function mf_theme_get_fonts_link($dbh, $theme_id) { $font_family_array = array(); $query = "SELECT\r\n\t\t\t\t\t\tform_title_font_type,\r\n\t\t\t\t\t\tform_desc_font_type,\r\n\t\t\t\t\t\tfield_title_font_type,\r\n\t\t\t\t\t\tguidelines_font_type,\r\n\t\t\t\t\t\tsection_title_font_type,\r\n\t\t\t\t\t\tsection_desc_font_type,\r\n\t\t\t\t\t\tfield_text_font_type\r\n\t\t\t\t\tFROM\r\n\t\t\t\t\t\t`" . MF_TABLE_PREFIX . "form_themes`\r\n\t\t\t\t WHERE\r\n\t\t\t\t \t\ttheme_id=? and `status`=1"; $params = array($theme_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); $font_family_array[] = $row['form_title_font_type']; $font_family_array[] = $row['form_desc_font_type']; $font_family_array[] = $row['field_title_font_type']; $font_family_array[] = $row['guidelines_font_type']; $font_family_array[] = $row['section_title_font_type']; $font_family_array[] = $row['section_desc_font_type']; $font_family_array[] = $row['field_text_font_type']; /** Build the font CSS tag **/ if (!empty($font_family_array)) { $font_family_joined = implode("','", $font_family_array); $query = "SELECT font_family,font_variants FROM " . MF_TABLE_PREFIX . "fonts WHERE font_family IN('{$font_family_joined}')"; $params = array(); $sth = mf_do_query($query, $params, $dbh); $font_css_array = array(); while ($row = mf_do_fetch_result($sth)) { $font_css_array[] = urlencode($row['font_family']) . ":" . $row['font_variants']; } $ssl_suffix = mf_get_ssl_suffix(); $font_css_markup = implode('|', $font_css_array); if (!empty($font_css_array)) { $font_css_markup = "<link href='http{$ssl_suffix}://fonts.googleapis.com/css?family={$font_css_markup}' rel='stylesheet' type='text/css'>\n"; } else { $font_css_markup = ''; } } return $font_css_markup; }
require 'includes/filter-functions.php'; require 'includes/entry-functions.php'; require 'includes/users-functions.php'; $form_id = (int) trim($_GET['id']); if (!empty($_POST['form_id'])) { $form_id = (int) $_POST['form_id']; } $dbh = mf_connect_db(); $mf_settings = mf_get_settings($dbh); //check permission, is the user allowed to access this page? if (empty($_SESSION['mf_user_privileges']['priv_administer'])) { $user_perms = mf_get_user_permissions($dbh, $form_id, $_SESSION['mf_user_id']); //this page need edit_form permission if (empty($user_perms['edit_form'])) { $_SESSION['MF_DENIED'] = "You don't have permission to edit this form."; $ssl_suffix = mf_get_ssl_suffix(); header("Location: http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . mf_get_dirname($_SERVER['PHP_SELF']) . "/restricted.php"); exit; } } //get form properties $query = "select \r\n\t\t\t\t\tform_name,\r\n\t\t\t\t\tform_page_total,\r\n\t\t\t\t\tlogic_field_enable,\r\n\t\t\t\t\tlogic_page_enable,\r\n\t\t\t\t\tform_review,\r\n\t\t\t\t\tpayment_enable_merchant,\r\n\t\t\t\t\tpayment_merchant_type\r\n\t\t\t from \r\n\t\t\t \t " . MF_TABLE_PREFIX . "forms \r\n\t\t\t where \r\n\t\t\t \t form_id = ?"; $params = array($form_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); if (!empty($row)) { $form_name = htmlspecialchars($row['form_name']); $logic_field_enable = (int) $row['logic_field_enable']; $logic_page_enable = (int) $row['logic_page_enable']; $form_page_total = (int) $row['form_page_total']; $form_review = (int) $row['form_review'];
function display_machform($config) { $form_id = $config['form_id']; $show_border = $config['show_border']; $machform_path = $config['base_path']; $machform_data_path = dirname(__FILE__) . '/'; if ($show_border === true) { $integration_method = ''; } else { $integration_method = 'php'; } //start session if there isn't any if (session_id() == "") { @session_start(); } $dbh = mf_connect_db(); if (mf_is_form_submitted()) { //if form submitted $input_array = mf_sanitize($_POST); $input_array['machform_data_path'] = $machform_data_path; $input_array['machform_base_path'] = $machform_path; $submit_result = mf_process_form($dbh, $input_array); if (!isset($input_array['password'])) { //if normal form submitted if ($submit_result['status'] === true) { if (!empty($submit_result['form_resume_url'])) { //the user saving a form, display success page with the resume URL $_SESSION['mf_form_resume_url'][$input_array['form_id']] = $submit_result['form_resume_url']; $ssl_suffix = mf_get_ssl_suffix(); echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&done=1'</script>"; exit; } else { if (!empty($submit_result['review_id'])) { //redirect to review page $ssl_suffix = mf_get_ssl_suffix(); if (!empty($submit_result['origin_page_number'])) { $page_num_params = '&mf_page_from=' . $submit_result['origin_page_number']; } $_SESSION['review_id'] = $submit_result['review_id']; if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_review=1{$page_num_params}'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_review=1{$page_num_params}'</script>"; } exit; } else { if (!empty($submit_result['next_page_number'])) { //redirect to the next page number $_SESSION['mf_form_access'][$input_array['form_id']][$submit_result['next_page_number']] = true; $ssl_suffix = mf_get_ssl_suffix(); echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&mf_page={$submit_result['next_page_number']}'</script>"; exit; } else { //otherwise display success message or redirect to the custom redirect URL if (empty($submit_result['form_redirect'])) { $ssl_suffix = mf_get_ssl_suffix(); echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&done=1'</script>"; exit; } else { echo "<script type=\"text/javascript\">top.location = '{$submit_result['form_redirect']}'</script>"; exit; } } } } } else { if ($submit_result['status'] === false) { //there are errors, display the form again with the errors $old_values = $submit_result['old_values']; $custom_error = @$submit_result['custom_error']; $error_elements = $submit_result['error_elements']; $form_params = array(); $form_params['page_number'] = $input_array['page_number']; $form_params['populated_values'] = $old_values; $form_params['error_elements'] = $error_elements; $form_params['custom_error'] = $custom_error; $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form($dbh, $input_array['form_id'], $form_params); } } } else { //if password form submitted if ($submit_result['status'] === true) { //on success, display the form $form_params = array(); $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form($dbh, $input_array['form_id'], $form_params); } else { $custom_error = $submit_result['custom_error']; //error, display the pasword form again $form_params = array(); $form_params['custom_error'] = $custom_error; $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form($dbh, $input_array['form_id'], $form_params); } } } else { if (!empty($_POST['review_submit']) || !empty($_POST['review_submit_x'])) { //if form review being submitted //commit data from review table to actual table $record_id = $_SESSION['review_id']; $form_params = array(); $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $commit_result = mf_commit_form_review($dbh, $form_id, $record_id, $form_params); unset($_SESSION['review_id']); if (empty($commit_result['form_redirect'])) { $ssl_suffix = mf_get_ssl_suffix(); echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$form_id}&done=1'</script>"; exit; } else { echo "<script type=\"text/javascript\">top.location = '{$commit_result['form_redirect']}'</script>"; exit; } } elseif (!empty($_POST['review_back']) || !empty($_POST['review_back_x'])) { //go back to form $origin_page_num = (int) $_POST['mf_page_from']; $ssl_suffix = mf_get_ssl_suffix(); echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$form_id}&mf_page={$origin_page_num}'</script>"; exit; } elseif (!empty($_GET['show_review'])) { //show review page if (empty($_SESSION['review_id'])) { die("Your session has been expired. Please start again."); } else { $record_id = $_SESSION['review_id']; } $from_page_num = (int) $_GET['mf_page_from']; if (empty($from_page_num)) { $form_page_num = 1; } $form_params = array(); $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form_review($dbh, $form_id, $record_id, $from_page_num, $form_params); } else { $form_id = $form_id; $page_number = (int) trim($_GET['mf_page']); $page_number = mf_verify_page_access($form_id, $page_number); $resume_key = trim($_GET['mf_resume']); if (!empty($resume_key)) { $_SESSION['mf_form_resume_key'][$form_id] = $resume_key; } if (!empty($_GET['done']) && (!empty($_SESSION['mf_form_completed'][$form_id]) || !empty($_SESSION['mf_form_resume_url'][$form_id]))) { $form_params = array(); $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $markup = mf_display_success($dbh, $form_id, $form_params); } else { $form_params = array(); $form_params['page_number'] = $page_number; $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form($dbh, $form_id, $form_params); } } } echo $markup; }
