$mail->body = $cformsSettings['global']['cforms_style_doctype'] . $mail->eol . "<html xmlns=\"http://www.w3.org/1999/xhtml\">" . $mail->eol . "<head><title></title></head>" . $mail->eol . "<body {$cformsSettings['global']['cforms_style']['body']}>" . $cmsghtml . "</body></html>" . $mail->eol;
$mail->body_alt = $cmsg;
} else {
$mail->body = $cmsg;
}
$sent = $mail->send();
}
}
if ($sent != '1') {
$usermessage_text = __('Error occurred while sending the auto confirmation message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sent : $mail->ErrorInfo;
}
}
### redirect to a different page on suceess?
if ($cformsSettings['form' . $no]['cforms' . $no . '_redirect'] && !$isWPcommentForm) {
if (function_exists('my_cforms_logic')) {
$rp = my_cforms_logic($trackf, $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'], 'redirection');
} else {
$rp = $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'];
}
if ($rp != '') {
?>
<script type="text/javascript">
location.href = '<?php
echo $rp;
?>
';
</script>
<?php
}
}
} else {
function cf_move_files(&$trackf, $no, $subID)
{
global $cformsSettings, $file;
$temp = explode('$#$', stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_upload_dir'])));
$fileuploaddir = $temp[0];
$inSession = strpos($subID, 'xx') !== false;
//if( !$inSession )
$subID_ = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $subID . '-';
$file2 = $file;
$i = 0;
$_SESSION['cforms']['upload'][$no]['doAttach'] = !$cformsSettings['form' . $no]['cforms' . $no . '_noattachments'];
### debug
db("... in session={$inSession}, moving files on form {$no}, tracking ID={$subID_}");
if (is_array($file2) && isset($file2[tmp_name])) {
foreach ($file2[tmp_name] as $tmpfile) {
### copy attachment to local server dir
if (is_uploaded_file($tmpfile)) {
$fileInfoArr = array('name' => str_replace(' ', '_', $file2['name'][$i]), 'path' => $fileuploaddir, 'subID' => $subID);
if (function_exists('my_cforms_logic')) {
$fileInfoArr = my_cforms_logic(&$trackf, $fileInfoArr, 'fileDestination');
}
if (!array_key_exists('modified', $fileInfoArr)) {
$fileInfoArr['name'] = $subID_ . $fileInfoArr['name'];
}
$destfile = $fileInfoArr['path'] . '/' . $fileInfoArr['name'];
move_uploaded_file($tmpfile, $destfile);
### debug
db(" {$tmpfile} -> {$destfile}");
$file[tmp_name][$i] = $destfile;
if ($inSession) {
$_SESSION['cforms']['upload'][$no]['files'][] = $destfile;
}
}
$i++;
}
}
}
function cforms($args = '', $no = '')
{
global $smtpsettings, $subID, $cforms_root, $wpdb, $track, $wp_db_version, $cformsSettings;
parse_str($args, $r);
$oldno = $no == '1' ? '' : $no;
### remeber old val, to reset session when in new MP form
##debug
db("Original form on page #{$oldno}");
### multi page form: overwrite $no
$isWPcommentForm = substr($cformsSettings['form' . $oldno]['cforms' . $oldno . '_tellafriend'], 0, 1) == '2';
$isMPform = $cformsSettings['form' . $oldno]['cforms' . $oldno . '_mp']['mp_form'];
$isTAF = substr($cformsSettings['form' . $oldno]['cforms' . $oldno . '_tellafriend'], 0, 1);
##debug
db("Comment form = {$isWPcommentForm}");
db("Multi-page form = {$isMPform}");
if ($isMPform && is_array($_SESSION['cforms']) && $_SESSION['cforms']['current'] > 0 && !$isWPcommentForm) {
$no = $_SESSION['cforms']['current'];
}
### Safety, in case someone uses '1' for the default form
$no = $no == '1' ? '' : $no;
##debug
db("Switch to form #{$no}");
$moveBack = false;
### multi page form: reset button
if (isset($_REQUEST['resetbutton' . $no]) && is_array($_SESSION['cforms'])) {
$no = $oldno;
unset($_SESSION['cforms']);
$_SESSION['cforms']['current'] = 0;
$_SESSION['cforms']['first'] = $oldno;
$_SESSION['cforms']['pos'] = 1;
##debug
db("Reset-Button pressed");
} else {
### multi page form: back button
if (isset($_REQUEST['backbutton' . $no]) && isset($_SESSION['cforms']) && $_SESSION['cforms']['pos'] - 1 >= 0) {
$no = $_SESSION['cforms']['list'][$_SESSION['cforms']['pos']-- - 1];
$_SESSION['cforms']['current'] = $no;
$moveBack = true;
##debug
db("Back-Button pressed");
} else {
### mp init: must be mp, first & not submitted!
if ($isMPform && $cformsSettings['form' . $oldno]['cforms' . $oldno . '_mp']['mp_first'] && !isset($_REQUEST['sendbutton' . $no])) {
##debug
db("Current form is *first* MP-form");
db("Session found, you're on the first form and session is reset!");
$no = $oldno == '1' ? '' : $oldno;
### restore old val
unset($_SESSION['cforms']);
$_SESSION['cforms']['current'] = 0;
$_SESSION['cforms']['first'] = $no;
$_SESSION['cforms']['pos'] = 1;
}
}
}
##debug
db(print_r($_SESSION, 1));
### custom fields support
if (!(strpos($no, '+') === false)) {
$no = substr($no, 0, -1);
$customfields = build_fstat($args);
$field_count = count($customfields);
$custom = true;
} else {
$custom = false;
$field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields'];
}
$content = '';
$err = 0;
$filefield = 0;
$validations = array();
$all_valid = 1;
$off = 0;
$fieldsetnr = 1;
$c_errflag = false;
$custom_error = '';
$usermessage_class = '';
### get user credentials
if (function_exists('wp_get_current_user')) {
$user = wp_get_current_user();
}
### non Ajax method
if (isset($_REQUEST['sendbutton' . $no])) {
require_once dirname(__FILE__) . '/lib_nonajax.php';
$usermessage_class = $all_valid ? ' success' : ' failure';
}
### called from lib_WPcomments ?
if ($isWPcommentForm && $send2author) {
return $all_valid;
}
###
###
### paint form
###
###
$success = false;
### fix for WP Comment (loading after redirect)
if (isset($_GET['cfemail']) && $isWPcommentForm) {
$usermessage_class = ' success';
$success = true;
if ($_GET['cfemail'] == 'sent') {
$usermessage_text = preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success']));
} elseif ($_GET['cfemail'] == 'posted') {
$usermessage_text = preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms_commentsuccess']));
}
}
$break = '<br />';
$nl = "\n";
$tab = "\t";
$tt = "\t\t";
$ntt = "\n\t\t";
$nttt = "\n\t\t\t";
### either show info message above or below
$usermessage_text = check_default_vars($usermessage_text, $no);
$usermessage_text = check_cust_vars($usermessage_text, $track, $no);
### logic: possibly change usermessage
if (function_exists('my_cforms_logic')) {
$usermessage_text = my_cforms_logic($trackf, $usermessage_text, 'successMessage');
}
$umc = $usermessage_class != '' && $no > 1 ? ' ' . $usermessage_class . $no : '';
##debug
db("User info for form #{$no}");
### where to show message
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 0, 1) == 'y') {
$content .= $ntt . '<div id="usermessage' . $no . 'a" class="cf_info' . $usermessage_class . $umc . ' ">' . $usermessage_text . '</div>';
$actiontarget = 'a';
} else {
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 1, 1) == 'y') {
$actiontarget = 'b';
}
}
### multi page form: overwrite $no, move on to next form
if ($all_valid && isset($_REQUEST['sendbutton' . $no])) {
$isMPformNext = false;
### default
$oldcurrent = $no;
if ($isMPform && isset($_SESSION['cforms']) && $_SESSION['cforms']['current'] > 0 && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next'] != -1) {
$isMPformNext = true;
$no = check_form_name($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next']);
##debug
db("Session active and now moving on to form #{$no}");
### logic: possibly change next form
if (function_exists('my_cforms_logic')) {
$no = my_cforms_logic($trackf, $no, "nextForm");
}
### use trackf!
$oldcurrent = $_SESSION['cforms']['current'];
$_SESSION['cforms']['current'] = $no == '' ? 1 : $no;
$field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields'];
} elseif ($isMPform && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next'] == -1) {
##debug
db("Session was active but is being reset now");
$oldcurrent = $no;
$no = $_SESSION['cforms']['first'];
unset($_SESSION['cforms']);
$_SESSION['cforms']['current'] = 0;
$_SESSION['cforms']['first'] = $no;
$_SESSION['cforms']['pos'] = 1;
$field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields'];
}
}
##debug
db("All good, currently on form #{$no}");
##debug: optional
## db(print_r($_SESSION,1));
## db(print_r($track,1));
### redirect == 2 : hide form? || or if max entries reached! w/ SESSION support if#2
if ($all_valid && ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] && isset($_REQUEST['sendbutton' . $no]) || $cformsSettings['form' . $oldcurrent]['cforms' . $oldcurrent . '_hide'] && isset($_REQUEST['sendbutton' . $oldcurrent]))) {
return $content;
} else {
if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && get_cforms_submission_left($no) <= 0 || !cf_check_time($no)) {
if ($cflimit == "reached") {
return stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt']);
} else {
return $content . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt']);
}
}
}
### alternative form action
$alt_action = false;
if ($cformsSettings['form' . $no]['cforms' . $no . '_action'] == '1') {
$action = $cformsSettings['form' . $no]['cforms' . $no . '_action_page'];
$alt_action = true;
} else {
if ($isWPcommentForm) {
$action = $cforms_root . '/lib_WPcomment.php';
} else {
$action = get_current_page(false) . '#usermessage' . $no . $actiontarget;
}
}
### start with form tag
$content .= $ntt . '<form enctype="multipart/form-data" action="' . $action . '" method="post" class="cform' . ($cformsSettings['form' . $no]['cforms' . $no . '_dontclear'] ? ' cfnoreset' : '') . '" id="cforms' . $no . 'form">' . $nl;
### Session item counter (for default values)
$sItem = 1;
### start with no fieldset
$fieldsetopen = false;
$verification = false;
$captcha = false;
$upload = false;
$fscount = 1;
$ol = false;
for ($i = 1; $i <= $field_count; $i++) {
if (!$custom) {
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . $i]);
} else {
$field_stat = explode('$#$', $customfields[$i - 1]);
}
$field_name = $field_stat[0];
$field_type = $field_stat[1];
$field_required = $field_stat[2];
$field_emailcheck = $field_stat[3];
$field_clear = $field_stat[4];
$field_disabled = $field_stat[5];
$field_readonly = $field_stat[6];
### ommit certain fields
if (in_array($field_type, array('cauthor', 'url', 'email')) && $user->ID) {
continue;
}
### check for custom err message and split field_name
$obj = explode('|err:', $field_name, 2);
$fielderr = $obj[1];
if ($fielderr != '') {
switch ($field_type) {
case 'upload':
$custom_error .= 'cf_uploadfile' . $no . '-' . $i . '$#$' . $fielderr . '|';
break;
case 'captcha':
$custom_error .= 'cforms_captcha' . $no . '$#$' . $fielderr . '|';
break;
case 'verification':
$custom_error .= 'cforms_q' . $no . '$#$' . $fielderr . '|';
break;
case "cauthor":
case "url":
case "email":
case "comment":
$custom_error .= $field_type . '$#$' . $fielderr . '|';
break;
default:
preg_match('/^([^#\\|]*).*/', $field_name, $input_name);
if (strpos($input_name[1], '[id:') > 0) {
preg_match('/\\[id:(.+)\\]/', $input_name[1], $input_name);
}
$custom_error .= $cformsSettings['form' . $no]['cforms' . $no . '_customnames'] == '1' ? cf_sanitize_ids($input_name[1]) : 'cf' . $no . '_field_' . $i;
$custom_error .= '$#$' . $fielderr . '|';
break;
}
}
### check for title attrib
$obj = explode('|title:', $obj[0], 2);
$fieldTitle = $obj[1] != '' ? ' title="' . str_replace('"', '"', stripslashes($obj[1])) . '"' : '';
### special treatment for selectboxes
if (in_array($field_type, array('multiselectbox', 'selectbox', 'radiobuttons', 'send2author', 'luv', 'subscribe', 'checkbox', 'checkboxgroup', 'ccbox', 'emailtobox'))) {
$chkboxClicked = array();
if (in_array($field_type, array('luv', 'subscribe', 'checkbox', 'ccbox')) && strpos($obj[0], '|set:') > 1) {
$chkboxClicked = explode('|set:', stripslashes($obj[0]));
$obj[0] = $chkboxClicked[0];
}
$options = explode('#', stripslashes($obj[0]));
$field_name = $options[0];
}
### check if fieldset is open
if (!$fieldsetopen && !$ol && $field_type != 'fieldsetstart') {
$content .= $tt . '<ol class="cf-ol">';
$ol = true;
}
$labelclass = '';
### visitor verification
if (!$verification && $field_type == 'verification') {
srand(microtime() * 1000003);
$qall = explode("\r\n", $cformsSettings['global']['cforms_sec_qa']);
$n = rand(0, count(array_keys($qall)) - 1);
$q = $qall[$n];
$q = explode('=', $q);
### q[0]=qestion q[1]=answer
$field_name = stripslashes(htmlspecialchars($q[0]));
$labelclass = ' class="secq"';
} else {
if ($field_type == 'captcha') {
$labelclass = ' class="seccap"';
}
}
$defaultvalue = '';
### setting the default val & regexp if it exists
if (!in_array($field_type, array('fieldsetstart', 'fieldsetend', 'radiobuttons', 'send2author', 'luv', 'subscribe', 'checkbox', 'checkboxgroup', 'ccbox', 'emailtobox', 'multiselectbox', 'selectbox', 'verification'))) {
### check if default val & regexp are set
$obj = explode('|', $obj[0], 3);
if ($obj[2] != '') {
$reg_exp = str_replace('"', '"', stripslashes($obj[2]));
} else {
$reg_exp = '';
}
if ($obj[1] != '') {
$defaultvalue = str_replace('"', '"', check_default_vars(stripslashes($obj[1]), $no));
}
$field_name = $obj[0];
}
### label ID's
$labelIDx = '';
$labelID = $cformsSettings['global']['cforms_labelID'] == '1' ? ' id="label-' . $no . '-' . $i . '"' : '';
### <li> ID's
$liID = $cformsSettings['global']['cforms_liID'] == '1' || substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) == "y" || substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) == "y" ? ' id="li-' . $no . '-' . $i . '"' : '';
### input field names & label
if ($cformsSettings['form' . $no]['cforms' . $no . '_customnames'] == '1') {
if (strpos($field_name, '[id:') !== false) {
$idPartA = strpos($field_name, '[id:');
$idPartB = strpos($field_name, ']', $idPartA);
$input_id = $input_name = cf_sanitize_ids(substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4));
$field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1);
} else {
$input_id = $input_name = cf_sanitize_ids(stripslashes($field_name));
}
} else {
$input_id = $input_name = 'cf' . $no . '_field_' . $i;
}
$field_class = '';
$field_value = '';
switch ($field_type) {
case 'luv':
$input_id = $input_name = 'luv';
break;
case 'subscribe':
$input_id = $input_name = 'subscribe';
break;
case 'verification':
if (is_user_logged_in() && $cformsSettings['global']['cforms_captcha_def']['foqa'] != '1') {
continue 2;
}
$input_id = $input_name = 'cforms_q' . $no;
break;
case 'captcha':
if (is_user_logged_in() && $cformsSettings['global']['cforms_captcha_def']['fo'] != '1') {
continue 2;
}
$input_id = $input_name = 'cforms_captcha' . $no;
break;
case 'upload':
$input_id = $input_name = 'cf_uploadfile' . $no . '-' . $i;
$field_class = 'upload';
break;
case "send2author":
case "email":
case "cauthor":
case "url":
$input_id = $input_name = $field_type;
case "datepicker":
case "yourname":
case "youremail":
case "friendsname":
case "friendsemail":
case "textfield":
case "pwfield":
$field_class = 'single';
break;
case "hidden":
$field_class = 'hidden';
break;
case 'comment':
$input_id = $input_name = $field_type;
$field_class = 'area';
break;
case 'textarea':
$field_class = 'area';
break;
}
### additional field classes
if ($field_disabled) {
$field_class .= ' disabled';
}
if ($field_readonly) {
$field_class .= ' readonly';
}
if ($field_emailcheck) {
$field_class .= ' fldemail';
}
if ($field_required) {
$field_class .= ' fldrequired';
