($field_name, '[id:');
$idPartB = strpos($field_name, ']', $idPartA);
$customTrackingID = substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4);
$field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1);
} else {
$customTrackingID = '';
}
### dissect field
$obj = explode('|', $field_name, 3);
### strip out default value
$field_name = $obj[0];
### special WP comment fields
if (in_array($field_stat[1], array('luv', 'subscribe', 'cauthor', 'email', 'url', 'comment', 'send2author'))) {
$temp = explode('#', $field_name, 2);
if ($temp[0] == '') {
$field_name = $field_stat[1];
} else {
$field_name = $temp[0];
}
### keep copy of values
$track[$field_stat[1]] = stripslashes($params['field_' . $i]);
if ($field_stat[1] == 'email') {
$field_email = $params['field_' . $i];
}
}
### special Tell-A-Friend fields
if ($taf_friendsemail == '' && $field_type == 'friendsemail' && $field_stat[3] == '1') {
$field_email = $taf_friendsemail = $params['field_' . $i];
}
if ($taf_youremail == '' && $field_type == 'youremail' && $field_stat[3] == '1') {
$taf_youremail = $params['field_' . $i];
}
if ($field_type == 'friendsname') {
$taf_friendsname = $params['field_' . $i];
}
if ($field_type == 'yourname') {
$taf_yourname = $params['field_' . $i];
}
### lets find an email field ("Is Email") and that's not empty!
if ($field_email == '' && $field_stat[3] == '1') {
$field_email = $params['field_' . $i];
}
### special case: select & radio
if ($field_type == "multiselectbox" || $field_type == "selectbox" || $field_type == "radiobuttons" || $field_type == "checkboxgroup") {
$field_name = explode('#', $field_name);
$field_name = $field_name[0];
}
### special case: check box
if ($field_type == "checkbox" || $field_type == "ccbox") {
$field_name = explode('#', $field_name);
$field_name = $field_name[1] == '' ? $field_name[0] : $field_name[1];
$field_name = explode('|', $field_name);
$field_name = $field_name[0];
### if ccbox & checked
if ($field_type == "ccbox" && $params['field_' . $i] != "-") {
$ccme = 'field_' . $i;
}
}
if ($field_type == "emailtobox") {
### special case where the value needs to bet get from the DB!
$to_one = $params['field_' . $i];
$field_name = explode('#', $field_stat[0]);
### can't use field_name, since '|' check earlier
$tmp = explode('|', $field_name[$to_one + 1]);
### remove possible |set:true
$value = $tmp[0];
### values start from 0 or after!
$to = $replyto = stripslashes($tmp[1]);
$field_name = $field_name[0];
} else {
if (strtoupper(get_option('blog_charset')) != 'UTF-8' && function_exists('mb_convert_encoding')) {
$value = mb_convert_encoding(utf8_decode(stripslashes($params['field_' . $i])), get_option('blog_charset'));
} else {
$value = stripslashes($params['field_' . $i]);
}
}
### only if hidden!
if ($field_type == 'hidden') {
$value = rawurldecode($value);
}
### Q&A verification
if ($field_type == "verification") {
$field_name = __('Q&A', 'cforms');
}
### determine tracked field name
$inc = '';
$trackname = trim($field_name);
if (array_key_exists($trackname, $track)) {
if ($trackinstance[$trackname] == '') {
$trackinstance[$trackname] = 2;
}
$inc = '___' . $trackinstance[$trackname]++;
}
$track['$$$' . (int) ($i + $off)] = $trackname . $inc;
$track[$trackname . $inc] = $value;
if ($customTrackingID != '') {
$track['$$$' . $customTrackingID] = $trackname . $inc;
}
}
### for
### assemble text & html email
$r = formatEmail($track, $no);
$formdata = $r['text'];
$htmlformdata = $r['html'];
###
### record:
###
$subID = $isTAF == '2' && $track['send2author'] != '1' ? 'noid' : write_tracking_record($no, $field_email);
###
### allow the user to use form data for other apps
###
$trackf['id'] = $no;
$trackf['data'] = $track;
if (function_exists('my_cforms_action')) {
my_cforms_action($trackf);
}
### Catch WP-Comment function | if send2author just continue
if ($isAjaxWPcomment !== false && $track['send2author'] == '0') {
require_once dirname(__FILE__) . '/lib_WPcomment.php';
### Catch WP-Comment function: error
if (!$WPsuccess) {
return $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1) . $WPresp . '|---';
}
}
### Catch WP-Comment function
### multiple recipients? and to whom is the email sent? to_one = picked recip.
if ($isAjaxWPcomment !== false && $track['send2author'] == '1') {
$to = $wpdb->get_results("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = {$Ajaxpid} AND U.ID=P.post_author");
$to = $replyto = $to[0]->user_email != '' ? $to[0]->user_email : $replyto;
} else {
if (!($to_one != -1 && $to != '')) {
$to = $replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_email']));
}
}
### from
$frommail = check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track, $no);
### T-A-F override?
if ($isTAF == '1' && $taf_youremail && $taf_friendsemail) {
$replyto = "\"{$taf_yourname}\" <{$taf_youremail}>";
}
### logic: dynamic admin email address
if (function_exists('my_cforms_logic')) {
$to = my_cforms_logic($trackf, $to, 'adminTO');