function mf_process_form($dbh, $input) { global $mf_lang; $form_id = (int) trim($input['form_id']); $edit_id = (int) trim($input['edit_id']); if (empty($input['page_number'])) { $page_number = 1; } else { $page_number = (int) $input['page_number']; } $is_committed = false; $mf_settings = mf_get_settings($dbh); //this function handle password submission and general form submission //check for password requirement $query = "select form_password,form_language,form_review from `" . MF_TABLE_PREFIX . "forms` where form_id=?"; $params = array($form_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); $form_review = $row['form_review']; if (!empty($row['form_password'])) { $require_password = true; } else { $require_password = false; } if (!empty($row['form_language'])) { mf_set_language($row['form_language']); } //if this form require password and no session has been set if ($require_password && (empty($_SESSION['user_authenticated']) || $_SESSION['user_authenticated'] != $form_id)) { $query = "select count(form_id) valid_password from `" . MF_TABLE_PREFIX . "forms` where form_id=? and form_password=?"; $params = array($form_id, $input['password']); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); if (!empty($row['valid_password'])) { $process_result['status'] = true; $_SESSION['user_authenticated'] = $form_id; } else { $process_result['status'] = false; $process_result['custom_error'] = $mf_lang['form_pass_invalid']; } return $process_result; } $element_child_lookup['address'] = 5; $element_child_lookup['simple_name'] = 1; $element_child_lookup['simple_name_wmiddle'] = 2; $element_child_lookup['name'] = 3; $element_child_lookup['name_wmiddle'] = 4; $element_child_lookup['phone'] = 2; $element_child_lookup['date'] = 2; $element_child_lookup['europe_date'] = 2; $element_child_lookup['time'] = 3; $element_child_lookup['money'] = 1; //this applies to dollar,euro and pound. yen don't have child $element_child_lookup['checkbox'] = 1; //this is just a dumb value $element_child_lookup['matrix'] = 1; //this is just a dumb value //never trust user input, get a list of input fields based on info stored on table //element has real child -> address, simple_name, name, simple_name_wmiddle, name_wmiddle //element has virtual child -> phone, date, europe_date, time, money if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) { //if this is edit_entry page, process all elements on all pages at once $page_number_clause = ''; $params = array($form_id); } else { $page_number_clause = 'and element_page_number =?'; $params = array($form_id, $page_number); } $query = "SELECT \r\n\t\t\t\t\t\telement_id,\r\n \t\t\t\t\telement_title,\r\n \t\t\t\t\telement_is_required,\r\n \t\t\t\t\telement_is_unique,\r\n \t\t\t\t\telement_type, \r\n \t\t\t\t\telement_constraint,\r\n \t\t\t\t\telement_total_child,\r\n \t\t\t\t\telement_file_enable_multi_upload,\r\n \t\t\t\t\telement_file_max_selection,\r\n \t\t\t\t\telement_file_enable_type_limit,\r\n \t\t\t\t\telement_file_block_or_allow,\r\n \t\t\t\t\telement_file_type_list,\r\n \t\t\t\t\telement_range_max,\r\n \t\t\t\t\telement_range_min,\r\n \t\t\t\t\telement_range_limit_by,\r\n \t\t\t\t\telement_choice_has_other,\r\n \t\t\t\t\telement_time_showsecond,\r\n \t\t\t\t\telement_time_24hour,\r\n \t\t\t\t\telement_matrix_parent_id,\r\n \t\t\t\t\telement_matrix_allow_multiselect,\r\n \t\t\t\t\telement_date_enable_range,\r\n \t\t\t\t\telement_date_range_min,\r\n \t\t\t\t\telement_date_range_max,\r\n \t\t\t\t\telement_date_past_future,\r\n \t\t\t\t\telement_date_disable_past_future,\r\n \t\t\t\t\telement_date_enable_selection_limit,\r\n\t\t\t\t\t\telement_date_selection_max,\r\n\t\t\t\t\t\telement_date_disable_weekend,\r\n\t\t\t\t\t\telement_date_disable_specific,\r\n\t\t\t\t\t\telement_date_disabled_list\r\n\t\t\t\t\tFROM \r\n\t\t\t\t\t\t" . MF_TABLE_PREFIX . "form_elements \r\n\t\t\t\t WHERE \r\n\t\t\t\t \t\tform_id=? and element_status = '1' {$page_number_clause} and element_type <> 'page_break' and element_type <> 'section'\r\n\t\t\t\tORDER BY \r\n\t\t\t\t\t\telement_id asc"; $sth = mf_do_query($query, $params, $dbh); $element_to_get = array(); $private_elements = array(); //admin-only fields $matrix_childs_array = array(); while ($row = mf_do_fetch_result($sth)) { if ($row['element_type'] == 'section') { continue; } //store element info $element_info[$row['element_id']]['title'] = $row['element_title']; $element_info[$row['element_id']]['type'] = $row['element_type']; $element_info[$row['element_id']]['is_required'] = $row['element_is_required']; $element_info[$row['element_id']]['is_unique'] = $row['element_is_unique']; $element_info[$row['element_id']]['is_private'] = $row['element_is_private']; $element_info[$row['element_id']]['constraint'] = $row['element_constraint']; $element_info[$row['element_id']]['file_enable_multi_upload'] = $row['element_file_enable_multi_upload']; $element_info[$row['element_id']]['file_max_selection'] = $row['element_file_max_selection']; $element_info[$row['element_id']]['file_enable_type_limit'] = $row['element_file_enable_type_limit']; $element_info[$row['element_id']]['file_block_or_allow'] = $row['element_file_block_or_allow']; $element_info[$row['element_id']]['file_type_list'] = $row['element_file_type_list']; $element_info[$row['element_id']]['range_min'] = $row['element_range_min']; $element_info[$row['element_id']]['range_max'] = $row['element_range_max']; $element_info[$row['element_id']]['range_limit_by'] = $row['element_range_limit_by']; $element_info[$row['element_id']]['choice_has_other'] = $row['element_choice_has_other']; $element_info[$row['element_id']]['time_showsecond'] = (int) $row['element_time_showsecond']; $element_info[$row['element_id']]['time_24hour'] = (int) $row['element_time_24hour']; $element_info[$row['element_id']]['matrix_parent_id'] = (int) $row['element_matrix_parent_id']; $element_info[$row['element_id']]['matrix_allow_multiselect'] = (int) $row['element_matrix_allow_multiselect']; $element_info[$row['element_id']]['date_enable_range'] = (int) $row['element_date_enable_range']; $element_info[$row['element_id']]['date_range_max'] = $row['element_date_range_max']; $element_info[$row['element_id']]['date_range_min'] = $row['element_date_range_min']; $element_info[$row['element_id']]['date_past_future'] = $row['element_date_past_future']; $element_info[$row['element_id']]['date_disable_past_future'] = (int) $row['element_date_disable_past_future']; $element_info[$row['element_id']]['date_enable_selection_limit'] = (int) $row['element_date_enable_selection_limit']; $element_info[$row['element_id']]['date_selection_max'] = (int) $row['element_date_selection_max']; $element_info[$row['element_id']]['date_disable_weekend'] = (int) $row['element_date_disable_weekend']; $element_info[$row['element_id']]['date_disable_specific'] = (int) $row['element_date_disable_specific']; $element_info[$row['element_id']]['date_disabled_list'] = $row['element_date_disabled_list']; //get element form name, complete with the childs if (empty($element_child_lookup[$row['element_type']]) || $row['element_constraint'] == 'yen') { //elements with no child $element_to_get[] = 'element_' . $row['element_id']; } else { //elements with child if ($row['element_type'] == 'checkbox' || $row['element_type'] == 'matrix' && !empty($row['element_matrix_allow_multiselect'])) { //for checkbox, get childs elements from ap_element_options table $sub_query = "select \r\n\t\t\t\t\t\t\t\t\t\toption_id \r\n\t\t\t\t\t\t\t\t\tfrom \r\n\t\t\t\t\t\t\t\t\t\t" . MF_TABLE_PREFIX . "element_options \r\n\t\t\t\t\t\t\t\t where \r\n\t\t\t\t\t\t\t\t \t\tform_id=? and element_id=? and live=1 \r\n\t\t\t\t\t\t\t\torder by \r\n\t\t\t\t\t\t\t\t\t\t`position` asc"; $params = array($form_id, $row['element_id']); $sub_sth = mf_do_query($sub_query, $params, $dbh); while ($sub_row = mf_do_fetch_result($sub_sth)) { $element_to_get[] = "element_{$row['element_id']}_{$sub_row['option_id']}"; $checkbox_childs[$row['element_id']][] = $sub_row['option_id']; //store the child into array for further reference } //if this is the parent of the matrix (checkbox matrix only), get the child as well if ($row['element_type'] == 'matrix' && !empty($row['element_matrix_allow_multiselect'])) { $temp_matrix_child_element_id_array = explode(',', trim($row['element_constraint'])); foreach ($temp_matrix_child_element_id_array as $mc_element_id) { $sub_query = "select \r\n\t\t\t\t\t\t\t\t\t\t\toption_id \r\n\t\t\t\t\t\t\t\t\t\tfrom \r\n\t\t\t\t\t\t\t\t\t\t\t" . MF_TABLE_PREFIX . "element_options \r\n\t\t\t\t\t\t\t\t\t where \r\n\t\t\t\t\t\t\t\t\t \t\tform_id=? and element_id=? and live=1 \r\n\t\t\t\t\t\t\t\t\torder by \r\n\t\t\t\t\t\t\t\t\t\t\t`position` asc"; $params = array($form_id, $mc_element_id); $sub_sth = mf_do_query($sub_query, $params, $dbh); while ($sub_row = mf_do_fetch_result($sub_sth)) { $element_to_get[] = "element_{$mc_element_id}_{$sub_row['option_id']}"; $checkbox_childs[$mc_element_id][] = $sub_row['option_id']; //store the child into array for further reference } } } } else { if ($row['element_type'] == 'matrix' && empty($row['element_matrix_allow_multiselect'])) { //radio button matrix, each row doesn't have childs $element_to_get[] = 'element_' . $row['element_id']; } else { $max = $element_child_lookup[$row['element_type']] + 1; for ($j = 1; $j <= $max; $j++) { $element_to_get[] = "element_{$row['element_id']}_{$j}"; } } } } //if the back button pressed after review page, we need to store the file info if (!empty($_SESSION['review_id']) && !empty($form_review)) { if ($row['element_type'] == 'file') { $existing_file_id[] = $row['element_id']; } } //if this is matrix field, particularly the child rows, we need to store the id into temporary array //we need to loop through it later, to set the "required" property based on the matrix parent value if ($row['element_type'] == 'matrix' && !empty($row['element_matrix_parent_id'])) { $matrix_childs_array[$row['element_id']] = $row['element_matrix_parent_id']; } } //loop through each matrix childs array //if the parent matrix has required=1, the child need to be set the same //if the parent matrix allow multi select, the child need to be set the same if (!empty($matrix_childs_array)) { foreach ($matrix_childs_array as $matrix_child_element_id => $matrix_parent_element_id) { if (!empty($element_info[$matrix_parent_element_id]['is_required'])) { $element_info[$matrix_child_element_id]['is_required'] = 1; } if (!empty($element_info[$matrix_parent_element_id]['matrix_allow_multiselect'])) { $element_info[$matrix_child_element_id]['matrix_allow_multiselect'] = 1; } } } if (!empty($existing_file_id)) { $existing_file_id_list = ''; foreach ($existing_file_id as $value) { $existing_file_id_list .