}
### error ?
$liERR = $insertErr = '';
### only for mp forms
if ($moveBack || $isMPformNext) {
$field_value = htmlspecialchars(stripslashes($_SESSION['cforms']['cf_form' . $no][$_SESSION['cforms']['cf_form' . $no]['$$$' . $sItem++]]));
}
if (!$all_valid) {
### errors...
if ($validations[$i] == 1) {
$field_class .= '';
} else {
$field_class .= ' cf_error';
### enhanced error display
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) == "y") {
$liERR = 'cf_li_err';
}
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) == "y") {
$insertErr = $fielderr != '' ? '<ul class="cf_li_text_err"><li>' . stripslashes($fielderr) . '</li></ul>' : '';
}
}
if ($field_type == 'multiselectbox' || $field_type == 'checkboxgroup') {
$field_value = $_REQUEST[$input_name];
### in this case it's an array! will do the stripping later
} else {
$field_value = htmlspecialchars(stripslashes($_REQUEST[$input_name]));
}
} else {
if (!isset($_REQUEST['sendbutton' . $no]) && isset($_REQUEST[$input_name]) || $cformsSettings['form' . $no]['cforms' . $no . '_dontclear']) {
### only pre-populating fields...
if ($field_type == 'multiselectbox' || $field_type == 'checkboxgroup') {
$field_value = $_REQUEST[$input_name];
} else {
$field_value = htmlspecialchars(stripslashes($_REQUEST[$input_name]));
}
}
}
### print label only for non "textonly" fields! Skip some others too, and handle them below indiv.
if (!in_array($field_type, array('hidden', 'textonly', 'fieldsetstart', 'fieldsetend', 'ccbox', 'luv', 'subscribe', 'checkbox', 'checkboxgroup', 'send2author', 'radiobuttons'))) {
$content .= $nttt . '<li' . $liID . ' class="' . $liERR . '">' . $insertErr . '<label' . $labelID . ' for="' . $input_id . '"' . $labelclass . '><span>' . stripslashes($field_name) . '</span></label>';
}
### if not reloaded (due to err) then use default values
if ($field_value == '' && $defaultvalue != '') {
$field_value = $defaultvalue;
}
### field disabled or readonly, greyed out?
$disabled = $field_disabled ? ' disabled="disabled"' : '';
$readonly = $field_readonly ? ' readonly="readonly"' : '';
### add input field
$dp = '';
$naming = false;
$field = '';
$val = '';
$force_checked = false;
$cookieset = '';
switch ($field_type) {
case "upload":
$upload = true;
### set upload flag for ajax suppression!
$field = '<input' . $readonly . $disabled . ' type="file" name="cf_uploadfile' . $no . '[]" id="cf_uploadfile' . $no . '-' . $i . '" class="cf_upload ' . $field_class . '"' . $fieldTitle . '/>';
break;
case "textonly":
$field .= $nttt . '<li' . $liID . ' class="textonly' . ($defaultvalue != '' ? ' ' . $defaultvalue : '') . '"' . ($reg_exp != '' ? ' style="' . $reg_exp . '" ' : '') . '>' . stripslashes($field_name) . '</li>';
break;
case "fieldsetstart":
if ($fieldsetopen) {
$field = $ntt . '</ol>' . $nl . $tt . '</fieldset>' . $nl;
$fieldsetopen = false;
$ol = false;
}
if (!$fieldsetopen) {
if ($ol) {
$field = $ntt . '</ol>' . $nl;
}
$field .= $tt . '<fieldset class="cf-fs' . $fscount++ . '">' . $nl . $tt . '<legend>' . stripslashes($field_name) . '</legend>' . $nl . $tt . '<ol class="cf-ol">';
$fieldsetopen = true;
$ol = true;
}
break;
case "fieldsetend":
if ($fieldsetopen) {
$field = $ntt . '</ol>' . $nl . $tt . '</fieldset>' . $nl;
$fieldsetopen = false;
$ol = false;
} else {
$field = '';
}
break;
case "verification":
$field = '<input type="text" name="' . $input_name . '" id="cforms_q' . $no . '" class="secinput ' . $field_class . '" value=""' . $fieldTitle . '/>';
$verification = true;
break;
case "captcha":
$field = '<input type="text" name="' . $input_name . '" id="cforms_captcha' . $no . '" class="secinput' . $field_class . '" value=""' . $fieldTitle . '/>' . '<img id="cf_captcha_img' . $no . '" class="captcha" src="' . $cforms_root . '/cforms-captcha.php?ts=' . $no . get_captcha_uri() . '" alt=""/>' . '<a title="' . __('reset captcha image', 'cforms') . '" href="javascript:reset_captcha(\'' . $no . '\')"><img class="captcha-reset" src="' . $cforms_root . '/images/spacer.gif" alt="Captcha"/></a>';
$captcha = true;
break;
case "cauthor":
$cookieset = 'comment_author_' . COOKIEHASH;
case "url":
$cookieset = $cookieset == '' ? 'comment_author_url_' . COOKIEHASH : $cookieset;
case "email":
$cookieset = $cookieset == '' ? 'comment_author_email_' . COOKIEHASH : $cookieset;
$field_value = $_COOKIE[$cookieset] != '' ? $_COOKIE[$cookieset] : $field_value;
case "datepicker":
case "yourname":
case "youremail":
case "friendsname":
case "friendsemail":
case "textfield":
case "pwfield":
$field_value = check_post_vars($field_value);
$type = $field_type == 'pwfield' ? 'password' : 'text';
$field_class = $field_type == 'datepicker' ? $field_class . ' cf_date' : $field_class;
$onfocus = $field_clear ? ' onfocus="clearField(this)" onblur="setField(this)"' : '';
$field = '<input' . $readonly . $disabled . ' type="' . $type . '" name="' . $input_name . '" id="' . $input_id . '" class="' . $field_class . '" value="' . $field_value . '"' . $onfocus . $fieldTitle . '/>';
if ($reg_exp != '') {
$field .= '<input type="hidden" name="' . $input_name . '_regexp" id="' . $input_id . '_regexp" value="' . $reg_exp . '"' . $fieldTitle . '/>';
}
$field .= $dp;
break;
case "hidden":
$field_value = check_post_vars($field_value);
if (preg_match('/^<([a-zA-Z0-9]+)>$/', $field_value, $getkey)) {
$field_value = $_GET[$getkey[1]];
}
$field .= $nttt . '<li class="cf_hidden"><input type="hidden" class="cfhidden" name="' . $input_name . '" id="' . $input_id . '" value="' . $field_value . '"' . $fieldTitle . '/></li>';
break;
case "comment":
case "textarea":
$onfocus = $field_clear ? ' onfocus="clearField(this)" onblur="setField(this)"' : '';
$field = '<textarea' . $readonly . $disabled . ' cols="30" rows="8" name="' . $input_name . '" id="' . $input_id . '" class="' . $field_class . '"' . $onfocus . $fieldTitle . '>' . $field_value . '</textarea>';
if ($reg_exp != '') {
$field .= '<input type="hidden" name="' . $input_name . '_regexp" id="' . $input_id . '_regexp" value="' . $reg_exp . '"' . $fieldTitle . '/>';
}
break;
case "subscribe":
if (class_exists('sg_subscribe') && $field_type == 'subscribe') {
global $sg_subscribe;
sg_subscribe_start();
if (($email = $sg_subscribe->current_viewer_subscription_status()) == 'admin' && current_user_can('manage_options')) {
$field .= '<li' . $liID . '>' . str_replace('[manager_link]', $sg_subscribe->manage_link($email, true, false), $sg_subscribe->author_text) . '</li>';
continue;
} else {
if ($email != '') {
$field .= '<li' . $liID . '>' . str_replace('[manager_link]', $sg_subscribe->manage_link($email, true, false), $sg_subscribe->subscribed_text) . '</li>';
continue;
}
}
$val = ' value="subscribe"';
}
case "luv":
if (function_exists('comment_luv') && $field_type == 'luv') {
get_currentuserinfo();
global $user_level;
if ($user_level == 10) {
continue 2;
}
//empty for now
$val = ' value="luv"';
}
case "ccbox":
case "checkbox":
if (!$field_value) {
$preChecked = strpos($chkboxClicked[1], 'true') !== false ? ' checked="checked"' : '';
} else {
$preChecked = $field_value && $field_value != '-' ? ' checked="checked"' : '';
}
### '-' for mp session!
$err = '';
if (!$all_valid && $validations[$i] != 1) {
$err = ' cf_errortxt';
}
if ($options[1] != '') {
$opt = explode('|', $options[1], 2);
$before = '<li' . $liID . ' class="' . $liERR . '">' . $insertErr;
$after = '<label' . $labelID . ' for="' . $input_id . '" class="cf-after' . $err . '"><span>' . $opt[0] . '</span></label></li>';
$ba = 'a';
} else {
$opt = explode('|', $field_name, 2);
$before = '<li' . $liID . ' class="' . $liERR . '">' . $insertErr . '<label' . $labelID . ' for="' . $input_name . '" class="cf-before' . $err . '"><span>' . $opt[0] . '</span></label>';
$after = '</li>';
$ba = 'b';
}
### if | val provided, then use "X"
if ($val == '') {
$val = $opt[1] != '' ? ' value="' . $opt[1] . '"' : '';
}
$field = $nttt . $before . '<input' . $readonly . $disabled . ' type="checkbox" name="' . $input_name . '" id="' . $input_id . '" class="cf-box-' . $ba . $field_class . '"' . $val . $fieldTitle . $preChecked . '/>' . $after;
break;
case "checkboxgroup":
$liID_b = $liID != '' ? substr($liID, 0, -1) . 'items"' : '';
array_shift($options);
$field .= $nttt . '<li' . $liID . ' class="cf-box-title">' . $field_name . '</li>' . $nttt . '<li' . $liID_b . ' class="cf-box-group">';
$id = 1;
$j = 0;
### mp session support
if ($moveBack || $isMPformNext) {
$field_value = explode(',', $field_value);
}
foreach ($options as $option) {
### supporting names & values
$boxPreset = explode('|set:', $option);
$opt = explode('|', $boxPreset[0], 2);
if ($opt[1] == '') {
$opt[1] = $opt[0];
}
$checked = '';
if ($moveBack || $isMPformNext) {
if (in_array($opt[1], array_values($field_value))) {
$checked = 'checked="checked"';
}
} elseif (is_array($field_value)) {
if ($opt[1] == htmlspecialchars(stripslashes(strip_tags($field_value[$j])))) {
$checked = 'checked="checked"';
$j++;
}
} else {
if (strpos($boxPreset[1], 'true') !== false) {
$checked = ' checked="checked"';
}
}
if ($labelID != '') {
$labelIDx = substr($labelID, 0, -1) . $id . '"';
}
if ($opt[0] == '') {
$field .= $nttt . $tab . '<br />';
} else {
$field .= $nttt . $tab . '<input' . $readonly . $disabled . ' type="checkbox" id="' . $input_id . '-' . $id . '" name="' . $input_name . '[]" value="' . $opt[1] . '" ' . $checked . ' class="cf-box-b"' . $fieldTitle . '/>' . '<label' . $labelIDx . ' for="' . $input_id . '-' . $id++ . '" class="cf-group-after"><span>' . $opt[0] . "</span></label>";
}
}
$field .= $nttt . '</li>';
break;
case "multiselectbox":
### $field .= $nttt . '<li><label ' . $labelID . ' for="'.$input_name.'"'. $labelclass . '><span>' . stripslashes(($field_name)) . '</span></label>';
$field .= '<select' . $readonly . $disabled . ' multiple="multiple" name="' . $input_name . '[]" id="' . $input_id . '" class="cfselectmulti ' . $field_class . '"' . $fieldTitle . '>';
array_shift($options);
$j = 0;
### mp session support
if ($moveBack || $isMPformNext) {
$field_value = explode(',', $field_value);
}
foreach ($options as $option) {
### supporting names & values
$optPreset = explode('|set:', $option);
$opt = explode('|', $optPreset[0], 2);
if ($opt[1] == '') {
$opt[1] = $opt[0];
}
$checked = '';
if ($moveBack || $isMPformNext) {
if (in_array($opt[1], array_values($field_value))) {
$checked = 'selected="selected"';
}
} elseif (is_array($field_value)) {
if ($opt[1] == stripslashes(htmlspecialchars(strip_tags($field_value[$j])))) {
$checked = ' selected="selected"';
$j++;
}
} else {
if (strpos($optPreset[1], 'true') !== false) {
$checked = ' selected="selected"';
}
}
$field .= $nttt . $tab . '<option value="' . str_replace('"', '"', $opt[1]) . '"' . $checked . '>' . $opt[0] . '</option>';
}
$field .= $nttt . '</select>';
break;
case "emailtobox":
case "selectbox":
$field = '<select' . $readonly . $disabled . ' name="' . $input_name . '" id="' . $input_id . '" class="cformselect' . $field_class . '" ' . $fieldTitle . '>';
array_shift($options);
$jj = $j = 0;
foreach ($options as $option) {
### supporting names & values
$optPreset = explode('|set:', $option);
$opt = explode('|', $optPreset[0], 2);
if ($opt[1] == '') {
$opt[1] = $opt[0];
