function formbuilder_process_form_redirect($form, $fields) { global $_POST, $wpdb; $autoresponse_required = false; $source_email = ""; foreach ($fields as $field) { // Get source email address, if exists. Will use the first email address listed in the form results, as the source email address. if ($field['required_data'] == "email address" and !$source_email) { $source_email = $field['value']; } } // Set autoresponse information if required and send it out. if ($source_email and $form['autoresponse'] != false and $autoresponse_required == false) { $sql = "SELECT * FROM " . FORMBUILDER_TABLE_RESPONSES . " WHERE id = '" . $form['autoresponse'] . "';"; $results = $wpdb->get_results($sql, ARRAY_A); $response_details = $results[0]; $response_details['destination_email'] = $source_email; if ($response_details['from_email'] and $response_details['subject'] and $response_details['message'] and $response_details['destination_email']) { if ($response_details['from_name']) { $response_details['from_email'] = "\"" . $response_details['from_name'] . "\"<" . $response_details['from_email'] . ">"; } } $result = formbuilder_send_email($response_details['destination_email'], decode_html_entities($response_details['subject'], ENT_QUOTES, get_option('blog_charset')), $response_details['message'], "From: " . $response_details['from_email']); if ($result) { die($result); } } foreach ($fields as $field) { if ($field['field_type'] == "followup page") { echo "<meta HTTP-EQUIV='REFRESH' content='0; url=" . $field['field_value'] . "'>"; break; } } return false; }
function formbuilder_process_alternate_action($form, $fields) { // Ensure that the post location in the thankyoutext looks like a valid url. $url = trim($form['thankyoutext']); if (!($parts = parse_url($url))) { // Post location does NOT look like a valid url, return an error. return __("Alternate Form Action does NOT look like a valid URL. Please contact the website administrator.", 'formbuilder'); } if (isset($parts['path']) && $parts['path'][0] !== '/') { $parts['path'] = dirname($_SERVER['REQUEST_URI']) . '/' . $parts['path']; } $url = formbuilder_create_url($parts); // Create data array to be sent to the alternate form processing system. $data['name'] = $form['name']; $data['subject'] = $form['subject']; $data['destination_email'] = $form['recipient']; foreach ($fields as $field) { $field_name = $field['field_name']; $field_post = $field['value']; $data[$field_name] = $field_post; } // send a request to example.com (referer = jonasjohn.de) list($header, $content) = formbuilder_curlRequest($url, $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], $data); $thankyoutext = $content; echo "\n<div class='formBuilderSuccess'>" . decode_html_entities($thankyoutext, ENT_NOQUOTES, get_option('blog_charset')) . "</div>"; return false; }
function formbuilder_process_xml_email($form, $fields) { global $_POST, $wpdb, $formBuilderTextStrings; $xml_container = "form"; $email_msg = "<{$xml_container}>\r\n"; $autoresponse_required = false; $source_email = ""; // Iterate through the form fields to add values to the email sent to the recipient. foreach ($fields as $field) { // Add the comments to the email message, if they are appropriate. if ($field['field_type'] != "comments area" and $field['field_type'] != "followup page" and $field['field_type'] != "spam blocker" and $field['field_type'] != "page break" and $field['field_type'] != "submit button" and $field['field_type'] != "submit image" and $field['field_type'] != "captcha field") { $email_msg .= "<" . decode_html_entities($field['field_name'], ENT_QUOTES, get_option('blog_charset')) . ">" . decode_html_entities($field['value'], ENT_QUOTES, get_option('blog_charset')) . "</" . decode_html_entities($field['field_name'], ENT_QUOTES, get_option('blog_charset')) . ">\r\n"; } // Get source email address, if exists. Will use the first email address listed in the form results, as the source email address. if ($field['required_data'] == "email address" and !