= 'element_' . $value . ','; } $existing_file_id_list = rtrim($existing_file_id_list, ','); $query = "select {$existing_file_id_list} from " . MF_TABLE_PREFIX . "form_{$form_id}_review where `id`=?"; $params = array($_SESSION['review_id']); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); foreach ($existing_file_id as $value) { if (!empty($row['element_' . $value])) { $element_info[$value]['existing_file'] = $row['element_' . $value]; } } } //pick user input $user_input = array(); foreach ($element_to_get as $element_name) { $user_input[$element_name] = @$input[$element_name]; } $error_elements = array(); $table_data = array(); //validate input based on rules specified for each field foreach ($user_input as $element_name => $element_data) { //get element_id from element_name $exploded = array(); $exploded = explode('_', $element_name); $element_id = $exploded[1]; $rules = array(); $target_input = array(); $element_type = $element_info[$element_id]['type']; //if this is private fields and not logged-in as admin, bypass operation below, just supply the default value if any if ($element_info[$element_id]['is_private'] == 1 && empty($_SESSION['mf_logged_in'])) { if (!empty($element_info[$element_id]['default_value'])) { $table_data['element_' . $element_id] = $element_info[$element_id]['default_value']; } continue; } //if this is matrix field, we need to convert the field type into radio button or checkbox if ('matrix' == $element_type) { $is_matrix_field = true; if (!empty($element_info[$element_id]['matrix_allow_multiselect'])) { $element_type = 'checkbox'; } else { $element_type = 'radio'; } } else { $is_matrix_field = false; } if ('text' == $element_type) { //Single Line Text if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; } if ($element_info[$element_id]['is_unique']) { $rules[$element_name]['unique'] = $form_id . '#' . $element_name; $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } if (!empty($user_input[$element_name])) { if (!empty($element_info[$element_id]['range_max']) && !empty($element_info[$element_id]['range_min'])) { $rules[$element_name]['range_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min'] . '#' . $element_info[$element_id]['range_max']; } else { if (!empty($element_info[$element_id]['range_max'])) { $rules[$element_name]['max_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_max']; } else { if (!empty($element_info[$element_id]['range_min'])) { $rules[$element_name]['min_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min']; } } } } $target_input[$element_name] = $element_data; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($element_data); //prepare data for table column $table_data[$element_name] = $element_data; } elseif ('textarea' == $element_type) { //Paragraph if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; } if ($element_info[$element_id]['is_unique']) { $rules[$element_name]['unique'] = $form_id . '#' . $element_name; $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } if (!empty($user_input[$element_name])) { if (!empty($element_info[$element_id]['range_max']) && !empty($element_info[$element_id]['range_min'])) { $rules[$element_name]['range_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min'] . '#' . $element_info[$element_id]['range_max']; } else { if (!empty($element_info[$element_id]['range_max'])) { $rules[$element_name]['max_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_max']; } else { if (!empty($element_info[$element_id]['range_min'])) { $rules[$element_name]['min_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min']; } } } } $target_input[$element_name] = $element_data; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($element_data); //prepare data for table column $table_data[$element_name] = $element_data; } elseif ('radio' == $element_type) { //Multiple Choice if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; } //if this field has 'other' label if (!empty($element_info[$element_id]['choice_has_other'])) { if (empty($element_data) && !empty($input[$element_name . '_other'])) { $element_data = $input[$element_name . '_other']; //save old data into array, for form redisplay in case errors occured $form_data[$element_name . '_other']['default_value'] = $element_data; $table_data[$element_name . '_other'] = $element_data; //make sure to set the main element value to 0 $form_data[$element_name]['default_value'] = 0; $table_data[$element_name] = 0; } } $target_input[$element_name] = $element_data; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { if ($is_matrix_field && !empty($matrix_childs_array[$element_id])) { $error_elements[$matrix_childs_array[$element_id]] = $validation_result; } else { $error_elements[$element_id] = $validation_result; } } //save old data into array, for form redisplay in case errors occured if (empty($form_data[$element_name . '_other']['default_value'])) { $form_data[$element_name]['default_value'] = $element_data; } //prepare data for table column if (empty($table_data[$element_name . '_other'])) { $table_data[$element_name] = $element_data; } } elseif ('number' == $element_type) { //Number if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; } if ($element_info[$element_id]['is_unique']) { $rules[$element_name]['unique'] = $form_id . '#' . $element_name; $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } //check for numeric if not empty if (!empty($user_input[$element_name])) { $rules[$element_name]['numeric'] = true; } if (!empty($user_input[$element_name]) && $element_info[$element_id]['range_limit_by'] == 'd') { if (!empty($element_info[$element_id]['range_max']) && !empty($element_info[$element_id]['range_min'])) { $rules[$element_name]['range_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min'] . '#' . $element_info[$element_id]['range_max']; } else { if (!empty($element_info[$element_id]['range_max'])) { $rules[$element_name]['max_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_max']; } else { if (!empty($element_info[$element_id]['range_min'])) { $rules[$element_name]['min_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min']; } } } } else { if (!empty($user_input[$element_name]) && $element_info[$element_id]['range_limit_by'] == 'v') { if (!empty($element_info[$element_id]['range_max']) && !empty($element_info[$element_id]['range_min'])) { $rules[$element_name]['range_value'] = $element_info[$element_id]['range_min'] . '#' . $element_info[$element_id]['range_max']; } else { if (!empty($element_info[$element_id]['range_max'])) { $rules[$element_name]['max_value'] = $element_info[$element_id]['range_max']; } else { if (!empty($element_info[$element_id]['range_min'])) { $rules[$element_name]['min_value'] = $element_info[$element_id]['range_min']; } } } } } $target_input[$element_name] = $element_data; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($element_data); //prepare data for table column $table_data[$element_name] = $element_data; //if the user removed the number, set the value to null if ($table_data[$element_name] == "") { $table_data[$element_name] = null; } } elseif ('url' == $element_type) { //Website if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; } if ($element_info[$element_id]['is_unique']) { $rules[$element_name]['unique'] = $form_id . '#' . $element_name; $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } $rules[$element_name]['website'] = true; if ($element_data == 'http://') { $element_data = ''; } $target_input[$element_name] = $element_data; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($element_data); //prepare data for table column $table_data[$element_name] = $element_data; } elseif ('email' == $element_type) { //Email if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; } if ($element_info[$element_id]['is_unique']) { $rules[$element_name]['unique'] = $form_id . '#' . $element_name; $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } $rules[$element_name]['email'] = true; $target_input[$element_name] = $element_data; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($element_data); //prepare data for table column $table_data[$element_name] = $element_data; } elseif ('simple_name' == $element_type) { //Simple Name if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) { continue; } //compound element, grab the other element, 2 elements total $element_name_2 = substr($element_name, 0, -1) . '2'; $processed_elements[] = $element_name_2; //put this element into array so that it won't be processed on