}
### email-to-box valid entry?
if ($field_type == 'emailtobox' && $opt[1] != '-') {
$jj = $j++;
} else {
$jj = '--';
}
$checked = '';
if ($field_value == '') {
if (strpos($optPreset[1], 'true') !== false) {
$checked = ' selected="selected"';
}
} else {
if ($opt[1] == $field_value || $jj == $field_value) {
$checked = ' selected="selected"';
}
}
$field .= $nttt . $tab . '<option value="' . ($field_type == 'emailtobox' ? $jj : $opt[1]) . '"' . $checked . '>' . $opt[0] . '</option>';
}
$field .= $nttt . '</select>';
break;
case "send2author":
$force_checked = strpos($field_stat[0], '|set:') === false ? true : false;
case "radiobuttons":
$liID_b = $liID != '' ? substr($liID, 0, -1) . 'items"' : '';
### only if label ID's active
array_shift($options);
$field .= $nttt . '<li' . $liID . ' class="' . $liERR . ' cf-box-title">' . $insertErr . $field_name . '</li>' . $nttt . '<li' . $liID_b . ' class="cf-box-group">';
$id = 1;
foreach ($options as $option) {
$checked = '';
### supporting names & values
$radioPreset = explode('|set:', $option);
$opt = explode('|', $radioPreset[0], 2);
if ($opt[1] == '') {
$opt[1] = $opt[0];
}
if ($field_value == '') {
if (strpos($radioPreset[1], 'true') !== false || $force_checked && $id == 1) {
$checked = ' checked="checked"';
}
} else {
if ($opt[1] == $field_value) {
$checked = ' checked="checked"';
}
}
if ($labelID != '') {
$labelIDx = substr($labelID, 0, -1) . $id . '"';
}
if ($opt[0] == '') {
$field .= $nttt . $tab . '<br />';
} else {
$field .= $nttt . $tab . '<input' . $readonly . $disabled . ' type="radio" id="' . $input_id . '-' . $id . '" name="' . $input_name . '" value="' . $opt[1] . '"' . $checked . ' class="cf-box-b' . ($second ? ' cformradioplus' : '') . ($field_required ? ' fldrequired' : '') . '"' . $fieldTitle . '/>' . '<label' . $labelIDx . ' for="' . $input_id . '-' . $id++ . '" class="cf-after"><span>' . $opt[0] . "</span></label>";
}
}
$field .= $nttt . '</li>';
break;
}
### add new field
$content .= $field;
### adding "required" text if needed
if ($field_emailcheck == 1) {
$content .= '<span class="emailreqtxt">' . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_emailrequired']) . '</span>';
} else {
if ($field_required == 1 && !in_array($field_type, array('ccbox', 'luv', 'subscribe', 'checkbox', 'radiobuttons'))) {
$content .= '<span class="reqtxt">' . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_required']) . '</span>';
}
}
### close out li item
if (!in_array($field_type, array('hidden', 'fieldsetstart', 'fieldsetend', 'radiobuttons', 'luv', 'subscribe', 'checkbox', 'checkboxgroup', 'ccbox', 'textonly', 'send2author'))) {
$content .= '</li>';
}
}
### all fields
### close any open tags
if ($ol) {
$content .= $ntt . '</ol>';
}
if ($fieldsetopen) {
$content .= $ntt . '</fieldset>';
}
### rest of the form
if ($cformsSettings['form' . $no]['cforms' . $no . '_ajax'] == '1' && !$upload && !$custom && !$alt_action) {
$ajaxenabled = ' onclick="return cforms_validate(\'' . $no . '\', false)"';
} else {
if (($upload || $custom || $alt_action) && $cformsSettings['form' . $no]['cforms' . $no . '_ajax'] == '1') {
$ajaxenabled = ' onclick="return cforms_validate(\'' . $no . '\', true)"';
} else {
$ajaxenabled = '';
}
}
### just to appease html "strict"
$content .= $ntt . '<fieldset class="cf_hidden">' . $nttt . '<legend> </legend>';
### if visitor verification turned on:
if ($verification) {
$content .= $nttt . '<input type="hidden" name="cforms_a' . $no . '" id="cforms_a' . $no . '" value="' . md5(rawurlencode(strtolower($q[1]))) . '"/>';
}
### custom error
$custom_error = substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) . substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) . substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 4, 1) . $custom_error;
### TAF or WP comment or Extra Fields
if ((int) $isTAF > 0) {
$nono = $isWPcommentForm ? '' : $no;
if ($isWPcommentForm) {
$content .= $nttt . '<input type="hidden" name="comment_parent" id="comment_parent" value="' . ($_REQUEST['replytocom'] != '' ? $_REQUEST['replytocom'] : '0') . '"/>';
}
$content .= $nttt . '<input type="hidden" name="comment_post_ID' . $nono . '" id="comment_post_ID' . $nono . '" value="' . (isset($_GET['pid']) ? $_GET['pid'] : get_the_ID()) . '"/>' . $nttt . '<input type="hidden" name="cforms_pl' . $no . '" id="cforms_pl' . $no . '" value="' . (isset($_GET['pid']) ? get_permalink($_GET['pid']) : get_permalink()) . '"/>';
}
$content .= $nttt . '<input type="hidden" name="cf_working' . $no . '" id="cf_working' . $no . '" value="' . rawurlencode($cformsSettings['form' . $no]['cforms' . $no . '_working']) . '"/>' . $nttt . '<input type="hidden" name="cf_failure' . $no . '" id="cf_failure' . $no . '" value="' . rawurlencode($cformsSettings['form' . $no]['cforms' . $no . '_failure']) . '"/>' . $nttt . '<input type="hidden" name="cf_codeerr' . $no . '" id="cf_codeerr' . $no . '" value="' . rawurlencode($cformsSettings['global']['cforms_codeerr']) . '"/>' . $nttt . '<input type="hidden" name="cf_customerr' . $no . '" id="cf_customerr' . $no . '" value="' . rawurlencode($custom_error) . '"/>' . $nttt . '<input type="hidden" name="cf_popup' . $no . '" id="cf_popup' . $no . '" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_popup'] . '"/>';
$content .= $ntt . '</fieldset>';
### multi page form: reset
$reset = '';
if ($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_form'] && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_reset']) {
$reset = '<input tabindex="999" type="submit" name="resetbutton' . $no . '" id="resetbutton' . $no . '" class="resetbutton" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_resettext'] . '" onclick="return confirm(\'' . __('Note: This will reset all your input!', 'cforms') . '\')">';
}
### multi page form: back
$back = '';
if ($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_form'] && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_back']) {
$back = '<input type="submit" name="backbutton' . $no . '" id="backbutton' . $no . '" class="backbutton" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_backtext'] . '">';
}
$content .= $ntt . '<p class="cf-sb">' . $reset . $back . '<input type="submit" name="sendbutton' . $no . '" id="sendbutton' . $no . '" class="sendbutton" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_submit_text'] . '"' . $ajaxenabled . '/></p>';
$content .= $ntt . '</form>';
### Thank you for leaving this in place
$content .= $ntt . '<p class="linklove" id="ll' . $no . '"><a href="http://www.deliciousdays.com/cforms-plugin"><em>cforms</em> contact form by delicious:days</a></p>';
### either show message above or below
$usermessage_text = check_default_vars($usermessage_text, $no);
$usermessage_text = check_cust_vars($usermessage_text, $track, $no);
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 1, 1) == 'y' && !($success && $cformsSettings['form' . $no]['cforms' . $no . '_hide'])) {
$content .= $tt . '<div id="usermessage' . $no . 'b" class="cf_info ' . $usermessage_class . $umc . '" >' . $usermessage_text . '</div>' . $nl;
}
### flush debug messages
dbflush();
return $content;
}
function cforms2_database_getentries()
{
check_admin_referer('database_getentries');
if (!current_user_can('track_cforms')) {
die("access restricted.");
}
global $wpdb;
$wpdb->cformssubmissions = $wpdb->prefix . 'cformssubmissions';
$wpdb->cformsdata = $wpdb->prefix . 'cformsdata';
### new global settings container, will eventually be the only one!
$cformsSettings = get_option('cforms_settings');
$showIDs = $_POST['showids'];
if ($showIDs != '') {
$sortBy = isset($_POST['sortby']) && $_POST['sortby'] != '' ? $_POST['sortby'] : 'sub_id';
$sortOrder = isset($_POST['sortorder']) && $_POST['sortorder'] === 'asc' ? 'asc' : 'desc';
$qtype = $_POST['qtype'];
### get form id from name
$query = str_replace('*', '', $_POST['query']);
$form_ids = false;
if ($qtype == 'form_id' && $query != '') {
$forms = $cformsSettings['global']['cforms_formcount'];
for ($i = 0; $i < $forms; $i++) {
$no = $i == 0 ? '' : $i + 1;
if (preg_match('/' . $query . '/i', $cformsSettings['form' . $no]['cforms' . $no . '_fname'])) {
$form_ids = $form_ids . "'{$no}',";
}
}
$querystr = !$form_ids ? '$%&/' : ' form_id IN (' . substr($form_ids, 0, -1) . ')';
} else {
$querystr = '%' . $query . '%';
}
$sql = "SELECT *, form_id, ip FROM {$wpdb->cformsdata}, {$wpdb->cformssubmissions} WHERE sub_id=id ";
$sqlargs = array();
if ($showIDs != 'all') {
$sub_ids = explode(',', substr($showIDs, 0, -1));
$placeholder = implode(',', array_fill(0, count($sub_ids), '%d'));
$sql .= "AND sub_id in ({$placeholder}) ";
$sqlargs = array_merge($sqlargs, $sub_ids);
}
if ($form_ids) {
$sql .= "AND %s ";
$sqlargs[] = $querystr;
} elseif ($query != '') {
$sql .= "AND %s LIKE %s ";
$sqlargs[] = $qtype;
$sqlargs[] = $querystr;
}
$sql .= "ORDER BY %s {$sortOrder}, f_id";
$sqlargs[] = $sortBy;
$sql = $wpdb->prepare($sql, $sqlargs);
$entries = $wpdb->get_results($sql);
cforms2_dbg($sql);
?>
<div id="top">
<?php
if ($entries) {
$sub_id = '';
foreach ($entries as $entry) {
if ($sub_id != $entry->sub_id) {
if ($sub_id != '') {
echo '</div>';
}
$sub_id = $entry->sub_id;
$date = mysql2date(get_option('date_format'), $entry->sub_date);
$time = mysql2date(get_option('time_format'), $entry->sub_date);
echo '<div class="showform" id="entry' . $entry->sub_id . '">' . '<table class="dataheader"><tr><td>' . __('Form:', 'cforms2') . ' </td><td class="b">' . stripslashes($cformsSettings['form' . $entry->form_id]['cforms' . $entry->form_id . '_fname']) . '</td><td class="e">(ID:' . $entry->sub_id . ')</td><td class="d">' . $time . ' ' . $date . '</td>' . '<td class="s"> </td><td><a href="#" class="xdatabutton allbuttons deleteall" type="submit" id="xbutton' . $entry->sub_id . '">' . __('Delete this entry', 'cforms2') . '</a></td>' . '<td><a class="cdatabutton dashicons dashicons-dismiss" type="submit" id="cbutton' . $entry->sub_id . '" title="' . __('close this entry', 'cforms2') . '"></a></td>' . "</tr></table>\n";
}
$name = $entry->field_name == '' ? '' : stripslashes($entry->field_name);
$val = $entry->field_val == '' ? '' : stripslashes($entry->field_val);
if (strpos($name, '[*') !== false) {
// attachments?
preg_match('/.*\\[\\*(.*)\\]$/i', $name, $r);
$no = $r[1] == '' ? $entry->form_id : ($r[1] == 1 ? '' : $r[1]);
$temp = explode('$#$', stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_upload_dir'])));
$fileuploaddir = $temp[0];
$fileuploaddirurl = $temp[1];
$subID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->sub_id . '-';
if ($fileuploaddirurl == '') {
$fileurl = get_site_url() . substr(trailingslashit($fileuploaddir), strlen(get_home_path()) - 1);
} else {
$fileurl = trailingslashit($fileuploaddirurl);
}
$passID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->sub_id;
$fileInfoArr = array('name' => strip_tags($val), 'path' => $fileurl, 'subID' => $passID);
if (function_exists('my_cforms_logic')) {
$fileInfoArr = my_cforms_logic($entries, $fileInfoArr, 'fileDestinationTrackingPage');
}
if (!array_key_exists('modified', $fileInfoArr)) {
$fileInfoArr['name'] = $subID . $fileInfoArr['name'];
}
$fileurl = $fileInfoArr['path'] . $fileInfoArr['name'] . $_GET['format'];
echo '<div class="showformfield meta"><div class="L">';
echo substr($name, 0, strpos($name, '[*'));
if ($entry->field_val == '') {
echo '</div><div class="R">' . __('-', 'cforms2') . '</div></div>' . "\n";
} else {
echo '</div><div class="R">' . '<a href="' . $fileurl . '">' . str_replace("\n", "<br />", strip_tags($val)) . '</a>' . '</div></div>' . "\n";
}
} elseif ($name == 'page') {
// special field: page
echo '<div class="showformfield meta"><div class="L">';
_e('Submitted via page', 'cforms2');
echo '</div><div class="R">' . str_replace("\n", "<br />", strip_tags($val)) . '</div></div>' . "\n";
echo '<div class="showformfield meta"><div class="L">';
_e('IP address', 'cforms2');
echo '</div><div class="R"><a href="http://geomaplookup.net/?ip=' . $entry->ip . '" title="' . __('IP Lookup', 'cforms2') . '">' . $entry->ip . '</a></div></div>' . "\n";
} elseif (strpos($name, 'Fieldset') !== false) {
if (strpos($name, 'FieldsetEnd') === false) {
echo '<div class="showformfield tfieldset"><div class="L"> </div><div class="R">' . strip_tags($val) . '</div></div>' . "\n";
}
} else {
echo '<div class="showformfield"><div class="L">' . $name . '</div>' . '<div id="' . $entry->f_id . '" class="R">' . str_replace("\n", "<br />", strip_tags($val)) . '</div></div>' . "\n";
}
}
echo '</div>';
} else {
?>
<p align="center"><?php
_e('Sorry, data not found. Please refresh your data table.', 'cforms2');
?>
</p>
</div>
<?php
}
}
die;
}
function cforms_submitcomment($content)
{
global $cformsSettings, $wpdb, $subID, $smtpsettings, $track, $trackf, $Ajaxpid, $AjaxURL, $wp_locale, $abspath;
$WPsuccess = false;
### WP Comment flag
$isAjaxWPcomment = strpos($content, '***');
### WP comment feature
$content = explode('***', $content);
$content = $content[0];
$content = explode('+++', $content);
### Added special fields
if (count($content) > 3) {
$commentparent = $content[1];
$Ajaxpid = $content[2];
$AjaxURL = $content[3];
} else {
$Ajaxpid = $content[1];
$AjaxURL = $content[2];
}
$segments = explode('$#$', $content[0]);
$params = array();
$sep = strpos(__FILE__, '/') === false ? '\\' : '/';
$WPpluggable = $abspath . 'wp-includes' . $sep . 'pluggable.php';
if (file_exists($WPpluggable)) {
require_once $WPpluggable;
}
$CFfunctionsC = dirname(dirname(__FILE__)) . $cformsSettings['global']['cforms_IIS'] . 'cforms-custom' . $cformsSettings['global']['cforms_IIS'] . 'my-functions.php';
$CFfunctions = dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . 'my-functions.php';
if (file_exists($CFfunctionsC)) {
include_once $CFfunctionsC;
} else {
if (file_exists($CFfunctions)) {
include_once $CFfunctions;
}
}
if (function_exists('wp_get_current_user')) {
$user = wp_get_current_user();
}
for ($i = 1; $i <= sizeof($segments); $i++) {
$params['field_' . $i] = $segments[$i];
}
### fix reference to first form
if ($segments[0] == '1') {
$params['id'] = $no = '';
} else {
$params['id'] = $no = $segments[0];
}
### TAF flag
$isTAF = substr($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'], 0, 1);
### user filter ?
if (function_exists('my_cforms_ajax_filter')) {
$params = my_cforms_ajax_filter($params);
}
### init variables
$track = array();
$trackinstance = array();
$to_one = -1;
$ccme = false;
$field_email = '';
$off = 0;
$fieldsetnr = 1;
$taf_youremail = false;
$taf_friendsemail = false;
### form limit reached
if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && get_cforms_submission_left($no) == 0 || !cf_check_time($no)) {
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1);
return $pre . preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt'])) . $hide;
}
### for comment luv
get_currentuserinfo();
global $user_level;
### Subscribe-To-Comments
$isSubscribed == '';
if (class_exists('sg_subscribe')) {
global $sg_subscribe;
sg_subscribe_start();
$isSubscribed = $sg_subscribe->current_viewer_subscription_status();
}
$captchaopt = $cformsSettings['global']['cforms_captcha_def'];
for ($i = 1; $i <= sizeof($params) - 2; $i++) {
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
while (in_array($field_stat[1], array('fieldsetstart', 'fieldsetend', 'textonly', 'captcha', 'verification'))) {
if ($field_stat[1] == 'captcha' && !(is_user_logged_in() && !$captchaopt['fo'] == '1')) {
break;
}
if ($field_stat[1] == 'verification' && !(is_user_logged_in() && !$captchaopt['foqa'] == '1')) {
break;
}
if ($field_stat[1] == 'fieldsetstart') {
$track['$$$' . ((int) $i + (int) $off)] = 'Fieldset' . $fieldsetnr;
$track['Fieldset' . $fieldsetnr++] = $field_stat[0];
} elseif ($field_stat[1] == 'fieldsetend') {
$track['FieldsetEnd' . $fieldsetnr++] = '--';