$source_email) { $source_email = $field['value']; } // Add IP if enabled. $ip_capture = get_option('formBuilder_IP_Capture'); if ($ip_capture == 'Enabled' and isset($_SERVER['REMOTE_ADDR'])) { $email_msg .= "<ip>" . $_SERVER['REMOTE_ADDR'] . "</ip>\r\n"; } // Add Page and Referer urls to the bottom of the email. if (isset($_POST['PAGE'])) { $email_msg .= "<page>" . $_POST['PAGE'] . "</page>\r\n"; } if (isset($_POST['REFERER'])) { $email_msg .= "<referer>" . $_POST['REFERER'] . "</referer>\r\n"; } } $email_msg .= "</{$xml_container}>"; // Set autoresponse information if required and send it out. if ($source_email and $form['autoresponse'] != false and $autoresponse_required == false) { $sql = "SELECT * FROM " . FORMBUILDER_TABLE_RESPONSES . " WHERE id = '" . $form['autoresponse'] . "';"; $results = $wpdb->get_results($sql, ARRAY_A); $response_details = $results[0]; $response_details['destination_email'] = $source_email; if ($response_details['from_email'] and $response_details['subject'] and $response_details['message'] and $response_details['destination_email']) { if ($response_details['from_name']) { $response_details['from_email'] = "\"" . $response_details['from_name'] . "\"<" . $response_details['from_email'] . ">"; } } $result = formbuilder_send_email($response_details['destination_email'], decode_html_entities($response_details['subject'], ENT_QUOTES, get_option('blog_charset')), $response_details['message'], "From: " . $response_details['from_email']); if ($result) { die($result); } } if (!$source_email) { $source_email = get_option('admin_email'); } $sendResult = formbuilder_send_email($form['recipient'], $form['subject'], $email_msg, "From: " . $source_email . "\n"); if (!$sendResult) { if (!$form['thankyoutext']) { $form['thankyoutext'] = "<h4>" . $formBuilderTextStrings['success'] . "</h4><p>" . $formBuilderTextStrings['send_success'] . "</p>"; } echo "\n<div class='formBuilderSuccess'>" . decode_html_entities($form['thankyoutext'], ENT_NOQUOTES, get_option('blog_charset')) . "</div>"; } return $sendResult; }
function formbuilder_process_alternate_action($form, $fields) { // Ensure that the post location in the thankyoutext looks like a valid url. $url = trim($form['thankyoutext']); $urlregex = '@^[a-z]{3,5}\\://([a-z0-9\\.\\-\\:]+)([a-z0-9/=]*)([a-z0-9/\\?=]*)@i'; if (!preg_match($urlregex, $url, $regs)) { // Post location does NOT look like a valid url, return an error. return __("Alternate Form Action does NOT look like a valid URL. Please contact the website administrator.", 'formbuilder'); } // Create data array to be sent to the alternate form processing system. $data['name'] = $form['name']; $data['subject'] = $form['subject']; $data['destination_email'] = $form['recipient']; foreach ($fields as $field) { $field_name = $field['field_name']; $field_post = $field['value']; $data[$field_name] = $field_post; } // send a request to example.com (referer = jonasjohn.de) list($header, $content) = formbuilder_curlRequest($url, $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], $data); $thankyoutext = $content; echo "\n<div class='formBuilderSuccess'>" . decode_html_entities($thankyoutext, ENT_NOQUOTES, get_option('blog_charset')) . "</div>"; return false; }
function export_csv() { global $wpdb; $specific_form = false; $where = "WHERE 1"; // Configure the Where clause depending on posted data. if (isset($_POST['date_from']) and isset($_POST['date_to'])) { $timestamp_from = $this->output_date($_POST['date_from'], false); $timestamp_to = $this->output_date($_POST['date_to'], true); $where .= " AND timestamp > '{$timestamp_from}' AND timestamp < '{$timestamp_to}'"; } if (isset($_POST['form_id']) and $_POST['form_id'] != "" and preg_match('#^[0-9]+$#isU', $_POST['form_id'])) { $form_id = addslashes(trim($_POST['form_id'])); $specific_form = true; $where .= " AND form_id = '" . $form_id . "'"; } if (isset($_POST['form_id']) and $_POST['form_id'] == "orphaned") { $sql = 'SELECT id FROM ' . FORMBUILDER_TABLE_FORMS . ' ORDER BY name ASC;'; $forms = $wpdb->get_results($sql, ARRAY_A); $allFormIDs = array(); foreach ($forms as $form) { $allFormIDs[] = $form['id']; } $where .