next loop if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; $rules[$element_name_2]['required'] = true; } $target_input[$element_name] = $user_input[$element_name]; $target_input[$element_name_2] = $user_input[$element_name_2]; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]); //prepare data for table column $table_data[$element_name] = $user_input[$element_name]; $table_data[$element_name_2] = $user_input[$element_name_2]; } elseif ('simple_name_wmiddle' == $element_type) { //Simple Name with Middle if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) { continue; } //compound element, grab the other elements, 3 elements total $element_name_2 = substr($element_name, 0, -1) . '2'; $element_name_3 = substr($element_name, 0, -1) . '3'; $processed_elements[] = $element_name_2; //put this element into array so that it won't be processed on next loop $processed_elements[] = $element_name_3; if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; $rules[$element_name_2]['required'] = true; $rules[$element_name_3]['required'] = true; } $target_input[$element_name] = $user_input[$element_name]; $target_input[$element_name_2] = $user_input[$element_name_2]; $target_input[$element_name_3] = $user_input[$element_name_3]; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]); $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]); //prepare data for table column $table_data[$element_name] = $user_input[$element_name]; $table_data[$element_name_2] = $user_input[$element_name_2]; $table_data[$element_name_3] = $user_input[$element_name_3]; } elseif ('name' == $element_type) { //Name - Extended if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) { continue; } //compound element, grab the other element, 4 elements total //only element no 2&3 matters (first and last name) $element_name_2 = substr($element_name, 0, -1) . '2'; $element_name_3 = substr($element_name, 0, -1) . '3'; $element_name_4 = substr($element_name, 0, -1) . '4'; $processed_elements[] = $element_name_2; //put this element into array so that it won't be processed next $processed_elements[] = $element_name_3; $processed_elements[] = $element_name_4; if ($element_info[$element_id]['is_required']) { $rules[$element_name_2]['required'] = true; $rules[$element_name_3]['required'] = true; } $target_input[$element_name_2] = $user_input[$element_name_2]; $target_input[$element_name_3] = $user_input[$element_name_3]; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]); $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]); $form_data[$element_name_4]['default_value'] = htmlspecialchars($user_input[$element_name_4]); //prepare data for table column $table_data[$element_name] = $user_input[$element_name]; $table_data[$element_name_2] = $user_input[$element_name_2]; $table_data[$element_name_3] = $user_input[$element_name_3]; $table_data[$element_name_4] = $user_input[$element_name_4]; } elseif ('name_wmiddle' == $element_type) { //Name - Extended, with Middle if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) { continue; } //compound element, grab the other element, 5 elements total //only element no 2,3,4 matters (first, middle, last name) $element_name_2 = substr($element_name, 0, -1) . '2'; $element_name_3 = substr($element_name, 0, -1) . '3'; $element_name_4 = substr($element_name, 0, -1) . '4'; $element_name_5 = substr($element_name, 0, -1) . '5'; $processed_elements[] = $element_name_2; //put this element into array so that it won't be processed next $processed_elements[] = $element_name_3; $processed_elements[] = $element_name_4; $processed_elements[] = $element_name_5; if ($element_info[$element_id]['is_required']) { $rules[$element_name_2]['required'] = true; $rules[$element_name_3]['required'] = true; $rules[$element_name_4]['required'] = true; } $target_input[$element_name_2] = $user_input[$element_name_2]; $target_input[$element_name_3] = $user_input[$element_name_3]; $target_input[$element_name_4] = $user_input[$element_name_4]; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]); $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]); $form_data[$element_name_4]['default_value'] = htmlspecialchars($user_input[$element_name_4]); $form_data[$element_name_5]['default_value'] = htmlspecialchars($user_input[$element_name_5]); //prepare data for table column $table_data[$element_name] = $user_input[$element_name]; $table_data[$element_name_2] = $user_input[$element_name_2]; $table_data[$element_name_3] = $user_input[$element_name_3]; $table_data[$element_name_4] = $user_input[$element_name_4]; $table_data[$element_name_5] = $user_input[$element_name_5]; } elseif ('time' == $element_type) { //Time if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) { continue; } //compound element, grab the other element, 4 elements total $element_name_2 = substr($element_name, 0, -1) . '2'; $element_name_3 = substr($element_name, 0, -1) . '3'; $element_name_4 = substr($element_name, 0, -1) . '4'; $processed_elements[] = $element_name_2; //put this element into array so that it won't be processed next $processed_elements[] = $element_name_3; $processed_elements[] = $element_name_4; if ($element_info[$element_id]['is_required']) { $rules[$element_name_2]['required'] = true; $rules[$element_name_3]['required'] = true; if (empty($element_info[$element_id]['time_24hour'])) { $rules[$element_name_4]['required'] = true; } } //check time validity if any of the compound field entered $time_entry_exist = false; if (!empty($user_input[$element_name]) || !empty($user_input[$element_name_2]) || !empty($user_input[$element_name_3])) { $rules['element_time']['time'] = true; $time_entry_exist = true; } //for backward compatibility with machform v2 and beyond if ($element_info[$element_id]['constraint'] == 'show_seconds') { $element_info[$element_id]['time_showsecond'] = 1; } if ($time_entry_exist && empty($element_info[$element_id]['time_showsecond'])) { $user_input[$element_name_3] = '00'; } if ($element_info[$element_id]['is_unique']) { $rules['element_time_no_meridiem']['unique'] = $form_id . '#' . substr($element_name, 0, -2); //to check uniquenes we need to use 24 hours HH:MM:SS format $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } $target_input[$element_name_2] = $user_input[$element_name_2]; $target_input[$element_name_3] = $user_input[$element_name_3]; $target_input[$element_name_4] = $user_input[$element_name_4]; if ($time_entry_exist) { $target_input['element_time'] = trim($user_input[$element_name] . ':' . $user_input[$element_name_2] . ':' . $user_input[$element_name_3] . ' ' . $user_input[$element_name_4]); $target_input['element_time_no_meridiem'] = @date("G:i:s", strtotime($target_input['element_time'])); } $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]); $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]); $form_data[$element_name_4]['default_value'] = htmlspecialchars($user_input[$element_name_4]); //prepare data for table column $table_data[substr($element_name, 0, -2)] = @$target_input['element_time_no_meridiem']; } elseif ('address' == $element_type) { //Address if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) { continue; } //compound element, grab the other element, 6 elements total, element #2 (address line 2) is optional $element_name_2 = substr($element_name, 0, -1) . '2'; $element_name_3 = substr($element_name, 0, -1) . '3'; $element_name_4 = substr($element_name, 0, -1) . '4'; $element_name_5 = substr($element_name, 0, -1) . '5'; $element_name_6 = substr($element_name, 0, -1) . '6'; $processed_elements[] = $element_name_2; //put this element into array so that it won't be processed next $processed_elements[] = $element_name_3; $processed_elements[] = $element_name_4; $processed_elements[] = $element_name_5; $processed_elements[] = $element_name_6; if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; $rules[$element_name_3]['required'] = true; $rules[$element_name_4]['required'] = true; $rules[$element_name_5]['required'] = true; $rules[$element_name_6]['required'] = true; } $target_input[$element_name] = $user_input[$element_name]; $target_input[$element_name_3] = $user_input[$element_name_3]; $target_input[$element_name_4] = $user_input[$element_name_4]; $target_input[$element_name_5] = $user_input[$element_name_5]; $target_input[$element_name_6] = $user_input[$element_name_6]; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]); $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]); $form_data[$element_name_4]['default_value'] = htmlspecialchars($user_input[$element_name_4]); $form_data[$element_name_5]['default_value'] = htmlspecialchars($user_input[$element_name_5]); $form_data[$element_name_6]['default_value'] = htmlspecialchars($user_input[$element_name_6]); //prepare data for table column $table_data[$element_name] = $user_input[$element_name]; $table_data[$element_name_2] = $user_input[$element_name_2]; $table_data[$element_name_3] = $user_input[$element_name_3]; $table_data[$element_name_4] = $user_input[$element_name_4]; $table_data[$element_name_5] = $user_input[$element_name_5]; $table_data[$element_name_6] = $user_input[$element_name_6]; } elseif ('money' == $element_type) { //Price if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) { continue; } //compound element, grab the other element, 2 elements total (for currency other than