}
### get next in line...
$off++;
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
if ($field_stat[1] == '') {
break 2;
}
### all fields searched, break both while & for
}
### filter all redundant WP comment fields if user is logged in
while (in_array($field_stat[1], array('cauthor', 'email', 'url')) && $user->ID) {
$temp = explode('|', $field_stat[0], 3);
### get field name
$temp = explode('#', $temp[0], 2);
switch ($field_stat[1]) {
case 'cauthor':
$track['cauthor'] = $track[$temp[0]] = $user->display_name;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
case 'email':
$track['email'] = $track[$temp[0]] = $field_email = $user->user_email;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
case 'url':
$track['url'] = $track[$temp[0]] = $user->user_url;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
}
$off++;
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
if ($field_stat[1] == '') {
break 2;
}
### all fields searched, break both while & for
}
$field_name = $field_stat[0];
$field_type = $field_stat[1];
### remove [id: ] first
if (strpos($field_name, '[id:') !== false) {
$idPartA = strpos($field_name, '[id:');
$idPartB = strpos($field_name, ']', $idPartA);
$customTrackingID = substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4);
$field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1);
} else {
$customTrackingID = '';
}
### dissect field
$obj = explode('|', $field_name, 3);
### strip out default value
$field_name = $obj[0];
### special WP comment fields
if (in_array($field_stat[1], array('luv', 'subscribe', 'cauthor', 'email', 'url', 'comment', 'send2author'))) {
$temp = explode('#', $field_name, 2);
if ($temp[0] == '') {
$field_name = $field_stat[1];
} else {
$field_name = $temp[0];
}
### keep copy of values
$track[$field_stat[1]] = stripslashes($params['field_' . $i]);
if ($field_stat[1] == 'email') {
$field_email = $params['field_' . $i];
}
}
### special Tell-A-Friend fields
if ($taf_friendsemail == '' && $field_type == 'friendsemail' && $field_stat[3] == '1') {
$field_email = $taf_friendsemail = $params['field_' . $i];
}
if ($taf_youremail == '' && $field_type == 'youremail' && $field_stat[3] == '1') {
$taf_youremail = $params['field_' . $i];
}
if ($field_type == 'friendsname') {
$taf_friendsname = $params['field_' . $i];
}
if ($field_type == 'yourname') {
$taf_yourname = $params['field_' . $i];
}
### lets find an email field ("Is Email") and that's not empty!
if ($field_email == '' && $field_stat[3] == '1') {
$field_email = $params['field_' . $i];
}
### special case: select & radio
if ($field_type == "multiselectbox" || $field_type == "selectbox" || $field_type == "radiobuttons" || $field_type == "checkboxgroup") {
$field_name = explode('#', $field_name);
$field_name = $field_name[0];
}
### special case: check box
if ($field_type == "checkbox" || $field_type == "ccbox") {
$field_name = explode('#', $field_name);
$field_name = $field_name[1] == '' ? $field_name[0] : $field_name[1];
$field_name = explode('|', $field_name);
$field_name = $field_name[0];
### if ccbox & checked
if ($field_type == "ccbox" && $params['field_' . $i] != "-") {
$ccme = 'field_' . $i;
}
}
if ($field_type == "emailtobox") {
### special case where the value needs to bet get from the DB!
$to_one = $params['field_' . $i];
$field_name = explode('#', $field_stat[0]);
### can't use field_name, since '|' check earlier
$tmp = explode('|', $field_name[$to_one + 1]);
### remove possible |set:true
$value = $tmp[0];
### values start from 0 or after!
$to = $replyto = stripslashes($tmp[1]);
$field_name = $field_name[0];
} else {
if (strtoupper(get_option('blog_charset')) != 'UTF-8' && function_exists('mb_convert_encoding')) {
$value = mb_convert_encoding(utf8_decode(stripslashes($params['field_' . $i])), get_option('blog_charset'));
} else {
$value = stripslashes($params['field_' . $i]);
}
}
### only if hidden!
if ($field_type == 'hidden') {
$value = rawurldecode($value);
}
### Q&A verification
if ($field_type == "verification") {
$field_name = __('Q&A', 'cforms');
}
### determine tracked field name
$inc = '';
$trackname = trim($field_name);
if (array_key_exists($trackname, $track)) {
if ($trackinstance[$trackname] == '') {
$trackinstance[$trackname] = 2;
}
$inc = '___' . $trackinstance[$trackname]++;
}
$track['$$$' . (int) ($i + $off)] = $trackname . $inc;
$track[$trackname . $inc] = $value;
if ($customTrackingID != '') {
$track['$$$' . $customTrackingID] = $trackname . $inc;
}
}
### for
### assemble text & html email
$r = formatEmail($track, $no);
$formdata = $r['text'];
$htmlformdata = $r['html'];
###
### record:
###
$subID = $isTAF == '2' && $track['send2author'] != '1' ? 'noid' : write_tracking_record($no, $field_email);
###
### allow the user to use form data for other apps
###
$trackf['id'] = $no;
$trackf['data'] = $track;
if (function_exists('my_cforms_action')) {
my_cforms_action($trackf);
}
### Catch WP-Comment function | if send2author just continue
if ($isAjaxWPcomment !== false && $track['send2author'] == '0') {
require_once dirname(__FILE__) . '/lib_WPcomment.php';
### Catch WP-Comment function: error
if (!$WPsuccess) {
return $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1) . $WPresp . '|---';
}
}
### Catch WP-Comment function
### multiple recipients? and to whom is the email sent? to_one = picked recip.
if ($isAjaxWPcomment !== false && $track['send2author'] == '1') {
$to = $wpdb->get_results("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = {$Ajaxpid} AND U.ID=P.post_author");
$to = $replyto = $to[0]->user_email != '' ? $to[0]->user_email : $replyto;
} else {
if (!($to_one != -1 && $to != '')) {
$to = $replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_email']));
}
}
### from
$frommail = check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track, $no);
### T-A-F override?
if ($isTAF == '1' && $taf_youremail && $taf_friendsemail) {
$replyto = "\"{$taf_yourname}\" <{$taf_youremail}>";
}
### logic: dynamic admin email address
if (function_exists('my_cforms_logic')) {
$to = my_cforms_logic($trackf, $to, 'adminTO');
}
### use trackf!
### either use configured subject or user determined
$vsubject = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_subject']);
$vsubject = check_default_vars($vsubject, $no);
$vsubject = check_cust_vars($vsubject, $track, $no);
### prep message text, replace variables
$message = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header']);
if (function_exists('my_cforms_logic')) {
$message = my_cforms_logic($trackf, $message, 'adminEmailTXT');
}
$message = check_default_vars($message, $no);
$message = check_cust_vars($message, $track, $no);
### actual user message
$htmlmessage = '';
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 2, 1) == '1') {
$htmlmessage = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header_html']);
if (function_exists('my_cforms_logic')) {
$htmlmessage = my_cforms_logic($trackf, $htmlmessage, 'adminEmailHTML');
}
$htmlmessage = check_default_vars($htmlmessage, $no);
$htmlmessage = check_cust_vars($htmlmessage, $track, $no);
}
$mail = new cf_mail($no, $frommail, $to, $field_email, true);
$mail->subj = $vsubject;
$mail->char_set = 'utf-8';
### HTML email
if ($mail->html_show) {
$mail->is_html(true);
$mail->body = "<html>" . $mail->eol . "<body>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol;
$mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
} else {
$mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
}
### SMTP server or native PHP mail() ?
if ($cformsSettings['form' . $no]['cforms' . $no . '_emailoff'] == '1' || $WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] != '21') {
$sentadmin = 1;
} else {
if ($smtpsettings[0] == '1') {
$sentadmin = cforms_phpmailer($no, $frommail, $field_email, $to, $vsubject, $message, $formdata, $htmlmessage, $htmlformdata);
} else {
$sentadmin = $mail->send();
}
}
if ($sentadmin == 1) {
### send copy or notification?
if ($cformsSettings['form' . $no]['cforms' . $no . '_confirm'] == '1' && $field_email != '' || $ccme && $trackf[$ccme] != '-') {
$frommail = check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track, $no);
### actual user message
$cmsg = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg']);
if (function_exists('my_cforms_logic')) {
$cmsg = my_cforms_logic($trackf, $cmsg, 'autoConfTXT');
}
$cmsg = check_default_vars($cmsg, $no);
$cmsg = check_cust_vars($cmsg, $track, $no);
### HTML text
$cmsghtml = '';
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 3, 1) == '1') {
$cmsghtml = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg_html']);
if (function_exists('my_cforms_logic')) {
$cmsghtml = my_cforms_logic($trackf, $cmsghtml, 'autoConfHTML');
}
$cmsghtml = check_default_vars($cmsghtml, $no);
$cmsghtml = check_cust_vars($cmsghtml, $track, $no);
}
### subject
$subject2 = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_csubject']);
$subject2 = check_default_vars($subject2, $no);
$subject2 = check_cust_vars($subject2, $track, $no);
### different cc & ac subjects?
$s = explode('$#$', $subject2);
$s[1] = $s[1] != '' ? $s[1] : $s[0];
### email tracking via 3rd party?
### if in Tell-A-Friend Mode, then overwrite header stuff...
if ($taf_youremail && $taf_friendsemail && $isTAF == '1') {
$field_email = "\"{$taf_friendsname}\" <{$taf_friendsemail}>";
} else {
$field_email = $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] != '' ? $field_email . $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] : $field_email;
}
$mail = new cf_mail($no, $frommail, $field_email, $replyto);
### auto conf attachment?
$a = $cformsSettings['form' . $no]['cforms' . $no . '_cattachment'][0];
$a = substr($a, 0, 1) == '/' ? $a : dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . $a;
if ($a != '' && file_exists($a)) {
$n = substr($a, strrpos($a, $cformsSettings['global']['cforms_IIS']) + 1, strlen($a));
$m = getMIME(strtolower(substr($n, strrpos($n, '.') + 1, strlen($n))));
$mail->add_file($a, $n, 'base64', $m);
### optional name
}
$mail->char_set = 'utf-8';
### CC or auto conf?
if ($ccme && $trackf[$ccme] != '-') {
if ($smtpsettings[0] == '1') {
$sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[1], $message, $formdata, $htmlmessage, $htmlformdata, 'ac');
} else {
$mail->subj = $s[1];
if ($mail->html_show_ac) {
$mail->is_html(true);
$mail->body = "<html>" . $mail->eol . "<body>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol;
$mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
} else {
$mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
}
$sent = $mail->send();
}
} else {
if ($smtpsettings[0] == '1') {
$sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[0], $cmsg, '', $cmsghtml, '', 'ac');
} else {
$mail->subj = $s[0];
if ($mail->html_show_ac) {
$mail->is_html(true);
$mail->body = "<html>" . $mail->eol . "<body>" . $cmsghtml . "</body></html>" . $mail->eol;
$mail->body_alt = $cmsg;
} else {
$mail->body = $cmsg;
}
$sent = $mail->send();
}
}
if ($sent != '1') {
$err = __('Error occurred while sending the auto confirmation message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sent : $mail->ErrorInfo;
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1);
return $pre . $err . '|!!!';
}
}
### cc
### return success msg
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1);
$successMsg = check_default_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success']), $no);
$successMsg = check_cust_vars($successMsg, $track, $no);
$successMsg = str_replace($mail->eol, '<br />', $successMsg);
### logic: possibly change usermessage
if (function_exists('my_cforms_logic')) {
$successMsg = my_cforms_logic($trackf, $successMsg, 'successMessage');
}
### WP-Comment: override
if ($WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] == '21') {
$successMsg = $WPresp;
}
$opt = '';
### hide?
if ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] || get_cforms_submission_left($no) == 0) {
$opt .= '|~~~';
}
### redirect to a different page on suceess?
if ($cformsSettings['form' . $no]['cforms' . $no . '_redirect']) {
if (function_exists('my_cforms_logic')) {
$red = my_cforms_logic($trackf, $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'], 'redirection');
if ($red != '') {
$opt .= '|>>>' . $red;
}
### use trackf!
} else {
$opt .= '|>>>' . $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'];
}
}
return $pre . $successMsg . $opt;
} else {
### no admin mail sent!
### return error msg
$err = __('Error occurred while sending the message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sentadmin : $mail->ErrorInfo;
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1);
return $pre . $err . '|!!!';
}
}
}
}
}
###
### have to upload a file?
###
global $file;
$file = '';
$i = 0;
if (isset($_FILES['cf_uploadfile' . $no]) && $all_valid) {
$file = $_FILES['cf_uploadfile' . $no];
foreach ($file[name] as $value) {
if (!empty($value)) {
### this will check if any blank field is entered
if (function_exists('my_cforms_logic')) {
$file[name][$i] = my_cforms_logic($_REQUEST, $_FILES['cf_uploadfile' . $no][name][$i], "filename");
}
$fileerr = '';
### A successful upload will pass this test. It makes no sense to override this one.
if ($file['error'][$i] > 0) {
$fileerr = $cformsSettings['global']['cforms_upload_err1'];