}
### use trackf!
### either use configured subject or user determined
$vsubject = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_subject']);
$vsubject = check_default_vars($vsubject, $no);
$vsubject = check_cust_vars($vsubject, $track, $no);
### prep message text, replace variables
$message = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header']);
if (function_exists('my_cforms_logic')) {
$message = my_cforms_logic($trackf, $message, 'adminEmailTXT');
}
$message = check_default_vars($message, $no);
$message = check_cust_vars($message, $track, $no);
### actual user message
$htmlmessage = '';
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 2, 1) == '1') {
$htmlmessage = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header_html']);
if (function_exists('my_cforms_logic')) {
$htmlmessage = my_cforms_logic($trackf, $htmlmessage, 'adminEmailHTML');
}
$htmlmessage = check_default_vars($htmlmessage, $no);
$htmlmessage = check_cust_vars($htmlmessage, $track, $no);
}
$mail = new cf_mail($no, $frommail, $to, $field_email, true);
$mail->subj = $vsubject;
$mail->char_set = 'utf-8';
### HTML email
if ($mail->html_show) {
$mail->is_html(true);
$mail->body = "<html>" . $mail->eol . "<body>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol;
$mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
} else {
$mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
}
### SMTP server or native PHP mail() ?
if ($cformsSettings['form' . $no]['cforms' . $no . '_emailoff'] == '1' || $WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] != '21') {
$sentadmin = 1;
} else {
if ($smtpsettings[0] == '1') {
$sentadmin = cforms_phpmailer($no, $frommail, $field_email, $to, $vsubject, $message, $formdata, $htmlmessage, $htmlformdata);
} else {
$sentadmin = $mail->send();
}
}
if ($sentadmin == 1) {
### send copy or notification?
if ($cformsSettings['form' . $no]['cforms' . $no . '_confirm'] == '1' && $field_email != '' || $ccme && $trackf[$ccme] != '-') {
$frommail = check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track, $no);
### actual user message
$cmsg = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg']);
if (function_exists('my_cforms_logic')) {
$cmsg = my_cforms_logic($trackf, $cmsg, 'autoConfTXT');
}
$cmsg = check_default_vars($cmsg, $no);
$cmsg = check_cust_vars($cmsg, $track, $no);
### HTML text
$cmsghtml = '';
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 3, 1) == '1') {
$cmsghtml = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg_html']);
if (function_exists('my_cforms_logic')) {
$cmsghtml = my_cforms_logic($trackf, $cmsghtml, 'autoConfHTML');
}
$cmsghtml = check_default_vars($cmsghtml, $no);
$cmsghtml = check_cust_vars($cmsghtml, $track, $no);
}
### subject
$subject2 = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_csubject']);
$subject2 = check_default_vars($subject2, $no);
$subject2 = check_cust_vars($subject2, $track, $no);
### different cc & ac subjects?
$s = explode('$#$', $subject2);
$s[1] = $s[1] != '' ? $s[1] : $s[0];
### email tracking via 3rd party?
### if in Tell-A-Friend Mode, then overwrite header stuff...
if ($taf_youremail && $taf_friendsemail && $isTAF == '1') {
$field_email = "\"{$taf_friendsname}\" <{$taf_friendsemail}>";
} else {
$field_email = $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] != '' ? $field_email . $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] : $field_email;
}
$mail = new cf_mail($no, $frommail, $field_email, $replyto);