yen) if ($element_info[$element_id]['constraint'] != 'yen') { //if other than yen $base_element_name = substr($element_name, 0, -1); $element_name_2 = $base_element_name . '2'; $processed_elements[] = $element_name_2; if ($element_info[$element_id]['is_required']) { $rules[$base_element_name]['required'] = true; } //check for numeric if not empty if (!empty($user_input[$element_name]) || !empty($user_input[$element_name_2])) { $rules[$base_element_name]['numeric'] = true; } if ($element_info[$element_id]['is_unique']) { $rules[$base_element_name]['unique'] = $form_id . '#' . substr($element_name, 0, -2); $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } $target_input[$base_element_name] = $user_input[$element_name] . '.' . $user_input[$element_name_2]; //join dollar+cent if ($target_input[$base_element_name] == '.') { $target_input[$base_element_name] = ''; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]); //prepare data for table column if (!empty($user_input[$element_name]) || !empty($user_input[$element_name_2]) || $user_input[$element_name] === '0' || $user_input[$element_name_2] === '0') { $table_data[substr($element_name, 0, -2)] = $user_input[$element_name] . '.' . $user_input[$element_name_2]; } //if the user removed the number, set the value to null if ($user_input[$element_name] == "" && $user_input[$element_name_2] == "") { $table_data[substr($element_name, 0, -2)] = null; } } else { if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; } //check for numeric if not empty if (!empty($user_input[$element_name])) { $rules[$element_name]['numeric'] = true; } if ($element_info[$element_id]['is_unique']) { $rules[$element_name]['unique'] = $form_id . '#' . $element_name; $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } $target_input[$element_name] = $user_input[$element_name]; //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); //prepare data for table column $table_data[$element_name] = $user_input[$element_name]; //if the user removed the number, set the value to null if ($table_data[$element_name] == "") { $table_data[$element_name] = null; } } $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } } elseif ('checkbox' == $element_type) { //Checkboxes if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) { continue; } $all_child_array = array(); $all_child_array = $checkbox_childs[$element_id]; $base_element_name = 'element_' . $element_id . '_'; if (!empty($element_info[$element_id]['choice_has_other'])) { $all_checkbox_value = $input[$base_element_name . 'other']; //save old data into array, for form redisplay in case errors occured $form_data[$base_element_name . 'other']['default_value'] = $input[$base_element_name . 'other']; $table_data[$base_element_name . 'other'] = $input[$base_element_name . 'other']; } else { $all_checkbox_value = ''; } if ($element_info[$element_id]['is_required']) { //checking 'required' for checkboxes is more complex //we need to get total child, and join it into one element //only one element is required to be checked foreach ($all_child_array as $i) { $all_checkbox_value .= $user_input[$base_element_name . $i]; $processed_elements[] = $base_element_name . $i; //save old data into array, for form redisplay in case errors occured $form_data[$base_element_name . $i]['default_value'] = $user_input[$base_element_name . $i]; //prepare data for table column $table_data[$base_element_name . $i] = $user_input[$base_element_name . $i]; } $rules[$base_element_name]['required'] = true; $target_input[$base_element_name] = $all_checkbox_value; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { if ($is_matrix_field && !empty($matrix_childs_array[$element_id])) { $error_elements[$matrix_childs_array[$element_id]] = $validation_result; } else { $error_elements[$element_id] = $validation_result; } } } else { //if not required, we only need to capture all data foreach ($all_child_array as $i) { //save old data into array, for form redisplay in case errors occured $form_data[$base_element_name . $i]['default_value'] = $user_input[$base_element_name . $i]; //prepare data for table column $table_data[$base_element_name . $i] = $user_input[$base_element_name . $i]; } } } elseif ('select' == $element_type) { //Drop Down if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; } $target_input[$element_name] = $element_data; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = $user_input[$element_name]; //prepare data for table column $table_data[$element_name] = $user_input[$element_name]; } elseif ('date' == $element_type || 'europe_date' == $element_type) { //Date if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) { continue; } //compound element, grab the other element, 3 elements total $element_name_2 = substr($element_name, 0, -1) . '2'; $element_name_3 = substr($element_name, 0, -1) . '3'; $processed_elements[] = $element_name_2; //put this element into array so that it won't be processed next $processed_elements[] = $element_name_3; if (!empty($element_info[$element_id]['is_required'])) { $rules[$element_name]['required'] = true; $rules[$element_name_2]['required'] = true; $rules[$element_name_3]['required'] = true; } $rules['element_date']['date'] = 'yyyy/mm/dd'; if (!empty($element_info[$element_id]['is_unique'])) { $rules['element_date']['unique'] = $form_id . '#' . substr($element_name, 0, -2); $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } if (!empty($element_info[$element_id]['date_enable_range'])) { if (!empty($element_info[$element_id]['date_range_max']) || !empty($element_info[$element_id]['date_range_min'])) { $rules['element_date']['date_range'] = $element_info[$element_id]['date_range_min'] . '#' . $element_info[$element_id]['date_range_max']; } } //disable past/future dates, if enabled. this rule override the date range rule being set above if (!empty($element_info[$element_id]['date_disable_past_future'])) { $today_date = date('Y-m-d', time()); if ($element_info[$element_id]['date_past_future'] == 'p') { //disable past dates $rules['element_date']['date_range'] = $today_date . '#0000-00-00'; } else { if ($element_info[$element_id]['date_past_future'] == 'f') { //disable future dates $rules['element_date']['date_range'] = '0000-00-00#' . $today_date; } } } //check for weekend dates rule if (!empty($element_info[$element_id]['date_disable_weekend'])) { $rules['element_date']['date_weekend'] = true; } //get disabled dates (either coming from 'date selection limit' or 'disable specific dates' rules) $disabled_dates = array(); //get disabled dates from 'date selection limit' rule if (!empty($element_info[$element_id]['date_enable_selection_limit']) && !empty($element_info[$element_id]['date_selection_max'])) { $sub_query = "select \r\n\t\t\t\t\t\t\t\t\t\tselected_date \r\n\t\t\t\t\t\t\t\t\tfrom (\r\n\t\t\t\t\t\t\t\t\t\t\tselect \r\n\t\t\t\t\t\t\t\t\t\t\t\t date_format(element_{$element_id},'%Y-%c-%e') as selected_date,\r\n\t\t\t\t\t\t\t\t\t\t\t\t count(element_{$element_id}) as total_selection \r\n\t\t\t\t\t\t\t\t\t\t from \r\n\t\t\t\t\t\t\t\t\t\t \t " . MF_TABLE_PREFIX . "form_{$form_id} \r\n\t\t\t\t\t\t\t\t\t\t where \r\n\t\t\t\t\t\t\t\t\t\t \t status=1 and element_{$element_id} is not null \r\n\t\t\t\t\t\t\t\t\t\t group by \r\n\t\t\t\t\t\t\t\t\t\t \t\t element_{$element_id}\r\n\t\t\t\t\t\t\t\t\t\t ) as A\r\n\t\t\t\t\t\t\t\t where \r\n\t\t\t\t\t\t\t\t\t\t A.total_selection >= ?"; $params = array($element_info[$element_id]['date_selection_max']); $sub_sth = mf_do_query($sub_query, $params, $dbh); while ($sub_row = mf_do_fetch_result($sub_sth)) { $disabled_dates[] = $sub_row['selected_date']; } } //get disabled dates from 'disable specific dates' rules if (!empty($element_info[$element_id]['date_disable_specific']) && !empty($element_info[$element_id]['date_disabled_list'])) { $exploded = array(); $exploded = explode(',', $element_info[$element_id]['date_disabled_list']); foreach ($exploded as $date_value) { $disabled_dates[] = date('Y-n-j', strtotime(trim($date_value))); } } if (!empty($disabled_dates)) { $rules['element_date']['disabled_dates'] = $disabled_dates; } $target_input[$element_name] = $user_input[$element_name]; $target_input[$element_name_2] = $user_input[$element_name_2]; $target_input[$element_name_3] = $user_input[$element_name_3]; $base_element_name = substr($element_name, 0, -2); if ('date' == $element_type) { //MM/DD/YYYY $target_input['element_date'] = $user_input[$element_name_3] . '-' . $user_input[$element_name] . '-' . $user_input[$element_name_2]; //prepare data for table column $table_data[$base_element_name] = $user_input[$element_name_3] . '-' . $user_input[$element_name] . '-' . $user_input[$element_name_2]; } else { //DD/MM/YYYY $target_input['element_date'] = $user_input[$element_name_3] . '-' . $user_input[$element_name_2] . '-' . $user_input[$element_name]; //prepare data for table column $table_data[$base_element_name] = $user_input[$element_name_3] . '-' . $user_input[$element_name_2] . '-' . $user_input[$element_name]; } $test_empty = str_replace('-', '', $target_input['element_date']); //if user not submitting any entry, remove the dashes if (empty($test_empty)) { unset($target_input['element_date']); $table_data[$base_element_name] = ''; } $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]); $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]); } elseif ('simple_phone' == $element_type) { //Simple Phone if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; } if (!empty($user_input[$element_name])) { $rules[$element_name]['simple_phone'] = true; } if ($element_info[$element_id]['is_unique']) { $rules[$element_name]['unique'] = $form_id . '#' . $element_name; $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } $target_input[$element_name] = $user_input[$element_name]; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); //prepare data for table column $table_data[$element_name] = $user_input[$element_name]; } elseif ('phone' == $element_type) { //Phone - US format if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) { continue; } //compound element, grab the other element, 3 elements total $element_name_2 = substr($element_name, 0, -1) . '2'; $element_name_3 = substr($element_name, 0, -1) . '3'; $processed_elements[] = $element_name_2; //put this element into array so that it won't be processed next $processed_elements[] = $element_name_3; if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; $rules[$element_name_2]['required'] = true; $rules[$element_name_3]['required'] = true; } $rules['element_phone']['phone'] = true; if ($element_info[$element_id]['is_unique']) { $rules['element_phone']['unique'] = $form_id . '#' . substr($element_name, 0, -2); $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } $target_input[$element_name] = $user_input[$element_name]; $target_input[$element_name_2] = $user_input[$element_name_2]; $target_input[$element_name_3] = $user_input[$element_name_3]; $target_input['element_phone'] = $user_input[$element_name] . $user_input[$element_name_2] . $user_input[$element_name_3]; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]); $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]); //prepare data for table column $table_data[substr($element_name, 0, -2)] = $user_input[$element_name] . $user_input[$element_name_2] . $user_input[$element_name_3]; } elseif ('email' == $element_type) { //Email if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required'] = true; } if ($element_info[$element_id]['is_unique']) { $rules[$element_name]['unique'] = $form_id . '#' . $element_name; $target_input['dbh'] = $dbh; //we need to pass the $dbh for this 'unique' rule } $rules[$element_name]['email'] = true; $target_input[$element_name] = $element_data; $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } //save old data into array, for form redisplay in case errors occured $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]); //prepare data for table column $table_data[$element_name] = $user_input[$element_name]; } elseif ('file' == $element_type) { //File $listfile_name = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/listfile_{$input[$element_name . '_token']}.php"; if (!file_exists($listfile_name)) { $check_filetype = false; if ($element_info[$element_id]['is_required']) { $rules[$element_name]['required_file'] = true; $rules[$element_name]['filetype'] = true; $check_filetype = true; //if form review enabled, and user pressed back button after going to review page //disable the required file checking if file already uploaded if (!empty($_SESSION['review_id'])) { if (!empty($element_info[$element_id]['existing_file'])) { unset($rules[$element_name]['required_file']); unset($rules[$element_name]['filetype']); $check_filetype = false; } } } else { if ($_FILES[$element_name]['size'] > 0) { $rules[$element_name]['filetype'] = true; $check_filetype = true; } } if ($check_filetype == true && !empty($element_info[$element_id]['file_enable_type_limit'])) { if ($element_info[$element_id]['file_block_or_allow'] == 'b') { //block file type $target_input['file_block_or_allow'] = 'b'; } elseif ($element_info[$element_id]['file_block_or_allow'] == 'a') { $target_input['file_block_or_allow'] = 'a'; } $target_input['file_type_list'] = $element_info[$element_id]['file_type_list']; } $target_input[$element_name] = $element_name; //special for file, only need to pass input name $validation_result = mf_validate_element($target_input, $rules); if ($validation_result !== true) { $error_elements[$element_id] = $validation_result; } else { //if validation passed, store uploaded file info into array if ($_FILES[$element_name]['size'] > 0) { $uploaded_files[] = $element_name; } } } else { //if files were uploaded using advance uploader //file type validation already done in upload.php, so we don't need to do validation again here //store uploaded file list into array $current_element_uploaded_files_advance = array(); $current_element_uploaded_files_advance = file($listfile_name, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); array_shift($current_element_uploaded_files_advance); //remove the first index of the array array_pop($current_element_uploaded_files_advance); //remove the last index of the array $uploaded_files_advance[$element_id]['listfile_name'] = $listfile_name; $uploaded_files_advance[$element_id]['listfile_content'] = $current_element_uploaded_files_advance; //save old token into array, for form redisplay in case errors occured $form_data[$element_name]['file_token'] = $input[$element_name . '_token']; } } } //get form redirect info, if any //get form properties data $query = "select \r\n\t\t\t\t\t\t form_redirect,\r\n\t\t\t\t\t\t form_redirect_enable,\r\n\t\t\t\t\t\t form_email,\r\n\t\t\t\t\t\t form_unique_ip,\r\n\t\t\t\t\t\t form_captcha,\r\n\t\t\t\t\t\t form_captcha_type,\r\n\t\t\t\t\t\t form_review,\r\n\t\t\t\t\t\t form_page_total,\r\n\t\t\t\t\t\t form_resume_enable,\r\n\t\t\t\t\t\t form_name,\r\n\t\t\t\t\t\t esl_enable,\r\n\t\t\t\t\t\t esl_from_name,\r\n\t\t\t\t\t\t esl_from_email_address,\r\n\t\t\t\t\t\t esl_subject,\r\n\t\t\t\t\t\t esl_content,\r\n\t\t\t\t\t\t esl_plain_text,\r\n\t\t\t\t\t\t esr_enable,\r\n\t\t\t\t\t\t esr_email_address,\r\n\t\t\t\t\t\t esr_from_name,\r\n\t\t\t\t\t\t esr_from_email_address,\r\n\t\t\t\t\t\t esr_subject,\r\n\t\t\t\t\t\t esr_content,\r\n\t\t\t\t\t\t esr_plain_text,\r\n\t\t\t\t\t\t payment_enable_merchant,\r\n\t\t\t\t\t\t payment_merchant_type,\r\n\t\t\t\t\t\t ifnull(payment_paypal_email,'') payment_paypal_email,\r\n\t\t\t\t\t\t payment_paypal_language,\r\n\t\t\t\t\t\t payment_currency,\r\n\t\t\t\t\t\t payment_show_total,\r\n\t\t\t\t\t\t payment_total_location,\r\n\t\t\t\t\t\t payment_enable_recurring,\r\n\t\t\t\t\t\t payment_recurring_cycle,\r\n\t\t\t\t\t\t payment_recurring_unit,\r\n\t\t\t\t\t\t payment_price_type,\r\n\t\t\t\t\t\t payment_price_amount,\r\n\t\t\t\t\t\t payment_price_name\r\n\t\t\t\t from \r\n\t\t\t\t \t `" . MF_TABLE_PREFIX . "forms` \r\n\t\t\t\t where \r\n\t\t\t\t \t form_id=?"; $params = array($form_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); if (!empty($row['form_redirect_enable'])) { $form_redirect = $row['form_redirect']; } $form_unique_ip = $row['form_unique_ip']; $form_email = $row['form_email']; $form_captcha = $row['form_captcha']; $form_captcha_type = $row['form_captcha_type']; $form_review = $row['form_review']; $form_page_total = $row['form_page_total']; $form_name = $row['form_name']; $user_ip_address = $_SERVER['REMOTE_ADDR']; $esl_enable = $row['esl_enable']; $esl_from_name = $row['esl_from_name']; $esl_from_email_address = $row['esl_from_email_address']; $esl_subject = $row['esl_subject']; $esl_content = $row['esl_content']; $esl_plain_text = $row['esl_plain_text']; $esr_enable = $row['esr_enable']; $esr_email_address = $row['esr_email_address']; $esr_from_name = $row['esr_from_name']; $esr_from_email_address = $row['esr_from_email_address']; $esr_subject = $row['esr_subject']; $esr_content = $row['esr_content']; $esr_plain_text = $row['esr_plain_text']; $payment_enable_merchant = (int) $row['payment_enable_merchant']; if ($payment_enable_merchant < 1) { $payment_enable_merchant = 0; } $payment_merchant_type = $row['payment_merchant_type']; $payment_paypal_email = $row['payment_paypal_email']; $payment_paypal_language = $row['payment_paypal_language']; $payment_currency = $row['payment_currency']; $payment_show_total = (int) $row['payment_show_total']; $payment_total_location = $row['payment_total_location']; $payment_enable_recurring = (int) $row['payment_enable_recurring']; $payment_recurring_cycle = (int) $row['payment_recurring_cycle']; $payment_recurring_unit = $row['payment_recurring_unit']; $payment_price_type = $row['payment_price_type']; $payment_price_amount = (double) $row['payment_price_amount']; $payment_price_name = $row['payment_price_name']; //if the user is saving a form to resume later, we need to discard all validation errors if (!empty($input['generate_resume_url']) && !empty($row['form_resume_enable']) && $form_page_total > 1) { $is_saving_form_resume = true; $error_elements = array(); } else { $is_saving_form_resume = false; } $process_result['form_redirect'] = $form_redirect; $process_result['old_values'] = $form_data; $process_result['error_elements'] = $error_elements; //check for ip address if (!empty($form_unique_ip)) { //if ip address checking enabled, compare user ip address with value in db $query = "select count(id) total_ip from `" . MF_TABLE_PREFIX . "form_{$form_id}` where ip_address=?"; $params = array($user_ip_address); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); if (!empty($row['total_ip'])) { $process_result['custom_error'] = 'Sorry, but this form is limited to one submission per user.'; } } //check for captcha if enabled and there is no errors from previous fields //on multipage form, captcha should be validated on the last page only if (!empty($form_captcha) && empty($error_elements)) { if ($form_page_total == 1 || $form_page_total == $page_number) { if ($form_captcha_type == 'i') { //if simple image captcha is being used if (!empty($_POST['captcha_response_field'])) { $captcha_response_field = trim($_POST['captcha_response_field']); if (PhpCaptcha::Validate($captcha_response_field) !