}
### A successful upload will pass this test. It makes no sense to override this one.
$fileext[$i] = strtolower(substr($value, strrpos($value, '.') + 1, strlen($value)));
$allextensions = explode(',', preg_replace('/\\s/', '', strtolower($cformsSettings['form' . $no]['cforms' . $no . '_upload_ext'])));
if ($cformsSettings['form' . $no]['cforms' . $no . '_upload_ext'] != '' && !in_array($fileext[$i], $allextensions)) {
$fileerr = $cformsSettings['global']['cforms_upload_err5'];
}
### A non-empty file will pass this test.
if (!($file['size'][$i] > 0)) {
$fileerr = $cformsSettings['global']['cforms_upload_err2'];
function cforms2_get_csv_tab($handle, $fnames, $where, $in_list, $sortBy, $sortOrder, $cformsSettings, $charset, $format = 'csv')
{
global $wpdb;
$results = $wpdb->get_results("SELECT ip, id, sub_date, form_id, field_name,field_val FROM {$wpdb->cformsdata},{$wpdb->cformssubmissions} WHERE sub_id=id {$where} {$in_list} ORDER BY {$sortBy} {$sortOrder}, f_id ASC");
//TODO check SQL injection
$br = "\n";
$buffer = array();
$body = '';
$sub_id = '';
$format = $format == "csv" ? "," : "\t";
$ipTab = $_GET['addip'] == 'true' ? $format : '';
$head = $_GET['header'] == 'true' ? $format . $format . $ipTab : '';
$last_n = '';
foreach ($results as $entry) {
if ($entry->field_name == 'page' || strpos($entry->field_name, 'Fieldset') !== false) {
continue;
}
$next_n = $entry->form_id == '' ? '1' : $entry->form_id;
if ($sub_id != $entry->id) {
### new record starts
if ($buffer[body] != '') {
if ($_GET['header'] == 'true' && $buffer[last_n] != $buffer[last2_n]) {
fwrite($handle, $buffer[head] . $br . $buffer[body] . $br);
} else {
fwrite($handle, $buffer[body] . $br);
}
}
$buffer[body] = $body;
### save 1 line
$buffer[head] = $head;
### save 1 line
$buffer[last2_n] = $buffer[last_n];
$buffer[last_n] = $last_n;
$body = '"' . __('Form', 'cforms2') . ': ' . cforms2_enc_data($fnames[$next_n], $charset) . '"' . $format . '"' . cforms2_enc_data($entry->sub_date, $charset) . '"' . $format . ($_GET['addip'] == 'true' ? $entry->ip . $format : '');
$head = $_GET['header'] == 'true' ? $format . $format . $ipTab : '';
$last_n = $next_n;
$sub_id = $entry->id;
}
$url = '';
$urlTab = '';
if ($_GET['addurl'] == 'true' && strpos($entry->field_name, '[*')) {
preg_match('/.*\\[\\*(.*)\\]$/i', $entry->field_name, $t);
$no = $t[1] == '' ? $entry->form_id : ($t[1] == 1 ? '' : $t[1]);
$urlTab = $format;
$entry->field_name = substr($entry->field_name, 0, strpos($entry->field_name, '[*'));
$t = explode('$#$', stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_upload_dir'])));
$fdir = $t[0];
$fdirURL = $t[1];
$subID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->id . '-';
if ($fdirURL == '') {
$plugindir = dirname(dirname(plugin_basename(__FILE__)));
$url = plugin_dir_url(__FILE__) . substr($fdir, strpos($fdir, $plugindir) + strlen($plugindir) + 1);
} else {
$url = $fdirURL;
}
$passID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->id;
$fileInfoArr = array('name' => strip_tags($entry->field_val), 'path' => $url, 'subID' => $passID);
if (function_exists('my_cforms_logic')) {
$fileInfoArr = my_cforms_logic($results, $fileInfoArr, 'fileDestinationTrackingPage');
}
if (!array_key_exists('modified', $fileInfoArr)) {
$fileInfoArr['name'] = $subID . $fileInfoArr['name'];
}
$url = $fileInfoArr['path'] . '/' . $fileInfoArr['name'] . $format;
}
$head .= $_GET['header'] == 'true' ? '"' . cforms2_enc_data(stripslashes($entry->field_name), $charset) . '"' . $format . $urlTab : '';
$body .= '"' . str_replace('"', '""', cforms2_enc_data(stripslashes($entry->field_val), $charset)) . '"' . $format . $url;
}
### foreach
### clean up buffer
if ($buffer[body] != '') {
if ($_GET['header'] == 'true' && $buffer[last_n] != $buffer[last2_n]) {
fwrite($handle, $buffer[head] . $br . $buffer[body] . $br);
} else {
fwrite($handle, $buffer[body] . $br);
}
}
### clean up last body
if ($_GET['header'] == 'true' && $buffer[last_n] != $next_n) {
fwrite($handle, $head . $br . $body . $br);
} else {
fwrite($handle, $body . $br);
}
return;
}
function cforms2($args = '', $no = '')
{
global $subID, $track, $cformsSettings, $trackf, $send2author;
$oldno = $no == '1' ? '' : $no;
### remeber old val, to reset session when in new MP form
##debug
cforms2_dbg("Original form on page #{$oldno}");
### multi page form: overwrite $no
$isWPcommentForm = substr($cformsSettings['form' . $oldno]['cforms' . $oldno . '_tellafriend'], 0, 1) == '2';
$isMPform = $cformsSettings['form' . $oldno]['cforms' . $oldno . '_mp']['mp_form'];
$isTAF = substr($cformsSettings['form' . $oldno]['cforms' . $oldno . '_tellafriend'], 0, 1);
##debug
cforms2_dbg("Comment form = {$isWPcommentForm}");
cforms2_dbg("Multi-page form = {$isMPform}");
if (isset($_SESSION) && isset($_SESSION['cforms']['current'])) {
cforms2_dbg("PHP Session = " . $_SESSION['cforms']['current']);
}
if ($isMPform && is_array($_SESSION['cforms']) && $_SESSION['cforms']['current'] > 0 && !$isWPcommentForm) {
cforms2_dbg("form no. rewrite from #{$no} to #") . $_SESSION['cforms']['current'];
$no = $_SESSION['cforms']['current'];
}
### Safety, in case someone uses '1' for the default form
$no = $no == '1' ? '' : $no;
##debug
cforms2_dbg("Switch to form #{$no}");
$moveBack = false;
### multi page form: reset button
if (isset($_REQUEST['resetbutton' . $no]) && is_array($_SESSION['cforms'])) {
$no = $oldno;
unset($_SESSION['cforms']);
$_SESSION['cforms']['current'] = 0;
$_SESSION['cforms']['first'] = $oldno;
$_SESSION['cforms']['pos'] = 1;
unset($_REQUEST);
##debug
cforms2_dbg("Reset-Button pressed");
} else {
### multi page form: back button
if (isset($_REQUEST['backbutton' . $no]) && isset($_SESSION['cforms']) && $_SESSION['cforms']['pos'] - 1 >= 0) {
$no = $_SESSION['cforms']['list'][$_SESSION['cforms']['pos']-- - 1];
$_SESSION['cforms']['current'] = $no;
$moveBack = true;
##debug
cforms2_dbg("Back-Button pressed");
} else {
### mp init: must be mp, first & not submitted!
if ($isMPform && !is_array($_SESSION['cforms']) && $cformsSettings['form' . $oldno]['cforms' . $oldno . '_mp']['mp_first']) {
//if( $isMPform && $cformsSettings['form'.$oldno]['cforms'.$oldno.'_mp']['mp_first'] && !isset($_REQUEST['sendbutton'.$no]) ){
##debug
cforms2_dbg("Current form is *first* MP-form");
cforms2_dbg("Session found, you're on the first form and session is reset!");
$no = $oldno == '1' ? '' : $oldno;
### restore old val
unset($_SESSION['cforms']);
$_SESSION['cforms']['current'] = 0;
$_SESSION['cforms']['first'] = $no;
$_SESSION['cforms']['pos'] = 1;
}
}
}
##debug
cforms2_dbg(print_r($_SESSION, 1));
### custom fields support
if (!(strpos($no, '+') === false)) {
$no = substr($no, 0, -1);
$customfields = cforms2_build_fstat($args);
$field_count = count($customfields);
$custom = true;
} else {
$custom = false;
$field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields'];
}
$content = '';
$err = 0;
$validations = array();
$all_valid = 1;
$off = 0;
$fieldsetnr = 1;
$c_errflag = false;
$custom_error = '';
$usermessage_class = '';
$usermessage_text = "";
$user = wp_get_current_user();
// TODO integrate this check better
$server_upload_size_error = false;
$displayMaxSize = ini_get('post_max_size');
if ($_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && empty($_FILES) && $_SERVER['CONTENT_LENGTH'] > 0) {
$server_upload_size_error = true;
$msgSize = $_SERVER['CONTENT_LENGTH'] / 1048576;
echo "<pre>Maximum size allowed:" . $displayMaxSize . "; size of your message:" . number_format((double) $msgSize, 2, '.', '') . "M</pre>";
}
### non Ajax method
if (isset($_REQUEST['sendbutton' . $no]) || $server_upload_size_error) {
require_once plugin_dir_path(__FILE__) . 'lib_nonajax.php';
$usermessage_class = $all_valid ? ' success' : ' failure';
}
### called from lib_WPcomments ?
if ($isWPcommentForm && $send2author) {
return $all_valid;
}
###
###
### paint form
###
###
$success = false;
### fix for WP Comment (loading after redirect)
if (isset($_GET['cfemail']) && $isWPcommentForm) {
$usermessage_class = ' success';
$success = true;
if ($_GET['cfemail'] == 'sent') {
$usermessage_text = preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success']));
} elseif ($_GET['cfemail'] == 'posted') {
$usermessage_text = preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['global']['cforms_commentsuccess']));
} else {
$usermessage_class = ' failure';
$success = false;
}
}
### either show info message above or below
$usermessage_text = cforms2_check_default_vars($usermessage_text, $no);
$usermessage_text = cforms2_check_cust_vars($usermessage_text, $track);
### logic: possibly change usermessage
if (function_exists('my_cforms_logic')) {
$usermessage_text = my_cforms_logic($trackf, $usermessage_text, 'successMessage');
}
$umc = $usermessage_class != '' && $no > 1 ? ' ' . $usermessage_class . $no : '';
##debug
cforms2_dbg("User info for form #{$no}");
### where to show message
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 0, 1) == 'y') {
$content .= '<div id="usermessage' . $no . 'a" class="cf_info' . $usermessage_class . $umc . ' ">' . $usermessage_text . '</div>';
$actiontarget = 'a';
} else {
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 1, 1) == 'y') {
$actiontarget = 'b';
}
}
### multi page form: overwrite $no, move on to next form
$oldcurrent = $no;
if ($all_valid && isset($_REQUEST['sendbutton' . $no])) {
$isMPformNext = false;
### default
$oldcurrent = $no;
##debug
cforms2_dbg("Form is all valid & sendbutton pressed.");
if ($isMPform && isset($_SESSION['cforms']) && $_SESSION['cforms']['current'] > 0 && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next'] != -1) {
$isMPformNext = true;
$no = cforms2_check_form_name($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next']);
##debug
cforms2_dbg("Session active and now moving on to form #{$no}");
### logic: possibly change next form
if (function_exists('my_cforms_logic')) {
$no = my_cforms_logic($trackf, $no, "nextForm");
}
### use trackf!
$oldcurrent = $_SESSION['cforms']['current'];
$_SESSION['cforms']['current'] = $no == '' ? 1 : $no;
$field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields'];
} elseif ($isMPform && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next'] == -1) {
##debug
cforms2_dbg("Session was active but is being reset now");
$oldcurrent = $no;
$no = $_SESSION['cforms']['first'];
unset($_SESSION['cforms']);
$_SESSION['cforms']['current'] = 0;
$_SESSION['cforms']['first'] = $no;
$_SESSION['cforms']['pos'] = 1;
$field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields'];
} else {
unset($_SESSION['cforms']);
$_SESSION['cforms']['current'] = 0;
$_SESSION['cforms']['first'] = $no;
$_SESSION['cforms']['pos'] = 1;
}
} else {
unset($_SESSION['cforms']);
$_SESSION['cforms']['current'] = 0;
$_SESSION['cforms']['first'] = $no;
$_SESSION['cforms']['pos'] = 1;
}
##debug
cforms2_dbg("All good, currently on form #{$no}, [current]=" . $_SESSION['cforms']['current']);
##debug
cforms2_dbg(print_r($_SESSION, 1));
cforms2_dbg(print_r($track, 1));
### redirect == 2 : hide form? || or if max entries reached! w/ SESSION support if#2
if ($all_valid && ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] && isset($_REQUEST['sendbutton' . $no]) || $cformsSettings['form' . $oldcurrent]['cforms' . $oldcurrent . '_hide'] && isset($_REQUEST['sendbutton' . $oldcurrent]))) {
return $content;
} else {
if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && cforms2_get_submission_left($no) <= 0 || !cforms2_check_time($no)) {
global $cflimit;
if ($cflimit == "reached") {
return stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt']);
} else {
return $content . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt']);
}
}
}
### alternative form action
$alt_action = false;
if ($cformsSettings['form' . $no]['cforms' . $no . '_action'] == '1') {
$action = $cformsSettings['form' . $no]['cforms' . $no . '_action_page'];
$alt_action = true;
} else {
if ($isWPcommentForm) {
$action = admin_url('admin-ajax.php');
} else {
$action = cforms2_get_current_page() . '#usermessage' . $no . $actiontarget;
}
}
$enctype = $cformsSettings['form' . $no]['cforms' . $no . '_formaction'] ? 'enctype="application/x-www-form-urlencoded"' : 'enctype="multipart/form-data"';
### start with form tag
$content .= '<form ' . $enctype . ' action="' . $action . '" method="post" class="cform ' . sanitize_title_with_dashes($cformsSettings['form' . $no]['cforms' . $no . '_fname']) . ' ' . ($cformsSettings['form' . $no]['cforms' . $no . '_dontclear'] ? ' cfnoreset' : '') . '" id="cforms' . $no . 'form">';
### Session item counter (for default values)
$sItem = 1;
### start with no fieldset
$fieldsetopen = false;
$captcha = false;
$upload = false;
$fscount = 1;
$ol = false;
$inpFieldArr = array();
// for var[] type input fields
for ($i = 1; $i <= $field_count; $i++) {
if (!$custom) {
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . $i]);
} else {
$field_stat = explode('$#$', $customfields[$i - 1]);
}
$field_name = $field_stat[0];
$field_type = $field_stat[1];
$field_required = $field_stat[2];
$field_emailcheck = $field_stat[3];
$field_clear = $field_stat[4];
$field_disabled = $field_stat[5];
$field_readonly = $field_stat[6];
### ommit certain fields
if (in_array($field_type, array('cauthor', 'url', 'email')) && $user->ID) {
continue;
}
### check for html5 attributes
$obj = explode('|html5:', $field_name, 2);
$obj[] = "";
$html5 = $obj[1] != '' ? preg_split('/\\x{00A4}/u', $obj[1], -1) : '';
###debug
cforms2_dbg("\t\t html5 check, settings = " . print_r($html5, 1));
### check for custom err message and split field_name
$obj = explode('|err:', $obj[0], 2);
$obj[] = "";
$fielderr = $obj[1];
###debug
cforms2_dbg("\t adding {$field_type} field: {$field_name}");
if ($fielderr != '') {
switch ($field_type) {
case 'upload':
$custom_error .= 'cf_uploadfile' . $no . '-' . $i . '$#$' . $fielderr . '|';
break;
case 'captcha':
$custom_error .= 'cforms_captcha' . $no . '$#$' . $fielderr . '|';
break;
case "cauthor":
case "url":
case "email":
case "comment":
$custom_error .= $field_type . '$#$' . $fielderr . '|';
break;
default:
preg_match('/^([^#\\|]*).*/', $field_name, $input_name);
if (strpos($input_name[1], '[id:') > 0) {
preg_match('/\\[id:(.+)\\]/', $input_name[1], $input_name);
}
$custom_error .= $cformsSettings['form' . $no]['cforms' . $no . '_customnames'] == '1' ? cforms2_sanitize_ids($input_name[1]) : 'cf' . $no . '_field_' . $i;
$custom_error .= '$#$' . $fielderr . '|';
}
}
### check for title attrib
$obj = explode('|title:', $obj[0], 2);
$obj[] = "";
$fieldTitle = $obj[1] != '' ? str_replace('"', '"', stripslashes($obj[1])) : '';
###debug
cforms2_dbg("\t\t title check, obj[0] = " . $obj[0]);
### special treatment for selectboxes
if (in_array($field_type, array('multiselectbox', 'selectbox', 'radiobuttons', 'send2author', 'checkbox', 'checkboxgroup', 'ccbox', 'emailtobox'))) {
$chkboxClicked = array();
if (in_array($field_type, array('checkbox', 'ccbox')) && strpos($obj[0], '|set:') > 1) {
$chkboxClicked = explode('|set:', stripslashes($obj[0]));
$obj[0] = $chkboxClicked[0];
}
$chkboxClicked[] = "";
$chkboxClicked[] = "";
###debug
cforms2_dbg("\t\t found checkbox:, obj[0] = " . $obj[0]);
$options = explode('#', stripslashes($obj[0]));
if (in_array($field_type, array('checkbox', 'ccbox'))) {
$field_name = $options[0] == '' ? $options[1] : $options[0];
} else {
$field_name = $options[0];
}
###debug
cforms2_dbg("\t\t left from '#' (=field_name) = " . $options[0] . ", right from '#': " . $options[1] . " -> field_name= {$field_name}");
}
### check if fieldset is open
if (!$fieldsetopen && !$ol && $field_type != 'fieldsetstart') {
$content .= '<ol class="cf-ol">';
$ol = true;
}
$defaultvalue = '';
### setting the default val & regexp if it exists
if (!in_array($field_type, array('fieldsetstart', 'fieldsetend', 'radiobuttons', 'send2author', 'checkbox', 'checkboxgroup', 'ccbox', 'emailtobox', 'multiselectbox', 'selectbox'))) {
### check if default val & regexp are set
$obj = explode('|', $obj[0], 3);
$obj[] = "";
$obj[] = "";
if ($obj[2] != '') {
$reg_exp = str_replace('"', '"', stripslashes($obj[2]));
} else {
$reg_exp = '';
}
if ($obj[1] != '') {
$defaultvalue = str_replace(array('"', '\\n'), array('"', "\r"), cforms2_check_default_vars(stripslashes($obj[1]), $no));
}
$field_name = $obj[0];
}
### label ID's
$labelIDx = '';
$labelID = $cformsSettings['global']['cforms_labelID'] == '1' ? ' id="label-' . $no . '-' . $i . '"' : '';
### <li> ID's
$liID = $cformsSettings['global']['cforms_liID'] == '1' || substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) == "y" || substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) == "y" ? ' id="li-' . $no . '-' . $i . '"' : '';
### input field names & label
$isFieldArray = false;
if ($cformsSettings['form' . $no]['cforms' . $no . '_customnames'] == '1') {
if (strpos($field_name, '[id:') !== false) {
$isFieldArray = strpos($field_name, '[]');
$idPartA = strpos($field_name, '[id:');
$idPartB = strrpos($field_name, ']', $idPartA);
if ($isFieldArray) {
$input_id = $input_name = cforms2_sanitize_ids(substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4));
if (!$inpFieldArr[$input_id] || $inpFieldArr[$input_id] == '') {
$inpFieldArr[$input_id] = 1;
}
$input_id .= $inpFieldArr[$input_id]++;
$input_name .= '[]';
} else {
$input_id = $input_name = cforms2_sanitize_ids(substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4));
}
$field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1);
###debug
cforms2_dbg("\t \t parsing custom ID/NAME...new field_name = {$field_name}, ID={$input_id}");
} else {
$input_id = $input_name = cforms2_sanitize_ids(stripslashes($field_name));
}
} else {
$input_id = $input_name = 'cf' . $no . '_field_' . $i;
}
$field_class = '';
$field_value = '';
$captchas = cforms2_get_pluggable_captchas();
if (array_key_exists($field_type, $captchas) && is_user_logged_in() && !$captchas[$field_type]->check_authn_users()) {
continue;
}
switch ($field_type) {
case 'captcha':
if (is_user_logged_in() && $cformsSettings['global']['cforms_captcha_def']['fo'] != '1') {
continue 2;
}
$input_id = $input_name = 'cforms_captcha' . $no;
break;
case 'upload':
$input_id = $input_name = 'cf_uploadfile' . $no . '-' . $i;
$field_class = 'upload';
break;
case "send2author":
case "email":
case "cauthor":
case "url":
$input_id = $input_name = $field_type;
case "datepicker":
case "yourname":
case "youremail":
case "friendsname":
case "friendsemail":
case "textfield":
case "pwfield":
$field_class = 'single';
break;
case "hidden":
$field_class = 'hidden';
break;
case 'comment':
$input_id = $input_name = $field_type;
$field_class = 'area';
break;
case 'textarea':
$field_class = 'area';
break;
default:
}
### additional field classes
if ($field_disabled) {
$field_class .= ' disabled';
}
if ($field_readonly) {
$field_class .= ' readonly';
}
if ($field_emailcheck) {
$field_class .= ' fldemail';
}
if ($field_required) {
$field_class .= ' fldrequired';