### auto conf attachment?
$a = $cformsSettings['form' . $no]['cforms' . $no . '_cattachment'][0];
$a = substr($a, 0, 1) == '/' ? $a : dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . $a;
if ($a != '' && file_exists($a)) {
$n = substr($a, strrpos($a, $cformsSettings['global']['cforms_IIS']) + 1, strlen($a));
$m = getMIME(strtolower(substr($n, strrpos($n, '.') + 1, strlen($n))));
$mail->add_file($a, $n, 'base64', $m);
### optional name
}
$mail->char_set = 'utf-8';
### CC or auto conf?
if ($ccme && $trackf[$ccme] != '-') {
if ($smtpsettings[0] == '1') {
$sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[1], $message, $formdata, $htmlmessage, $htmlformdata, 'ac');
} else {
$mail->subj = $s[1];
if ($mail->html_show_ac) {
$mail->is_html(true);
$mail->body = "<html>" . $mail->eol . "<body>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol;
$mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
} else {
$mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
}
$sent = $mail->send();
}
} else {
if ($smtpsettings[0] == '1') {
$sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[0], $cmsg, '', $cmsghtml, '', 'ac');
} else {
$mail->subj = $s[0];
if ($mail->html_show_ac) {
$mail->is_html(true);
$mail->body = "<html>" . $mail->eol . "<body>" . $cmsghtml . "</body></html>" . $mail->eol;
$mail->body_alt = $cmsg;
} else {
$mail->body = $cmsg;
}
$sent = $mail->send();
}
}
if ($sent != '1') {
$err = __('Error occurred while sending the auto confirmation message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sent : $mail->ErrorInfo;
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1);
return $pre . $err . '|!!!';
}
}
### cc
### return success msg
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1);
$successMsg = check_default_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success']), $no);
$successMsg = check_cust_vars($successMsg, $track, $no);
$successMsg = str_replace($mail->eol, '<br />', $successMsg);
### logic: possibly change usermessage
if (function_exists('my_cforms_logic')) {
$successMsg = my_cforms_logic($trackf, $successMsg, 'successMessage');
}
### WP-Comment: override
if ($WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] == '21') {
$successMsg = $WPresp;
}
$opt = '';
### hide?
if ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] || get_cforms_submission_left($no) == 0) {
$opt .= '|~~~';
}
### redirect to a different page on suceess?
if ($cformsSettings['form' . $no]['cforms' . $no . '_redirect']) {
if (function_exists('my_cforms_logic')) {
$red = my_cforms_logic($trackf, $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'], 'redirection');
if ($red != '') {
$opt .= '|>>>' . $red;
}
### use trackf!
} else {
$opt .= '|>>>' . $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'];
}
}
return $pre . $successMsg . $opt;
} else {
### no admin mail sent!
### return error msg
$err = __('Error occurred while sending the message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sentadmin : $mail->ErrorInfo;
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1);
return $pre . $err . '|!!!';
}
}
include "conf.php";
//just so we know it is broken
//error_reporting(E_ALL);
set_time_limit(360);
//get the image from the db
$sql = "SELECT file,type,mimeType,name,size FROM vl_filenames WHERE id=$wR";
//the result of the query
$result = mysqlquery("$sql") or die("incorrect query: " . mysqlerror());
//log file downloaded
$p=0;
$p="download";
$a=0;
$a=mysqlresult($result,0,'name');
//logHit();
//set the header for the file
if(getFileTypeFromExtension(mysqlresult($result,0,'type'))=="img") {
//images
header("Content-type: ".(mysqlresult($result,0,'mimeType')?mysqlresult($result,0,'mimeType'):getMIME(mysqlresult($result,0,'name'))));
} else {
//other binary data
header("Content-length: ".mysqlresult($result,0,'size'));
header("Content-type: ".(mysqlresult($result,0,'mimeType')?mysqlresult($result,0,'mimeType'):getMIME(mysqlresult($result,0,'name'))));
header("Content-Disposition: attachment; filename=".mysqlresult($result,0,'name'));
}
echo mysqlresult($result,0,'file');
?>
$returnText .= $action($link_id1, $link_id2, $link_label, $what);
break;
case 'ajax_saveLink':
$returnText .= $action($selector, $link_id1, $link_id2, $link_label, $what);
break;
case 'ajax_loadImage':
$returnText .= $action($collection_id, $package_id);
break;
case 'links_editLink':
$returnText .= links_editLink($collection_id, $package_id, $link_coll, $link_type, $link_pack, $link_part, $link_id, $loc4msg, $what);
break;
case 'get_file':
$icon = DCTL_APPS_PATH . 'img' . SYS_PATH_SEP . 'missing.gif';
$fPath = DCTL_PROJECT_PATH . $collection_id . SYS_PATH_SEP . $url;
if (is_file($fPath)) {
$mime = getMIME($fPath);
$ext = strtolower(substr($fPath, -3, 3));
if (isImage($mime, $ext)) {
$icon = $fPath;
}
}
$iconMime = image2MIME($icon);
if ($iconMime == false) {
$iconMime = "image/jpeg";
}
header("Content-type: {$iconMime}", true);
readfile($icon);
break;
case 'load_preview':
$fPath = preg_replace('%' . HOST_BASE_PATH . '%', FS_BASE_PATH, $url, 1);
if (is_file($fPath)) {