= " AND form_id NOT IN (" . implode(',', $allFormIDs) . ") "; } if (isset($_GET['h'])) { $formResults = get_option('formbuilder_db_export_ids'); $hash = md5($formResults); if ($hash != $_GET['h']) { _e("We're sorry, the export seems to have failed. Please try again."); exit; } $formIDs = explode(",", $formResults); $where .= " AND ("; $first = true; foreach ($formIDs as $form_id) { if (preg_match('#^[0-9]+$#isU', $form_id)) { $form_id = addslashes(trim($form_id)); if (!$first) { $where .= " OR"; } $where .= " id = '" . $form_id . "'"; } $first = false; } $where .= " ) "; } // Set headers header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=forms.csv"); header("Content-Type: application/csv"); header("Content-Transfer-Encoding: text"); // Create the first line of the CSV export with field labels if necessary. echo '"' . __('Result ID', 'formbuilder') . '","' . __('Form ID', 'formbuilder') . '","' . __('Timestamp', 'formbuilder') . '"'; echo ',"' . __('FormSubject', 'formbuilder') . '","' . __('FormRecipient', 'formbuilder') . '"'; if ($specific_form == true and $form_id > 0) { $field_list = array(); $field_list[] = 'FormSubject'; $field_list[] = 'FormRecipient'; $sql = "SELECT * FROM " . FORMBUILDER_TABLE_FIELDS . " WHERE form_id = '" . $form_id . "' ORDER BY display_order ASC;"; $fields = $wpdb->get_results($sql, ARRAY_A); if (isset($fields) and $fields !== false) { foreach ($fields as $field) { if (trim($field['field_name']) != "") { $field_list[] = $field['field_name']; echo ',"' . $field['field_name'] . '"'; } } } else { echo ',"' . __('Field Values', 'formbuilder') . '"'; } $field_list[] = 'IP'; $field_list[] = 'Page'; $field_list[] = 'Referrer'; echo ',"' . __('IP', 'formbuilder') . '"'; echo ',"' . __('Page', 'formbuilder') . '"'; echo ',"' . __('Referrer', 'formbuilder') . '"'; } else { echo ',"' . __('Field Values', 'formbuilder') . '"'; } echo "\r\n"; $currentTime = current_time('timestamp'); $offset = time() - $currentTime; $i = 0; do { $sql_offset = $this->result_limit; $sql = "SELECT * FROM " . FORMBUILDER_TABLE_RESULTS . " {$where} ORDER BY timestamp DESC;"; $result = $wpdb->get_row($sql, ARRAY_A, $i); if ($result === false or $result == "") { break; } $form_data = $this->xmltoarray($result['xmldata']); echo $result['id']; echo ',' . $result['form_id']; echo ',"' . date("F j, Y, g:i a", $result['timestamp'] - $offset) . '"'; if ($specific_form == true and $field_list) { foreach ($field_list as $key) { if (isset($form_data['form'][$key])) { $value = $form_data['form'][$key]; } else { $value = ""; } echo ',"' . str_replace('"', '""', decode_html_entities($value, ENT_NOQUOTES, get_option('blog_charset'))) . '"'; } } else { foreach ($form_data['form'] as $key => $value) { if ($specific_form == true) { $key_insert = ''; } else { $key_insert = $key . ': '; } echo ',"' . $key_insert . str_replace('"', '""', decode_html_entities($value, ENT_NOQUOTES, get_option('blog_charset'))) . '"'; } } echo "\r\n"; $i++; flush(); @set_time_limit(30); } while ($result != false); }
function formbuilder_process_email($form, $fields) { global $_POST, $wpdb; $formBuilderTextStrings = formbuilder_load_strings(); $email_sub = $form['subject']; // mai - added $email_msg = ""; $autoresponse_required = false; $source_email = ""; // Iterate through the form fields to add values to the email sent to the recipient. foreach ($fields as $field) { // Add the comments to the email message, if they are appropriate. if (trim($field['field_name']) != "" and $field['field_type'] != "recipient selection" and $field['field_type'] != "comments area" and $field['field_type'] != "followup page" and $field['field_type'] != "spam blocker" and $field['field_type'] != "page break" and $field['field_type'] != "reset button" and $field['field_type'] != "submit button" and $field['field_type'] != "submit image" and $field['field_type'] != "captcha field") { $email_msg .