== true) { $error_elements['element_captcha'] = 'incorrect-captcha-sol'; $process_result['error_elements'] = $error_elements; } } else { //user not entered the words at all $error_elements['element_captcha'] = 'el-required'; $process_result['error_elements'] = $error_elements; } } else { if ($form_captcha_type == 't') { //if simple text captcha is being used if (!empty($_POST['captcha_response_field'])) { $captcha_response_field = strtolower(trim($_POST['captcha_response_field'])); if ($captcha_response_field != strtolower($_SESSION['MF_TEXT_CAPTCHA_ANSWER'])) { $error_elements['element_captcha'] = 'incorrect-text-captcha-sol'; $process_result['error_elements'] = $error_elements; } else { unset($_SESSION['MF_TEXT_CAPTCHA_ANSWER']); } } else { //user not entered the words at all $error_elements['element_captcha'] = 'el-text-required'; $process_result['error_elements'] = $error_elements; } } else { if ($form_captcha_type == 'r') { //otherwise reCaptcha is being used if (!empty($_POST['recaptcha_response_field'])) { $recaptcha_response = recaptcha_check_answer(RECAPTCHA_PRIVATE_KEY, $user_ip_address, $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($recaptcha_response !== false) { //if false, then we can't connect to captcha server, bypass captcha checking if ($recaptcha_response->is_valid === false) { $error_elements['element_captcha'] = $recaptcha_response->error; $process_result['error_elements'] = $error_elements; } } } else { //user not entered the words at all $error_elements['element_captcha'] = 'el-required'; $process_result['error_elements'] = $error_elements; } } } } } } //insert ip address and date created $table_data['ip_address'] = $user_ip_address; $table_data['date_created'] = date("Y-m-d H:i:s"); $is_inserted = false; //start insert data into table ---------------------- //dynamically create the field list and field values, based on the input given if (!empty($table_data) && empty($error_elements) && empty($process_result['custom_error'])) { $has_value = false; $field_list = ''; $field_values = ''; foreach ($table_data as $key => $value) { if ($value == '') { //don't insert blank entry continue; } $field_list .= "`{$key}`,"; $field_values .= ":{$key},"; $params_table_data[':' . $key] = $value; if (!empty($value)) { $has_value = true; } } //add session_id to query if 'form review' enabled or this is multipage forms if (!empty($form_review) || $form_page_total > 1) { //save previously uploaded file list, so users don't need to reupload files //get all file uploads elements first $session_id = session_id(); $file_uploads_array = array(); $query = "SELECT \r\n\t\t\t\t\t\t\t\t\telement_id \r\n\t\t\t\t\t\t\t\tFROM \r\n\t\t\t\t\t\t\t\t\t" . MF_TABLE_PREFIX . "form_elements \r\n\t\t\t\t\t\t\t WHERE \r\n\t\t\t\t\t\t\t \t\tform_id=? AND \r\n\t\t\t\t\t\t\t \t\telement_type='file' AND \r\n\t\t\t\t\t\t\t \t\telement_is_private=0"; $params = array($form_id); $sth = mf_do_query($query, $params, $dbh); while ($row = mf_do_fetch_result($sth)) { $file_uploads_array[] = 'element_' . $row['element_id']; } $file_uploads_column = implode('`,`', $file_uploads_array); $file_uploads_column = '`' . $file_uploads_column . '`'; if (!empty($file_uploads_array)) { if (!empty($_SESSION['review_id'])) { //if this is single page form and has review enabled $query = "SELECT {$file_uploads_column} FROM `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where id=?"; $params = array($_SESSION['review_id']); } elseif ($form_page_total > 1) { //if this is multi page form $query = "SELECT {$file_uploads_column} FROM `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where session_id=?"; $params = array($session_id); } $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); foreach ($file_uploads_array as $element_name) { if (!empty($row[$element_name])) { $uploaded_file_lookup[$element_name] = $row[$element_name]; } } } //add session_id to query if 'form review' enabled $field_list .= "`session_id`,"; $field_values .= ":session_id,"; $params_table_data[':session_id'] = $session_id; } if ($has_value) { //if blank form submitted, dont insert anything //start insert query ---------------------------------------- $field_list = substr($field_list, 0, -1); $field_values = substr($field_values, 0, -1); if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) { //if this is edit_entry page submission, update the table $update_values = ''; $params_update = array(); unset($table_data['date_created']); $table_data['date_updated'] = date("Y-m-d H:i:s"); foreach ($table_data as $key => $value) { $update_values .= "`{$key}`=:{$key},"; $params_update[':' . $key] = $value; } $params_update[':id'] = $edit_id; $update_values = substr($update_values, 0, -1); $query = "UPDATE `" . MF_TABLE_PREFIX . "form_{$form_id}` set \r\n\t\t\t\t\t\t\t\t\t\t\t\t{$update_values}\r\n\t\t\t\t\t\t\t\t\t\t where \r\n\t\t\t\t\t\t\t\t\t \t \t\t`id`=:id;"; mf_do_query($query, $params_update, $dbh); $record_insert_id = $edit_id; } else { //insert to temporary table, if form review is enabled or this is multipage form if (!empty($form_review) || $form_page_total > 1) { if ($form_page_total > 1) { //if this is the first page and the first time being submitted, do insert table //otherwise, do update table $do_review_insert = false; if ($input['page_number'] == 1) { $session_id = session_id(); $query = "SELECT count(`id`) as total_row from " . MF_TABLE_PREFIX . "form_{$form_id}_review where session_id=?"; $params = array($session_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); if ($row['total_row'] == 0) { $do_review_insert = true; } } //if this is the first page, do insert if ($do_review_insert) { $query = "INSERT INTO `" . MF_TABLE_PREFIX . "form_{$form_id}_review` ({$field_list}) VALUES ({$field_values});"; mf_do_query($query, $params_table_data, $dbh); $record_insert_id = (int) $dbh->lastInsertId(); } else { //otherwise, do update //dynamically create the sql update string, based on the input given $update_values = ''; $params_update = array(); foreach ($table_data as $key => $value) { $update_values .= "`{$key}`=:{$key},"; $params_update[':' . $key] = $value; } $update_values = substr($update_values, 0, -1); $params_update[':session_id'] = $session_id; $query = "UPDATE `" . MF_TABLE_PREFIX . "form_{$form_id}_review` set \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$update_values}\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t where \r\n\t\t\t\t\t\t\t\t\t\t\t\t \t \t\tsession_id=:session_id;"; mf_do_query($query, $params_update, $dbh); $query = "SELECT `id` from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where session_id=?"; $params = array($session_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); $record_insert_id = $row['id']; //if this is the last page of the form, check if form review enabled or not //if enabled, simply get the record_insert_id and send it as review_id //otherwise, commit form review if ($input['page_number'] == $form_page_total && !empty($input['submit_primary']) && !$is_saving_form_resume) { if (!empty($form_review)) { //pass the current page number, so the user could go back from the preview page $process_result['origin_page_number'] = $input['page_number']; } else { $query = "SELECT `id` from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where session_id=?"; $params = array($session_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); $commit_options = array(); $commit_options['send_notification'] = false; $commit_result = mf_commit_form_review($dbh, $form_id, $row['id'], $commit_options); $record_insert_id = $commit_result['record_insert_id']; $is_committed = true; $_SESSION['mf_form_completed'][$form_id] = true; } } } } else { $query = "SELECT `id` from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where session_id=?"; $params = array($session_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); $record_insert_id = $row['id']; if (empty($record_insert_id)) { $query = "INSERT INTO `" . MF_TABLE_PREFIX . "form_{$form_id}_review` ({$field_list}) VALUES ({$field_values});"; mf_do_query($query, $params_table_data, $dbh); $record_insert_id = (int) $dbh->lastInsertId(); } else { $update_values = ''; $params_update = array(); foreach ($table_data as $key => $value) { $update_values .