}
### error ?
$liERR = $insertErr = '';
### only for mp forms
if ($moveBack || $isMPform) {
// $isMPformNext
$field_value = htmlspecialchars(stripslashes($_SESSION['cforms']['cf_form' . $no][$_SESSION['cforms']['cf_form' . $no]['$$$' . $sItem++]]));
cforms2_dbg('retrieving session values to pre-fill...' . $field_value);
}
if (!$all_valid) {
### errors...
if (!$server_upload_size_error && $validations[$i] != 1) {
$field_class .= ' cf_error';
### enhanced error display
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) == "y") {
$liERR = 'cf_li_err';
}
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) == "y") {
$insertErr = $fielderr != '' ? '<ul class="cf_li_text_err"><li>' . stripslashes($fielderr) . '</li></ul>' : '';
}
}
if (!isset($_REQUEST[$input_name])) {
$_REQUEST[$input_name] = '';
}
### the field could not be there at all
if ($field_type == 'multiselectbox' || $field_type == 'checkboxgroup') {
$field_value = $_REQUEST[$input_name];
} else {
$field_value = htmlspecialchars(stripslashes($_REQUEST[$input_name]));
}
} else {
if (!isset($_REQUEST['sendbutton' . $no]) && isset($_REQUEST[$input_name]) || $cformsSettings['form' . $no]['cforms' . $no . '_dontclear']) {
### only pre-populating fields...
if ($field_type == 'multiselectbox' || $field_type == 'checkboxgroup') {
$field_value = $_REQUEST[$input_name];
} else {
$field_value = htmlspecialchars(stripslashes($_REQUEST[$input_name]));
}
}
}
### print label only for non "textonly" fields! Skip some others too, and handle them below indiv.
$standard_field = !in_array($field_type, array('hidden', 'textonly', 'fieldsetstart', 'fieldsetend', 'ccbox', 'checkbox', 'checkboxgroup', 'send2author', 'radiobuttons'));
if ($standard_field) {
$content .= '<li' . $liID . ' class="' . $liERR . '">' . $insertErr;
if (!in_array($field_type, array_keys($captchas))) {
$content .= '<label' . $labelID . ' for="' . $input_id . '"' . ($field_type == 'captcha' ? ' class="seccap"' : '') . '><span>' . stripslashes($field_name) . '</span></label>';
}
}
### if not reloaded (due to err) then use default values
if ($field_value == '' && $defaultvalue != '') {
$field_value = $defaultvalue;
}
### field disabled or readonly, greyed out?
$disabled = $field_disabled ? ' disabled="disabled"' : '';
$readonly = $field_readonly ? ' readonly="readonly"' : '';
### add input field
$dp = '';
$field = '';
$val = '';
$force_checked = false;
$cookieset = '';
if (array_key_exists($field_type, $captchas)) {
$req = $captchas[$field_type]->get_request('secinput ' . $field_class, $fieldTitle);
$field = $req['html'] . '<input type="hidden" name="' . $field_type . '/hint" value="' . rawurlencode($req['hint']) . '"/>';
} else {
switch ($field_type) {
case "upload":
$upload = true;
### set upload flag for ajax suppression!
$field = '<input' . $readonly . $disabled . ' type="file" name="cf_uploadfile' . $no . '[]" id="cf_uploadfile' . $no . '-' . $i . '" class="cf_upload ' . $field_class . '" title="' . $fieldTitle . '"/>';
break;
case "textonly":
$field .= '<li' . $liID . ' class="textonly' . ($defaultvalue != '' ? ' ' . $defaultvalue : '') . '"' . ($reg_exp != '' ? ' style="' . $reg_exp . '" ' : '') . '>' . stripslashes($field_name) . '</li>';
break;
case "fieldsetstart":
if ($fieldsetopen) {
$field = '</ol></fieldset>';
$fieldsetopen = false;
$ol = false;
}
if (!$fieldsetopen) {
if ($ol) {
$field = '</ol>';
}
$field .= '<fieldset class="cf-fs' . $fscount++ . '">' . '<legend>' . stripslashes($field_name) . '</legend>' . '<ol class="cf-ol">';
$fieldsetopen = true;
$ol = true;
}
break;
case "fieldsetend":
if ($fieldsetopen) {
$field = '</ol></fieldset>';
$fieldsetopen = false;
$ol = false;
} else {
$field = '';
}
break;
case "captcha":
$field = '<input type="text" name="' . $input_name . '" id="cforms_captcha' . $no . '" class="secinput' . $field_class . '" title="' . $fieldTitle . '"/>' . '<img id="cf_captcha_img' . $no . '" class="captcha" src="#" alt=""/><script type="text/javascript">jQuery(function() {reset_captcha(' . $no . ');});</script>' . '<a title="' . __('reset captcha image', 'cforms') . '" href="javascript:reset_captcha(\'' . $no . '\')"><img class="captcha-reset" src="' . plugin_dir_url(__FILE__) . 'images/spacer.gif" alt="Captcha"/></a>';
$captcha = true;
break;
case "cauthor":
$cookieset = 'comment_author_' . COOKIEHASH;
case "url":
$cookieset = $cookieset == '' ? 'comment_author_url_' . COOKIEHASH : $cookieset;
case "email":
$cookieset = $cookieset == '' ? 'comment_author_email_' . COOKIEHASH : $cookieset;
$field_value = $_COOKIE[$cookieset] != '' ? $_COOKIE[$cookieset] : $field_value;
case "datepicker":
case "yourname":
case "youremail":
case "friendsname":
case "friendsemail":
case "textfield":
case "pwfield":
case "html5color":
case "html5date":
case "html5datetime":
case "html5datetime-local":
case "html5email":
case "html5month":
case "html5number":
case "html5range":
case "html5search":
case "html5tel":
case "html5time":
case "html5url":
case "html5week":
$field_value = cforms2_check_post_vars($field_value);
$h5 = '';
if (strpos($field_type, 'tml5') !== false) {
$type = substr($field_type, 5);
if (is_array($html5)) {
$h5_0 = $html5[0] == '1' ? ' autocomplete="on"' : '';
$h5_1 = $html5[1] == '1' ? ' autofocus ="autofocus"' : '';
$h5_2 = $html5[2] != '' ? ' min="' . $html5[2] . '"' : '';
$h5_3 = $html5[3] != '' ? ' max="' . $html5[3] . '"' : '';
$h5_4 = $html5[4] != '' ? ' pattern="' . $html5[4] . '"' : '';
$h5_5 = $html5[5] != '' ? ' step="' . $html5[5] . '"' : '';
$h5_6 = $html5[6] != '' ? ' placeholder="' . $html5[6] . '"' : '';
$h5 = $h5_0 . $h5_1 . $h5_2 . $h5_3 . $h5_4 . $h5_5 . $h5_6;
}
$h5_7 = $field_required ? ' required="required"' : '';
$h5 .= $h5_7 . ' ';
###debug
cforms2_dbg('......html5 attributes: ' . $h5);
} else {
$type = $field_type == 'pwfield' ? 'password' : 'text';
}
$field_class = $field_type == 'datepicker' ? $field_class . ' cf_date' : $field_class;
$onfocus = $field_clear ? ' onfocus="clearField(this)" onblur="setField(this)"' : '';
$field = '<input' . $h5 . $readonly . $disabled . ' type="' . $type . '" name="' . $input_name . '" id="' . $input_id . '" class="' . $field_class . '" value="' . $field_value . '"' . $onfocus . ' title="' . $fieldTitle . '"/>';
if ($reg_exp != '') {
$field .= '<input type="hidden" name="' . $input_name . '_regexp" id="' . $input_id . '_regexp" value="' . $reg_exp . '" title="' . $fieldTitle . '"/>';
}
$field .= $dp;
break;
case "hidden":
$field_value = cforms2_check_post_vars($field_value);
$field_value = cforms2_check_default_vars($field_value, $no);
if (preg_match('/^<([a-zA-Z0-9]+)>$/', $field_value, $getkey)) {
$field_value = $_GET[$getkey[1]];
}
$field .= '<li class="cf_hidden"><input type="hidden" class="cfhidden" name="' . $input_name . '" id="' . $input_id . '" value="' . $field_value . '" title="' . $fieldTitle . '"/></li>';
break;
case "comment":
case "textarea":
$onfocus = $field_clear ? ' onfocus="clearField(this)" onblur="setField(this)"' : '';
$field = '<textarea' . $readonly . $disabled . ' cols="30" rows="8" name="' . $input_name . '" id="' . $input_id . '" class="' . $field_class . '"' . $onfocus . ' title="' . $fieldTitle . '">' . $field_value . '</textarea>';
if ($reg_exp != '') {
$field .= '<input type="hidden" name="' . $input_name . '_regexp" id="' . $input_id . '_regexp" value="' . $reg_exp . '" title="' . $fieldTitle . '"/>';
}
break;
case "ccbox":
case "checkbox":
if (!$all_valid || $all_valid && $cformsSettings['form' . $no]['cforms' . $no . '_dontclear'] || $isMPform && is_array($_SESSION['cforms']['cf_form' . $no])) {
//exclude MP! if first time on the form = array = null
$preChecked = $field_value && $field_value != '' ? ' checked="checked"' : '';
} else {
$preChecked = strpos($chkboxClicked[1], 'true') !== false ? ' checked="checked"' : '';
}
// $all_valid = user choice prevails
$err = '';
if (!$server_upload_size_error && !$all_valid && $validations[$i] != 1) {
$err = ' cf_errortxt';
}
$opt = explode('|', $field_name, 2);
$opt[] = "";
if ($options[1] != '') {
### $options = explode('#', stripslashes($obj[0]) ) (line 476)
$before = '<li' . $liID . ' class="' . $liERR . '">' . $insertErr;
$after = '<label' . $labelID . ' for="' . $input_id . '" class="cf-after' . $err . '"><span>' . $opt[0] . '</span></label></li>';
$ba = 'a';
} else {
$before = '<li' . $liID . ' class="' . $liERR . '">' . $insertErr . '<label' . $labelID . ' for="' . $input_name . '" class="cf-before' . $err . '"><span>' . $opt[0] . '</span></label>';
$after = '</li>';
$ba = 'b';
}
### if | val provided, then use "X"
if ($val == '') {
$val = $opt[1] != '' ? ' value="' . $opt[1] . '"' : '';
}
$field = $before . '<input' . $readonly . $disabled . ' type="checkbox" name="' . $input_name . '" id="' . $input_id . '" class="cf-box-' . $ba . $field_class . '"' . $val . ' title="' . $fieldTitle . '"' . $preChecked . '/>' . $after;
break;
case "checkboxgroup":
$liID_b = $liID != '' ? substr($liID, 0, -1) . 'items"' : '';
array_shift($options);
$field .= '<li' . $liID . ' class="cf-box-title">' . $field_name . '</li>' . '<li' . $liID_b . ' class="cf-box-group">';
$id = 1;
$j = 0;
### mp session support
if (($moveBack || $isMPform) && !is_array($field_value)) {
$field_value = explode(',', $field_value);
}
foreach ($options as $option) {
### supporting names & values
$boxPreset = explode('|set:', $option);
$opt = explode('|', $boxPreset[0], 2);
if ($opt[1] == '') {
$opt[1] = $opt[0];
}
$checked = '';
if ($moveBack || $isMPform) {
//$isMPformNext
if (in_array($opt[1], array_values($field_value))) {
$checked = 'checked="checked"';
}
} elseif (is_array($field_value)) {
if ($opt[1] == htmlspecialchars(stripslashes(strip_tags($field_value[$j])))) {
$checked = 'checked="checked"';
$j++;
}
} else {
if (strpos($boxPreset[1], 'true') !== false) {
$checked = ' checked="checked"';
}
}
$brackets = $isFieldArray ? '' : '[]';
if ($labelID != '') {
$labelIDx = substr($labelID, 0, -1) . $id . '"';
}
if ($opt[0] == '') {
$field .= '<br />';
} else {
$field .= '<input' . $readonly . $disabled . ' type="checkbox" id="' . $input_id . '-' . $id . '" name="' . $input_name . $brackets . '" value="' . $opt[1] . '" ' . $checked . ' class="cf-box-b" title="' . $fieldTitle . '"/>' . '<label' . $labelIDx . ' for="' . $input_id . '-' . $id++ . '" class="cf-group-after"><span>' . $opt[0] . "</span></label>";
}
}
$field .= '</li>';
break;
case "multiselectbox":
$field .= '<select' . $readonly . $disabled . ' multiple="multiple" name="' . $input_name . '[]" id="' . $input_id . '" class="cfselectmulti ' . $field_class . '" title="' . $fieldTitle . '">';
array_shift($options);
$j = 0;
### mp session support
if ($moveBack || $isMPform) {
//$isMPformNext
$field_value = explode(',', $field_value);
}
foreach ($options as $option) {
### supporting names & values
$optPreset = explode('|set:', $option);
$opt = explode('|', $optPreset[0], 2);
if ($opt[1] == '') {
$opt[1] = $opt[0];
}
$checked = '';
if ($moveBack || $isMPform) {
if (in_array($opt[1], array_values($field_value))) {
$checked = 'selected="selected"';
}
} elseif (is_array($field_value)) {
if ($opt[1] == stripslashes(htmlspecialchars(strip_tags($field_value[$j])))) {
$checked = ' selected="selected"';
$j++;
}
} else {
if (strpos($optPreset[1], 'true') !== false) {
$checked = ' selected="selected"';
}
}
$field .= '<option value="' . str_replace('"', '"', $opt[1]) . '"' . $checked . '>' . $opt[0] . '</option>';
}
$field .= '</select>';
break;
case "emailtobox":
case "selectbox":
$field = '<select' . $readonly . $disabled . ' name="' . $input_name . '" id="' . $input_id . '" class="cformselect' . $field_class . '" title="' . $fieldTitle . '">';
array_shift($options);
$jj = $j = 0;
foreach ($options as $option) {
### supporting names & values
$optPreset = explode('|set:', $option);
$optPreset[] = "";
$opt = explode('|', $optPreset[0], 2);
$opt[] = "";
if ($opt[1] == '') {
$opt[1] = $opt[0];