= strtoupper(decode_html_entities($field['field_name'], ENT_QUOTES, get_option('blog_charset'))) . ": " . decode_html_entities($field['value'], ENT_QUOTES, get_option('blog_charset')) . "\r\n\r\n"; $field_values[$field['field_name']] = decode_html_entities($field['value'], ENT_QUOTES, get_option('blog_charset')); // Populate ~variable~ tags in the form subject with values submitted by the user $email_sub = str_replace("~" . $field['field_name'] . "~", $field_values[$field['field_name']], $email_sub); // mai - added } elseif ($field['field_type'] == "recipient selection") { // If we have a recipient selection field, change the form recipient to the selected value. if (preg_match('#' . FORMBUILDER_PATTERN_EMAIL . '#isU', trim($field['value']))) { $form['recipient'] = trim($field['value']); } else { $email_msg .= $formBuilderTextStrings['bad_alternate_email'] . " [" . trim($field['value']) . "]\n\n"; } } // Get source email address, if exists. Will use the first email address listed in the form results, as the source email address. if ($field['required_data'] == "email address" and !$source_email) { $source_email = $field['value']; } } // Add IP if enabled. $ip_capture = get_option('formBuilder_IP_Capture'); if ($ip_capture == 'Enabled' and isset($_SERVER['REMOTE_ADDR'])) { $email_msg .= "IP: " . $_SERVER['REMOTE_ADDR'] . "\r\n"; } $referrer_info = get_option('formBuilder_referrer_info'); if ($referrer_info == 'Enabled') { // Add Page and Referer urls to the bottom of the email. if (isset($_POST['PAGE'])) { $email_msg .= "PAGE: " . $_POST['PAGE'] . "\r\n"; } if (isset($_POST['REFERER'])) { $email_msg .= "REFERER: " . $_POST['REFERER'] . "\r\n"; } } // Set autoresponse information if required and send it out. if ($source_email and $form['autoresponse'] != false and $autoresponse_required == false) { $sql = "SELECT * FROM " . FORMBUILDER_TABLE_RESPONSES . " WHERE id='" . $form['autoresponse'] . "';"; $results = $wpdb->get_results($sql, ARRAY_A); $response_details = $results[0]; $response_details['destination_email'] = $source_email; if ($response_details['from_email'] and $response_details['subject'] and $response_details['message'] and $response_details['destination_email']) { if ($response_details['from_name']) { $response_details['from_email'] = '"' . $response_details['from_name'] . '"<' . $response_details['from_email'] . '>'; } } // Populate ~variable~ tags in the autoresponse with values submitted by the user. $txtAllFields = ""; foreach ($field_values as $key => $value) { $response_details['subject'] = str_replace("~" . $key . "~", $value, $response_details['subject']); $response_details['message'] = str_replace("~" . $key . "~", $value, $response_details['message']); $txtAllFields .= $key . ": " . $value . "\n"; } $response_details['subject'] = str_replace("~FullForm~", trim($txtAllFields), $response_details['subject']); $response_details['message'] = str_replace("~FullForm~", trim($txtAllFields), $response_details['message']); $result = formbuilder_send_email($response_details['destination_email'], decode_html_entities($response_details['subject'], ENT_QUOTES, get_option('blog_charset')), $response_details['message'], "From: " . $response_details['from_email'] . "\nReply-To: " . $response_details['from_email'] . "\n"); if ($result) { die($result); } } // James' addition to ensure no hacking is allowed. $email_sub = preg_replace('#[^a-z0-9_ -]#isU', '', $email_sub); if (!$source_email) { $source_email = get_option('admin_email'); } // Updated to force from address to use what is saved in settings. $formBuilder_Default_from = formbuilder_get_default_from(); // Allow for old style messaging. if (strtoupper($formBuilder_Default_from) == '[SENDER_EMAIL]') { $formBuilder_Default_from = $source_email; } return formbuilder_send_email($form['recipient'], decode_html_entities($email_sub, ENT_QUOTES, get_option('blog_charset')), $email_msg, "From: " . $formBuilder_Default_from . "\nReply-To: " . $source_email . "\n"); }
