Example #1
0
function upload_file()
{
    global $CONF_FE, $_TABLES, $GLOBALS, $_CONF;
    //upload the file
    $field_name = COM_applyFilter($_POST['current_upload_file']);
    $result_id = COM_applyFilter($_POST['res_id'], true);
    $form_id = COM_applyFilter($_POST['form_id'], true);
    $uploadfile = $_FILES[$field_name];
    $fieldID = COM_applyFilter($_REQUEST['field_id'], true);
    if ($result_id == 0) {
        //form has not been saved yet
        $result_id = nexform_dbsave($form_id, 0, false);
    }
    if (($rec = nexform_check4files($result_id, $field_name)) != 0) {
        $retval = '';
        $retval .= "&nbsp;<a href=\"{$CONF_FE['public_url']}/download.php?id={$rec}\" target=\"_new\">";
        $retval .= "<img src=\"{$CONF_FE['image_url']}/document_sm.gif\" border=\"0\">{$uploadfile['name'][0]}</a>&nbsp;";
        $edit_group = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$form_id}'");
        if (SEC_inGroup($edit_group)) {
            $retval .= "<a href=\"#\" onClick='ajaxDeleteFile({$fieldID},{$rec},\"{$field_name}\"); return false;'>";
            $retval .= "<img src=\"{$CONF_FE['image_url']}/delete.gif\" border=\"0\"></a>&nbsp;";
        }
        $iserror = 'false';
    } else {
        //COM_fileLog("upload error:" . $GLOBALS['fe_errmsg']);
        $errmsg = $GLOBALS['fe_errmsg'];
        $err_fieldname = 'error_' . ppRandomFilename();
        $retval = '';
        if ($errmsg == '') {
            $errmsg = 'Your file could not be uploaded.';
        }
        $retval .= "<table id=\"tbl_{$err_fieldname}\"><tr id=\"{$err_fieldname}\"><td><img src=\"{$_CONF['layout_url']}/nexform/images/error.gif\"></td><td>{$errmsg}<br><center><font size=\"1\"><a href=\"#\" onClick=\"ajaxClearErrorMessage('{$err_fieldname}'); return false;\">[ Clear Message ]</a></font></center></td></tr></table>";
        $iserror = 'true';
    }
    return array($retval, $fieldID, $field_name, $form_id, $result_id, $iserror);
}
Example #2
0
 if ($dup_form_check !== NULL) {
     //form already exists
     if ($mode == 'draft' and !isset($_POST['custom_handler'])) {
         echo COM_refresh($form_return_url);
     } else {
         echo COM_refresh($_CONF['site_url'] . '/nexflow/index.php' . $optReturnVars);
     }
     exit;
 }
 DB_query("INSERT INTO {$_TABLES['nf_projectforms']} (formtype,created_by_taskid) VALUES ('{$formtype}', '{$taskid}');");
 $project_formid = DB_insertID();
 if ($newform == 1) {
     nexform_dbupdate($form_id, $id);
     $result_id = $id;
 } else {
     $result_id = nexform_dbsave($form_id, $postUID);
 }
 $nfclass = new nexflow($processid, $postUID);
 /* Update the hit or results counter */
 DB_query("UPDATE {$_TABLES['nxform_definitions']} SET responses = responses + 1 WHERE id='{$form_id}'");
 $newproject = false;
 if ($processid > 0 and $taskid > 0) {
     $project_id = $nfclass->get_ProcessVariable('PID');
 }
 // Create new project tracking record if project does not yet exist
 if ($project_id < 1 or DB_count($_TABLES['nf_projects'], 'id', $project_id) == 0) {
     $processid = intval($processid);
     DB_query("INSERT INTO {$_TABLES['nf_projects']} (originator_uid,wf_process_id,wf_task_id,status)\r\n                    VALUES ('{$postUID}','{$processid}','{$taskid}','1') ");
     $project_id = DB_insertID();
     $nfclass->set_ProcessVariable('PID', $project_id);
     $newproject = true;
Example #3
0
    if ($completion_msg == '') {
        echo COM_refresh($returnURL . '?msg=1&plugin=nexform');
    } else {
        echo COM_refresh($CONF_FE['public_url'] . "/complete.php?id={$form_id}");
    }
    exit;
} elseif ($_POST['formhandler'] == 'email+dbsave') {
    /* Save results to Database */
    $newform = COM_applyFilter($_REQUEST['newform'], true);
    /* Save results to Database */
    if ($newform == 1) {
        //this form was already saved by the file uploader ajax
        $result_id = COM_applyFilter($_REQUEST['res_id'], true);
        nexform_dbupdate($form_id, $result_id);
    } else {
        nexform_dbsave($form_id);
    }
    /* Send results via email */
    nexform_emailresults();
    /* Update the hit or results counter */
    DB_query("UPDATE {$_TABLES['nxform_definitions']} SET responses = responses + 1 WHERE id='{$form_id}'");
    $completion_msg = DB_getItem($_TABLES['nxform_definitions'], 'after_post_text', "id={$form_id}");
    if ($completion_msg == '') {
        echo COM_refresh($returnURL . '?msg=1&plugin=nexform');
    } else {
        echo COM_refresh($CONF_FE['public_url'] . "/complete.php?id={$form_id}");
    }
    exit;
} else {
    if (DB_count($_TABLES['nxform_definitions'], 'id', $id) == 1) {
        echo COM_siteHeader();
Example #4
0
$view_group = DB_getItem($_TABLES['nxform_definitions'], 'perms_view', "id='{$id}'");
if (!SEC_inGroup($view_group)) {
    echo COM_siteHeader();
    echo COM_startBlock("Access Error");
    echo '<div style="text-align:center;padding-top:20px;">';
    echo "You do not have sufficient access.";
    echo "<p><button  onclick='javascript:history.go(-1)'>Return</button></p><br>";
    echo '</div>';
    echo COM_endBlock();
    echo COM_siteFooter();
    exit;
}
$LANG_NAVBAR = $LANG_FRM_ADMIN_NAVBAR;
$formname = DB_getItem($_TABLES['nxform_definitions'], 'name', "id='{$id}'");
if ($epm == 1) {
    $resid = nexform_dbsave($id);
    $_GET['result'] = $resid;
    $result = $resid;
}
$report_results = "<link rel=\"stylesheet\" href=\"{$_CONF['layout_url']}/style.css\">\n";
$report_results .= nexform_showform($id, $result, 'print', '', '', $style);
//now we can delete from the temporary tables now that we are done displaying them.
if ($epm == 1) {
    $tmpres = DB_getItem($_TABLES['nxform_results'], 'related_results', "id={$resid}");
    DB_query("DELETE FROM {$_TABLES['nxform_results']} WHERE id={$resid};");
    DB_query("DELETE FROM {$_TABLES['nxform_resdata']} WHERE result_id={$resid};");
    DB_query("DELETE FROM {$_TABLES['nxform_restext']} WHERE result_id={$resid};");
    if ($tmpres != '') {
        $resids = explode(',', $tmpres);
        foreach ($resids as $resid) {
            DB_query("DELETE FROM {$_TABLES['nxform_results']} WHERE id={$resid};");