}
### email-to-box valid entry?
if ($field_type == 'emailtobox' && $opt[1] != '-') {
$jj = $j;
} else {
$jj = '-';
}
$j++;
$checked = '';
if ($field_value == '' || $field_value == '-') {
if (strpos($optPreset[1], 'true') !== false) {
$checked = ' selected="selected"';
}
} else {
if ($opt[1] == $field_value || $jj == $field_value) {
$checked = ' selected="selected"';
}
}
$field .= '<option value="' . ($field_type == 'emailtobox' ? $jj : $opt[1]) . '"' . $checked . '>' . $opt[0] . '</option>';
}
$field .= '</select>';
break;
case "send2author":
$force_checked = strpos($field_stat[0], '|set:') === false ? true : false;
case "radiobuttons":
$liID_b = $liID != '' ? substr($liID, 0, -1) . 'items"' : '';
### only if label ID's active
array_shift($options);
$field .= '<li' . $liID . ' class="' . $liERR . ' cf-box-title">' . $insertErr . $field_name . '</li>' . '<li' . $liID_b . ' class="cf-box-group">';
$id = 1;
foreach ($options as $option) {
$checked = '';
### supporting names & values
$radioPreset = explode('|set:', $option);
$opt = explode('|', $radioPreset[0], 2);
$opt[] = "";
if ($opt[1] == '') {
$opt[1] = $opt[0];
}
if ($field_value == '') {
if (strpos($radioPreset[1], 'true') !== false || $force_checked && $id == 1) {
$checked = ' checked="checked"';
}
} else {
if ($opt[1] == $field_value) {
$checked = ' checked="checked"';
}
}
if ($labelID != '') {
$labelIDx = substr($labelID, 0, -1) . $id . '"';
}
if ($opt[0] == '') {
$field .= '<br />';
} else {
$field .= '<input' . $readonly . $disabled . ' type="radio" id="' . $input_id . '-' . $id . '" name="' . $input_name . '" value="' . $opt[1] . '"' . $checked . ' class="cf-box-b' . ($field_required ? ' fldrequired' : '') . '" title="' . $fieldTitle . '"/>' . '<label' . $labelIDx . ' for="' . $input_id . '-' . $id++ . '" class="cf-after"><span>' . $opt[0] . "</span></label>";
}
}
$field .= '</li>';
break;
}
}
### debug
cforms2_dbg("Form setup: {$field_type}, val={$field_value}, default={$defaultvalue}");
### add new field
$content .= $field;
### adding "required" text if needed
if ($field_emailcheck == 1) {
$content .= '<span class="emailreqtxt">' . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_emailrequired']) . '</span>';
} else {
if ($field_required == 1 && !in_array($field_type, array('ccbox', 'checkbox', 'radiobuttons'))) {
$content .= '<span class="reqtxt">' . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_required']) . '</span>';
}
}
### close out li item
if ($standard_field) {
$content .= '</li>';
}
}
### all fields
### close any open tags
if ($ol) {
$content .= '</ol>';
}
if ($fieldsetopen) {
$content .= '</fieldset>';
}
### rest of the form
if ($cformsSettings['form' . $no]['cforms' . $no . '_ajax'] == '1' && !$upload && !$custom && !$alt_action) {
$ajaxenabled = ' onclick="return cforms_validate(\'' . $no . '\', false)"';
} else {
if (($upload || $custom || $alt_action) && $cformsSettings['form' . $no]['cforms' . $no . '_ajax'] == '1') {
$ajaxenabled = ' onclick="return cforms_validate(\'' . $no . '\', true)"';
} else {
$ajaxenabled = '/>' . '<input type="hidden" name="action" value="submitcomment_direct"/>' . '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce('submitcomment_direct') . '"';
}
}
### just to appease html "strict"
$content .= '<fieldset class="cf_hidden"><legend> </legend>';
### custom error
$custom_error = substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) . substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) . substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 4, 1) . $custom_error;
### TAF or WP comment or Extra Fields
if ((int) $isTAF > 0) {
$nono = $isWPcommentForm ? '' : $no;
if ($isWPcommentForm) {
$content .= '<input type="hidden" name="comment_parent" id="comment_parent" value="' . ($_REQUEST['replytocom'] != '' ? $_REQUEST['replytocom'] : '0') . '"/>';
}
$content .= '<input type="hidden" name="comment_post_ID' . $nono . '" id="comment_post_ID' . $nono . '" value="' . (isset($_GET['pid']) ? $_GET['pid'] : get_the_ID()) . '"/>' . '<input type="hidden" name="cforms_pl' . $no . '" id="cforms_pl' . $no . '" value="' . (isset($_GET['pid']) ? get_permalink($_GET['pid']) : get_permalink()) . '"/>';
}
$content .= '<input type="hidden" name="cf_working' . $no . '" id="cf_working' . $no . '" value="<span>' . rawurlencode($cformsSettings['form' . $no]['cforms' . $no . '_working']) . '</span>"/>' . '<input type="hidden" name="cf_failure' . $no . '" id="cf_failure' . $no . '" value="<span>' . rawurlencode($cformsSettings['form' . $no]['cforms' . $no . '_failure']) . '</span>"/>' . '<input type="hidden" name="cf_codeerr' . $no . '" id="cf_codeerr' . $no . '" value="<span>' . rawurlencode($cformsSettings['global']['cforms_codeerr']) . '</span>"/>' . '<input type="hidden" name="cf_customerr' . $no . '" id="cf_customerr' . $no . '" value="' . rawurlencode($custom_error) . '"/>' . '<input type="hidden" name="cf_popup' . $no . '" id="cf_popup' . $no . '" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_popup'] . '"/>';
$content .= '</fieldset>';
### multi page form: reset
$reset = '';
if ($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_form'] && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_reset']) {
$reset = '<input tabindex="999" type="submit" name="resetbutton' . $no . '" id="resetbutton' . $no . '" class="resetbutton" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_resettext'] . '" onclick="return confirm(\'' . __('Note: This will reset all your input!', 'cforms') . '\')">';
}
### multi page form: back
$back = '';
if ($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_form'] && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_back'] && !$cformsSettings['form' . $oldno]['cforms' . $no . '_mp']['mp_first']) {
$back = '<input type="submit" name="backbutton' . $no . '" id="backbutton' . $no . '" class="backbutton" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_backtext'] . '">';
}
$content .= '<p class="cf-sb">' . $reset . $back . '<input type="submit" name="sendbutton' . $no . '" id="sendbutton' . $no . '" class="sendbutton" value="' . stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_submit_text'])) . '"' . $ajaxenabled . '/></p>';
if ($isWPcommentForm) {
ob_start();
do_action('comment_form', get_the_ID());
$content .= ob_get_clean();
}
$content .= '</form>';
### either show message above or below
$usermessage_text = cforms2_check_default_vars($usermessage_text, $no);
$usermessage_text = cforms2_check_cust_vars($usermessage_text, $track);
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 1, 1) == 'y' && !($success && $cformsSettings['form' . $no]['cforms' . $no . '_hide'])) {
$content .= '<div id="usermessage' . $no . 'b" class="cf_info ' . $usermessage_class . $umc . '" >' . $usermessage_text . '</div>';
}
### debug
cforms2_dbg("(cforms) Last stop..." . print_r($_SESSION, 1));
return $content;
}
function cforms2_submitcomment()
{
check_admin_referer('submitcomment');
global $cformsSettings, $wpdb, $subID, $track, $trackf, $Ajaxpid, $AjaxURL, $WPresp, $commentparent;
header('Content-Type: text/plain');
$content = '';
if (isset($_POST['rsargs'])) {
$content = $_POST['rsargs'];
}
$WPsuccess = false;
$content = explode('+++', $content);
### Added special fields
if (count($content) > 3) {
$commentparent = $content[1];
$Ajaxpid = $content[2];
$AjaxURL = $content[3];
} else {
$Ajaxpid = $content[1];
$AjaxURL = $content[2];
}
$segments = explode('$#$', $content[0]);
$params = array();
$user = wp_get_current_user();
for ($i = 1; $i <= sizeof($segments); $i++) {
$params['field_' . $i] = $segments[$i];
}
### fix reference to first form
if ($segments[0] == '1') {
$params['id'] = $no = '';
} else {
$params['id'] = $no = $segments[0];
}
### TAF flag
$isTAF = substr($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'], 0, 1);
### user filter ?
if (function_exists('my_cforms_ajax_filter')) {
my_cforms_ajax_filter($params);
}
### init variables
$track = array();
$trackinstance = array();
$to_one = -1;
$ccme = false;
$field_email = '';
$off = 0;
$fieldsetnr = 1;
$taf_youremail = false;
$taf_friendsemail = false;
### form limit reached
if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && cforms2_get_submission_left($no) == 0 || !cforms2_check_time($no)) {
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1);
echo $pre . preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt']));
die;
}
$captchaopt = $cformsSettings['global']['cforms_captcha_def'];
for ($i = 1; $i <= sizeof($params) - 2; $i++) {
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
while (in_array($field_stat[1], array('fieldsetstart', 'fieldsetend', 'textonly', 'captcha', 'verification'))) {
if ($field_stat[1] == 'captcha' && !(is_user_logged_in() && $captchaopt['fo'] != '1')) {
break;
}
if (cforms2_check_pluggable_captchas_authn_users($field_stat[1])) {
break;
}
if ($field_stat[1] == 'fieldsetstart') {
$track['$$$' . ((int) $i + (int) $off)] = 'Fieldset' . $fieldsetnr;
$track['Fieldset' . $fieldsetnr++] = $field_stat[0];
} elseif ($field_stat[1] == 'fieldsetend') {
$track['FieldsetEnd' . $fieldsetnr++] = '--';
}
### get next in line...
$off++;
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
if ($field_stat[1] == '') {
break 2;
}
### all fields searched, break both while & for
}
### filter all redundant WP comment fields if user is logged in
while (in_array($field_stat[1], array('cauthor', 'email', 'url')) && $user->ID) {
$temp = explode('|', $field_stat[0], 3);
### get field name
$temp = explode('#', $temp[0], 2);
switch ($field_stat[1]) {
case 'cauthor':
$track['cauthor'] = $track[$temp[0]] = $user->display_name;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
case 'email':
$track['email'] = $track[$temp[0]] = $field_email = $user->user_email;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
case 'url':
$track['url'] = $track[$temp[0]] = $user->user_url;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
}
$off++;
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
if ($field_stat[1] == '') {
break 2;
}
### all fields searched, break both while & for
}
$field_name = $field_stat[0];
$field_type = $field_stat[1];
### remove [id: ] first
if (strpos($field_name, '[id:') !== false) {
preg_match('/^([^\\[]*)\\[id:([^\\|\\]]+(\\[\\])?)\\]([^\\|]*).*/', $field_name, $input_name);
// author: cbacchini
$field_name = $input_name[1] . $input_name[4];
$customTrackingID = cforms2_sanitize_ids($input_name[2]);
} else {
$customTrackingID = '';
}
### dissect field
$obj = explode('|', $field_name, 3);
### strip out default value
$field_name = $obj[0];
### special WP comment fields
if (in_array($field_stat[1], array('cauthor', 'email', 'url', 'comment', 'send2author'))) {
$temp = explode('#', $field_name, 2);
if ($temp[0] == '') {
$field_name = $field_stat[1];
} else {
$field_name = $temp[0];
}
### keep copy of values
$track[$field_stat[1]] = stripslashes($params['field_' . $i]);
if ($field_stat[1] == 'email') {
$field_email = $params['field_' . $i];
}
}
### special Tell-A-Friend fields
if ($taf_friendsemail == '' && $field_type == 'friendsemail' && $field_stat[3] == '1') {
preg_match("/^[_a-z0-9+-]+(\\.[_a-z0-9+-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,4})\$/i", $params['field_' . $i], $r);
$field_email = $taf_friendsemail = $r[1];
// double checking anti spam TAF
}
if ($taf_youremail == '' && $field_type == 'youremail' && $field_stat[3] == '1') {
$taf_youremail = $params['field_' . $i];
}
if ($field_type == 'friendsname') {
$taf_friendsname = $params['field_' . $i];
}
if ($field_type == 'yourname') {
$taf_yourname = $params['field_' . $i];
}
### lets find an email field ("Is Email") and that's not empty!
if ($field_email == '' && $field_stat[3] == '1') {
$field_email = $params['field_' . $i];
}
### special case: select & radio
if ($field_type == "multiselectbox" || $field_type == "selectbox" || $field_type == "radiobuttons" || $field_type == "checkboxgroup") {
$field_name = explode('#', $field_name);
$field_name = $field_name[0];
}
### special case: check box
if ($field_type == "checkbox" || $field_type == "ccbox") {
$field_name = explode('#', $field_name);
$field_name = $field_name[1] == '' ? $field_name[0] : $field_name[1];
$field_name = explode('|', $field_name);
$field_name = $field_name[0];
### if ccbox & checked
if ($field_type == "ccbox" && $params['field_' . $i] != "") {
//10.2. removed "-"
##$ccme = 'field_' . $i;
$ccme = $field_name;
}
}
if ($field_type == "emailtobox") {
### special case where the value needs to bet get from the DB!
$to_one = $params['field_' . $i];
$field_name = explode('#', $field_stat[0]);
### can't use field_name, since '|' check earlier
$tmp = explode('|', $field_name[$to_one + 1]);
### remove possible |set:true
$value = $tmp[0];