function formbuilder_process_email($form, $fields) { global $_POST, $wpdb; $formBuilderTextStrings = formbuilder_load_strings(); $email_msg = ""; $autoresponse_required = false; $source_email = ""; // Iterate through the form fields to add values to the email sent to the recipient. foreach ($fields as $field) { // Add the comments to the email message, if they are appropriate. if (trim($field['field_name']) != "" and $field['field_type'] != "recipient selection" and $field['field_type'] != "comments area" and $field['field_type'] != "followup page" and $field['field_type'] != "spam blocker" and $field['field_type'] != "page break" and $field['field_type'] != "reset button" and $field['field_type'] != "submit button" and $field['field_type'] != "submit image" and $field['field_type'] != "captcha field") { $email_msg .= strtoupper(decode_html_entities($field['field_name'], ENT_QUOTES, get_option('blog_charset'))) . ": " . decode_html_entities($field['value'], ENT_QUOTES, get_option('blog_charset')) . "\r\n\r\n"; $field_values[$field['field_name']] = decode_html_entities($field['value'], ENT_QUOTES, get_option('blog_charset')); } elseif ($field['field_type'] == "recipient selection") { // If we have a recipient selection field, change the form recipient to the selected value. if (eregi(FORMBUILDER_PATTERN_EMAIL, trim($field['value']))) { $form['recipient'] = trim($field['value']); } else { $email_msg .= $formBuilderTextStrings['bad_alternate_email'] . " [" . trim($field['value']) . "]\n\n"; } } // Get source email address, if exists. Will use the first email address listed in the form results, as the source email address. if ($field['required_data'] == "email address" and !$source_email) { $source_email = $field['value']; } // Add the followup page redirect, if it exists. if ($field['field_type'] == "followup page" and trim($field['field_value']) != "") { echo "<meta HTTP-EQUIV='REFRESH' content='0; url=" . $field['field_value'] . "'>"; } } // Add IP if enabled. $ip_capture = get_option('formBuilder_IP_Capture'); if ($ip_capture == 'Enabled' and isset($_SERVER['REMOTE_ADDR'])) { $email_msg .= "IP: " . $_SERVER['REMOTE_ADDR'] . "\r\n"; } $referrer_info = get_option('formBuilder_referrer_info'); if ($referrer_info == 'Enabled') { // Add Page and Referer urls to the bottom of the email. if (isset($_POST['PAGE'])) { $email_msg .= "PAGE: " . $_POST['PAGE'] . "\r\n"; } if (isset($_POST['REFERER'])) { $email_msg .= "REFERER: " . $_POST['REFERER'] . "\r\n"; } } // Set autoresponse information if required and send it out. if ($source_email and $form['autoresponse'] != false and $autoresponse_required == false) { $sql = "SELECT * FROM " . FORMBUILDER_TABLE_RESPONSES . " WHERE id='" . $form['autoresponse'] . "';"; $results = $wpdb->get_results($sql, ARRAY_A); $response_details = $results[0]; $response_details['destination_email'] = $source_email; if ($response_details['from_email'] and $response_details['subject'] and $response_details['message'] and $response_details['destination_email']) { if ($response_details['from_name']) { $response_details['from_email'] = '"' . $response_details['from_name'] . '"<' . $response_details['from_email'] . '>'; } } // Populate ~variable~ tags in the autoresponse with values submitted by the user. foreach ($field_values as $key => $value) { $response_details['subject'] = str_replace("~" . $key . "~", $value, $response_details['subject']); $response_details['message'] = str_replace("~" . $key . "~", $value, $response_details['message']); } $result = formbuilder_send_email($response_details['destination_email'], decode_html_entities($response_details['subject'], ENT_QUOTES, get_option('blog_charset')), $response_details['message'], "From: " . $response_details['from_email'] . "\nReply-To: " . $response_details['from_email'] . "\n"); if ($result) { die($result); } } if (!$source_email) { $source_email = get_option('admin_email'); } return formbuilder_send_email($form['recipient'], decode_html_entities($form['subject'], ENT_QUOTES, get_option('blog_charset')), $email_msg, "From: " . $source_email . "\nReply-To: " . $source_email . "\n"); }