### values start from 0 or after!
$to = $replyto = stripslashes($tmp[1]);
$field_name = $field_name[0];
} else {
if (strtoupper(get_option('blog_charset')) != 'UTF-8' && function_exists('mb_convert_encoding')) {
$value = mb_convert_encoding(utf8_decode(stripslashes($params['field_' . $i])), get_option('blog_charset'));
} else {
$value = stripslashes($params['field_' . $i]);
}
}
### only if hidden!
if ($field_type == 'hidden') {
$value = rawurldecode($value);
}
### check boxes
if ($field_type == "checkbox" || $field_type == "ccbox") {
if ($value == 'on') {
$value = '(x)';
} else {
$value = '';
}
}
### determine tracked field name
$inc = '';
$trackname = trim($field_name);
if (array_key_exists($trackname, $track)) {
if ($trackinstance[$trackname] == '') {
$trackinstance[$trackname] = 2;
}
$inc = '___' . $trackinstance[$trackname]++;
}
$track['$$$' . (int) ($i + $off)] = $trackname . $inc;
$track[$trackname . $inc] = $value;
if ($customTrackingID != '') {
$track['$$$' . $customTrackingID] = $trackname . $inc;
}
}
### for
### prefilter user input
if (function_exists('my_cforms_filter')) {
my_cforms_filter($no);
}
### assemble text & html email
$r = cforms2_format_email($track, $no);
$formdata = $r['text'];
$htmlformdata = $r['html'];
###
### record:
###
$subID = $isTAF == '2' && $track['send2author'] != '1' ? 'noid' : cforms2_write_tracking_record($no, $field_email);
###
### allow the user to use form data for other apps
###
$trackf['id'] = $no;
$trackf['data'] = $track;
if (function_exists('my_cforms_action')) {
try {
my_cforms_action($trackf);
} catch (Exception $exc) {
echo $segments[0] . '*$#y' . $exc->getMessage() . '|---';
die;
}
}
$isAjaxWPcomment = substr($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'], 0, 1) === '2';
### Catch WP-Comment function | if send2author just continue
if ($isAjaxWPcomment !== false && (!isset($track['send2author']) || $track['send2author'] == '0')) {
require_once plugin_dir_path(__FILE__) . 'lib_WPcomment.php';
### Catch WP-Comment function: error
if (!$WPsuccess) {
echo $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1) . $WPresp . '|---';
die;
}
}
### Catch WP-Comment function
### multiple recipients? and to whom is the email sent? to_one = picked recip.
if ($isAjaxWPcomment !== false && $track['send2author'] == '1') {
$to = $wpdb->get_results($wpdb->prepare("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = %d AND U.ID=P.post_author", $Ajaxpid));
$to = $replyto = $to[0]->user_email != '' ? $to[0]->user_email : $replyto;
} else {
if (!($to_one != -1 && $to != '')) {
$to = $replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_email']));
}
}
### from
$frommail = cforms2_check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track);
### T-A-F override?
if ($isTAF == '1' && $taf_youremail && $taf_friendsemail) {
$replyto = "\"{$taf_yourname}\" <{$taf_youremail}>";
}
### logic: dynamic admin email address
if (function_exists('my_cforms_logic')) {
$to = my_cforms_logic($trackf, $to, 'adminTO');
}
### use trackf!
### either use configured subject or user determined
$vsubject = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_subject']);
if (function_exists('my_cforms_logic')) {
$vsubject = my_cforms_logic($trackf, $vsubject, 'adminEmailSUBJ');
}
$vsubject = cforms2_check_default_vars($vsubject, $no);
$vsubject = cforms2_check_cust_vars($vsubject, $track);
### prep message text, replace variables
$message = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header']);
if (function_exists('my_cforms_logic')) {
$message = my_cforms_logic($trackf, $message, 'adminEmailTXT');
}
$message = cforms2_check_default_vars($message, $no);
$message = cforms2_check_cust_vars($message, $track);
### actual user message
$htmlmessage = '';
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 2, 1) == '1') {
$htmlmessage = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header_html']);
if (function_exists('my_cforms_logic')) {
$htmlmessage = my_cforms_logic($trackf, $htmlmessage, 'adminEmailHTML');
}
$htmlmessage = cforms2_check_default_vars($htmlmessage, $no);
$htmlmessage = cforms2_check_cust_vars($htmlmessage, $track, true);
}
### custom user ReplyTo handling
if (function_exists('my_cforms_logic')) {
$userReplyTo = my_cforms_logic($trackf, $field_email, 'ReplyTo');
} else {
$userReplyTo = $field_email;
}
$mail = new cforms2_mail($no, $frommail, $to, $userReplyTo, true);
$mail->subj = $vsubject;
### HTML email
if ($mail->html_show) {
$mail->is_html(true);
$mail->body = $cformsSettings['global']['cforms_style_doctype'] . $mail->eol . "<html xmlns=\"http://www.w3.org/1999/xhtml\">" . $mail->eol . "<head><title></title></head>" . $mail->eol . "<body {$cformsSettings['global']['cforms_style']['body']}>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol;
$mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
} else {
$mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
}
if ($cformsSettings['form' . $no]['cforms' . $no . '_emailoff'] == '1' || $WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] != '21') {
$sentadmin = 1;
} else {
$sentadmin = $mail->send();
}
if ($sentadmin == 1) {
### send copy or notification?
if ($cformsSettings['form' . $no]['cforms' . $no . '_confirm'] == '1' && $field_email != '' || $ccme && $trackf[data][$ccme] != '') {
$frommail = cforms2_check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track);
### actual user message
$cmsg = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg']);
if (function_exists('my_cforms_logic')) {
$cmsg = my_cforms_logic($trackf, $cmsg, 'autoConfTXT');
}
$cmsg = cforms2_check_default_vars($cmsg, $no);
$cmsg = cforms2_check_cust_vars($cmsg, $track);
### HTML text
$cmsghtml = '';
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 3, 1) == '1') {
$cmsghtml = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg_html']);
if (function_exists('my_cforms_logic')) {
$cmsghtml = my_cforms_logic($trackf, $cmsghtml, 'autoConfHTML');
}
$cmsghtml = cforms2_check_default_vars($cmsghtml, $no);
$cmsghtml = cforms2_check_cust_vars($cmsghtml, $track, true);
}
### subject
$subject2 = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_csubject']);
if (function_exists('my_cforms_logic')) {
$subject2 = my_cforms_logic($trackf, $subject2, 'autoConfSUBJ');
}
$subject2 = cforms2_check_default_vars($subject2, $no);
$subject2 = cforms2_check_cust_vars($subject2, $track);
### different cc & ac subjects?
$s = explode('$#$', $subject2);
$s[1] = $s[1] != '' ? $s[1] : $s[0];
### email tracking via 3rd party?
### if in Tell-A-Friend Mode, then overwrite header stuff...
if ($taf_youremail && $taf_friendsemail && $isTAF == '1') {
$field_email = "\"{$taf_friendsname}\" <{$taf_friendsemail}>";
} else {
$field_email = $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] != '' ? $field_email . $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] : $field_email;
}
$mail = new cforms2_mail($no, $frommail, $field_email, $replyto);
### auto conf attachment?
$a = $cformsSettings['form' . $no]['cforms' . $no . '_cattachment'][0];
$a = substr($a, 0, 1) == '/' ? $a : plugin_dir_path(__FILE__) . $a;
if ($a != '' && file_exists($a)) {
$mail->add_file($a);
### optional name
}
### CC or auto conf?
if ($ccme && $trackf[data][$ccme] != '') {
$mail->subj = $s[1];
if ($mail->html_show) {
// 3.2.2012 changed from html_show_ac > admin email setting dictates this!
$mail->is_html(true);
$mail->body = $cformsSettings['global']['cforms_style_doctype'] . $mail->eol . "<html xmlns=\"http://www.w3.org/1999/xhtml\">" . $mail->eol . "<head><title></title></head>" . $mail->eol . "<body {$cformsSettings['global']['cforms_style']['body']}>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol;
$mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
} else {
$mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
}
$sent = $mail->send();
} else {
$mail->subj = $s[0];
if ($mail->html_show_ac) {
$mail->is_html(true);
$mail->body = $cformsSettings['global']['cforms_style_doctype'] . $mail->eol . "<html xmlns=\"http://www.w3.org/1999/xhtml\">" . $mail->eol . "<head><title></title></head>" . $mail->eol . "<body {$cformsSettings['global']['cforms_style']['body']}>" . $cmsghtml . "</body></html>" . $mail->eol;
$mail->body_alt = $cmsg;
} else {
$mail->body = $cmsg;
}
$sent = $mail->send();
}
if ($sent != '1') {
$err = __('Error occurred while sending the auto confirmation message: ', 'cforms') . '<br />' . $mail->err;
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1);
echo $pre . $err . '|!!!';
die;
}
}
### cc
### return success msg
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1);
### WP-Comment: override
if ($WPsuccess) {
$successMsg = $WPresp;
} else {
$successMsg = cforms2_check_default_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success']), $no);
$successMsg = str_replace($mail->eol, '<br />', $successMsg);
}
$successMsg = cforms2_check_cust_vars($successMsg, $track);
### logic: possibly change usermessage
if (function_exists('my_cforms_logic')) {
$successMsg = my_cforms_logic($trackf, $successMsg, 'successMessage');
}
$opt = '';
### hide?
if ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] || cforms2_get_submission_left($no) == 0) {
$opt .= '|~~~';
}
### redirect to a different page on suceess?
if ($cformsSettings['form' . $no]['cforms' . $no . '_redirect']) {
if (function_exists('my_cforms_logic')) {
$red = my_cforms_logic($trackf, $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'], 'redirection');
if ($red != '') {
$opt .= '|>>>' . $red;
}
### use trackf!
} else {
$opt .= '|>>>' . $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'];
}
}
echo $pre . $successMsg . $opt;
} else {
### no admin mail sent!
### return error msg
$err = __('Error occurred while sending the message: ', 'cforms') . '<br />' . $mail->err;
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1);
echo $pre . $err . '|!!!';
}
die;
}
function getCSVTAB($format = 'csv')
{
global $fnames, $wpdb, $count, $temp, $where, $in_list, $sortBy, $sortOrder, $cformsSettings, $charset;
$results = $wpdb->get_results("SELECT ip, id, sub_date, form_id, field_name,field_val FROM {$wpdb->cformsdata},{$wpdb->cformssubmissions} WHERE sub_id=id {$where} {$in_list} ORDER BY {$sortBy} {$sortOrder}, f_id ASC");
/*
mysql_connect(DB_HOST,DB_USER,DB_PASSWORD);
@mysql_select_db(DB_NAME) or die( "Unable to select database");
$sql = "SELECT ip, id, sub_date, form_id, field_name,field_val FROM {$wpdb->cformsdata},{$wpdb->cformssubmissions} WHERE sub_id=id $where $in_list ORDER BY $sortBy $sortOrder, f_id ASC";
$r = mysql_query($sql);
*/
$br = "\n";
$buffer = array();
$body = '';
$sub_id = '';
$format = $format == "csv" ? "," : "\t";
$ipTab = $_GET['addip'] == 'true' ? $format : '';
$head = $_GET['header'] == 'true' ? $format . $format . $ipTab : '';
$last_n = '';
foreach ($results as $key => $entry) {
### while( $entry = mysql_fetch_array($r) ){
if ($entry->field_name == 'page' || strpos($entry->field_name, 'Fieldset') !== false) {
continue;
}
$next_n = $entry->form_id == '' ? '1' : $entry->form_id;
if ($sub_id != $entry->id) {
### new record starts
if ($buffer[body] != '') {
if ($_GET['header'] == 'true' && $buffer[last_n] != $buffer[last2_n]) {
fwrite($temp, $buffer[head] . $br . $buffer[body] . $br);
} else {
fwrite($temp, $buffer[body] . $br);
}
}
$buffer[body] = $body;
### save 1 line
$buffer[head] = $head;
### save 1 line
$buffer[last2_n] = $buffer[last_n];
$buffer[last_n] = $last_n;
$body = '"' . __('Form', 'cforms') . ': ' . encData($fnames[$next_n]) . '"' . $format . '"' . encData($entry->sub_date) . '"' . $format . ($_GET['addip'] == 'true' ? $entry->ip . $format : '');
$head = $_GET['header'] == 'true' ? $format . $format . $ipTab : '';
$last_n = $next_n;
$sub_id = $entry->id;
}
$url = '';
$urlTab = '';
if ($_GET['addurl'] == 'true' && strpos($entry->field_name, '[*')) {
preg_match('/.*\\[\\*(.*)\\]$/i', $entry->field_name, $t);
$no = $t[1] == '' ? $entry->form_id : ($t[1] == 1 ? '' : $t[1]);
$urlTab = $format;
$entry->field_name = substr($entry->field_name, 0, strpos($entry->field_name, '[*'));
$t = explode('$#$', stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_upload_dir'])));
$fdir = $t[0];
$fdirURL = $t[1];
$subID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->id . '-';
if ($fdirURL == '') {
$url = $cformsSettings['global']['cforms_root'] . substr($fdir, strpos($fdir, $cformsSettings['global']['plugindir']) + strlen($cformsSettings['global']['plugindir']), strlen($fdir));
} else {
$url = $fdirURL;
}
$passID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->id;
$fileInfoArr = array('name' => strip_tags($entry->field_val), 'path' => $url, 'subID' => $passID);
if (function_exists('my_cforms_logic')) {
$fileInfoArr = my_cforms_logic($results, $fileInfoArr, 'fileDestinationTrackingPage');
}
if (!array_key_exists('modified', $fileInfoArr)) {
$fileInfoArr['name'] = $subID . $fileInfoArr['name'];
}
$url = $fileInfoArr['path'] . '/' . $fileInfoArr['name'] . $format;
}
$head .= $_GET['header'] == 'true' ? '"' . encData(stripslashes($entry->field_name)) . '"' . $format . $urlTab : '';
$body .= '"' . str_replace('"', '""', encData(stripslashes($entry->field_val))) . '"' . $format . $url;
}
### foreach
### clean up buffer
if ($buffer[body] != '') {
if ($_GET['header'] == 'true' && $buffer[last_n] != $buffer[last2_n]) {
fwrite($temp, $buffer[head] . $br . $buffer[body] . $br);
} else {
fwrite($temp, $buffer[body] . $br);
}
}
### clean up last body
if ($_GET['header'] == 'true' && $buffer[last_n] != $next_n) {
fwrite($temp, $head . $br . $body . $br);
} else {
fwrite($temp, $body . $br);
}
/*
mysql_free_result($r);
mysql_close();
*/
return;
}
// attachments?
preg_match('/.*\\[\\*(.*)\\]$/i', $name, $r);
$no = $r[1] == '' ? $entry->form_id : ($r[1] == 1 ? '' : $r[1]);
$temp = explode('$#$', stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_upload_dir'])));
$fileuploaddir = $temp[0];
$fileuploaddirurl = $temp[1];
$subID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->sub_id . '-';
if ($fileuploaddirurl == '') {
$fileurl = $cformsSettings['global']['cforms_root'] . substr($fileuploaddir, strpos($fileuploaddir, $cformsSettings['global']['plugindir']) + strlen($cformsSettings['global']['plugindir']), strlen($fileuploaddir));
} else {
$fileurl = $fileuploaddirurl;
}
$passID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->sub_id;
$fileInfoArr = array('name' => strip_tags($val), 'path' => $fileurl, 'subID' => $passID);
if (function_exists('my_cforms_logic')) {
$fileInfoArr = my_cforms_logic($results, $fileInfoArr, 'fileDestinationTrackingPage');
}
if (!array_key_exists('modified', $fileInfoArr)) {
$fileInfoArr['name'] = $subID . $fileInfoArr['name'];
}
$fileurl = $fileInfoArr['path'] . '/' . $fileInfoArr['name'] . $format;
echo '<div class="showformfield meta"><div class="L">';
echo substr($name, 0, strpos($name, '[*'));
if ($entry->field_val == '') {
echo '</div><div class="R">' . __('-', 'cforms') . '</div></div>' . "\n";
} else {
echo '</div><div class="R">' . '<a href="' . $fileurl . '">' . str_replace("\n", "<br />", strip_tags($val)) . '</a>' . '</div></div>' . "\n";
}
} elseif ($name == 'page') {
// special field: page
echo '<div class="showformfield meta"><div class="L">';