= "`{$key}`=:{$key},"; $params_update[':' . $key] = $value; } $params_update[':id'] = $record_insert_id; $update_values = substr($update_values, 0, -1); $query = "UPDATE `" . MF_TABLE_PREFIX . "form_{$form_id}_review` set \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$update_values}\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t where \r\n\t\t\t\t\t\t\t\t\t\t\t\t \t \t\t`id`=:id;"; mf_do_query($query, $params_update, $dbh); } } } else { $query = "INSERT INTO `" . MF_TABLE_PREFIX . "form_{$form_id}` ({$field_list}) VALUES ({$field_values});"; mf_do_query($query, $params_table_data, $dbh); $record_insert_id = (int) $dbh->lastInsertId(); } } //end insert query ------------------------------------------ $is_inserted = true; } } //end insert data into table ------------------------- //upload the files $write_to_permanent_file = false; $write_to_temporary_file = false; if ($is_inserted) { if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) { //if this ie edit_entry page, always write to permanent file $write_to_permanent_file = true; } else { if ($form_page_total <= 1) { //if this is single page form if (empty($form_review)) { //if review disabled, upload the files into permanent filename $write_to_permanent_file = true; } else { //if this single form has review enabled $write_to_temporary_file = true; } } else { //if this is multipage form if ($input['page_number'] == $form_page_total && !empty($input['submit_primary']) && $is_committed) { $write_to_permanent_file = true; } else { $write_to_temporary_file = true; } } } } if ($write_to_permanent_file === true) { //START writing into permanent file ------------------------ //within one form, it is possible to use a mix of standard file upload field and the advanced/ajax uploader //we need to be able processing both at the same time //if files were uploaded using standard file upload fields if (!empty($uploaded_files)) { foreach ($uploaded_files as $element_name) { $file_token = md5(uniqid(rand(), true)); //add random token to uploaded filename, to increase security //move file and check for invalid file $destination_file = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/{$element_name}_{$file_token}-{$record_insert_id}-{$_FILES[$element_name]['name']}"; if (move_uploaded_file($_FILES[$element_name]['tmp_name'], $destination_file)) { $query = "update " . MF_TABLE_PREFIX . "form_{$form_id} set {$element_name}=? where id=?"; $file_element = "{$element_name}_{$file_token}-{$record_insert_id}-{$_FILES[$element_name]['name']}"; $params = array($file_element, $record_insert_id); mf_do_query($query, $params, $dbh); } } } //if files were uploaded using advance uploader if (!empty($uploaded_files_advance)) { if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) { //if this is edit_entry, we need to get existing file records and merge the data with the new uploaded files $uploaded_element_names = array(); $uploaded_element_ids = array_keys($uploaded_files_advance); foreach ($uploaded_element_ids as $element_id) { $uploaded_element_names[] = 'element_' . $element_id; } $uploaded_element_names_joined = implode(',', $uploaded_element_names); $query = "SELECT {$uploaded_element_names_joined} from `" . MF_TABLE_PREFIX . "form_{$form_id}` where `id`=?"; $params = array($edit_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); $existing_files_data = array(); $multi_upload_info = array(); foreach ($uploaded_element_names as $element_name) { $existing_files_data[$element_name] = trim($row[$element_name]); $element_name_exploded = explode('_', $element_name); $multi_upload_info[$element_name] = $element_info[$element_name_exploded[1]]['file_enable_multi_upload']; } } //loop through each list foreach ($uploaded_files_advance as $element_id => $values) { $current_listfile_name = $values['listfile_name']; $current_listfile_content = $values['listfile_content']; $file_list_array = array(); foreach ($current_listfile_content as $tmp_filename_path) { $tmp_filename_only = basename($tmp_filename_path); $filename_value = substr($tmp_filename_only, strpos($tmp_filename_only, '-') + 1); $filename_value = str_replace('|', '', str_replace('.tmp', '', $filename_value)); $new_file_token = md5(uniqid(rand(), true)); //add random token to uploaded filename, to increase security $new_filename = "element_{$element_id}_{$new_file_token}-{$record_insert_id}-{$filename_value}"; $destination_filename = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/" . $new_filename; //remove tmp name and change it into permanent name //store all the permanent name into a variable if (file_exists($tmp_filename_path)) { rename($tmp_filename_path, $destination_filename); } $file_list_array[] = $new_filename; } //delete the listfile for the current element_id unlink($current_listfile_name); //update the table with the file name list if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) { //if this is edit_entry, we need to get existing file records and merge the data with the new uploaded files //which depends on the multi upload setting for each file upload field //if multi upload enabled, we need to merge the data. otherwise, replace the old data if (!empty($multi_upload_info['element_' . $element_id])) { //if multi upload enabled, merge the data $new_files_array = $file_list_array; if (!empty($existing_files_data['element_' . $element_id])) { $old_files_array = explode('|', $existing_files_data['element_' . $element_id]); $merged_files_array = array_merge($new_files_array, $old_files_array); $merged_files_array = array_unique($merged_files_array); } else { $merged_files_array = $new_files_array; } $file_list_joined[$element_id] = implode('|', $merged_files_array); } else { //replace the old data with the new file $file_list_joined[$element_id] = implode('|', $file_list_array); } } else { $file_list_joined[$element_id] = implode('|', $file_list_array); } } //update the table with the file name list $update_values = ''; $params_update = array(); foreach ($file_list_joined as $element_id => $file_joined) { $update_values .= "element_{$element_id}=:element_{$element_id},"; $params_update[':element_' . $element_id] = $file_joined; } $update_values = rtrim($update_values, ','); $params_update[':id'] = $record_insert_id; $query = "update " . MF_TABLE_PREFIX . "form_{$form_id} set {$update_values} where id=:id"; mf_do_query($query, $params_update, $dbh); } //END writing into permanent file ------------------------ } else { if ($write_to_temporary_file === true) { //START writing into temporary file ------------------------ //if files were uploaded using standard file upload fields if (!empty($uploaded_files)) { $record_review_id = session_id(); foreach ($uploaded_files as $element_name) { $file_token = md5(uniqid(rand(), true)); //add random token to uploaded filename, to increase security //move file and check for invalid file $destination_file = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/{$element_name}_{$file_token}-{$record_insert_id}-{$_FILES[$element_name]['name']}.tmp"; if (move_uploaded_file($_FILES[$element_name]['tmp_name'], $destination_file)) { $query = "update " . MF_TABLE_PREFIX . "form_{$form_id}_review set {$element_name}=? where session_id=?"; $file_element = "{$element_name}_{$file_token}-{$record_insert_id}-{$_FILES[$element_name]['name']}"; $params = array($file_element, $record_review_id); mf_do_query($query, $params, $dbh); } if (!empty($uploaded_file_lookup[$element_name])) { unset($uploaded_file_lookup[$element_name]); } } } //if files were uploaded using advance uploader if (!empty($uploaded_files_advance)) { //loop through each list foreach ($uploaded_files_advance as $element_id => $values) { $current_listfile_name = $values['listfile_name']; $current_listfile_content = $values['listfile_content']; $file_list_array = array(); foreach ($current_listfile_content as $tmp_filename_path) { $tmp_filename_only = basename($tmp_filename_path); $filename_value = substr($tmp_filename_only, strpos($tmp_filename_only, '-') + 1); $filename_value = str_replace('|', '', str_replace('.tmp', '', $filename_value)); $new_file_token = md5(uniqid(rand(), true)); //add random token to uploaded filename, to increase security $new_filename = "element_{$element_id}_{$new_file_token}-{$record_insert_id}-{$filename_value}"; $destination_filename = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/" . $new_filename . ".tmp"; //assign new temporary name, using new token and record id //store all the temporary name into a variable if (file_exists($tmp_filename_path)) { rename($tmp_filename_path, $destination_filename); } $file_list_array[] = $new_filename; } //delete the listfile for the current element_id unlink($current_listfile_name); //update the table with the file name list $file_list_joined[$element_id] = implode('|', $file_list_array); } //update the table with the file name list $update_values = ''; $params_update = array(); foreach ($file_list_joined as $element_id => $file_joined) { $update_values .= "element_{$element_id}=:element_{$element_id},"; $params_update[':element_' . $element_id] = $file_joined; } $update_values = rtrim($update_values, ','); $params_update[':id'] = $record_insert_id; $query = "update " . MF_TABLE_PREFIX . "form_{$form_id}_review set {$update_values} where id=:id"; mf_do_query($query, $params_update, $dbh); } //if the user goes to review page and then go back to the form page or navigate within multipage form, $uploaded_file_lookup will contain the list of the previously submitted files //if the multi upload option enabled, make sure to update the previouly uploaded file to the current record during form submit //when updating the table, make sure to MERGE existing data within the table and the new one //otherwise, if the multi upload is not enabled, we need to delete previous files and don't update the table with the old files data if (!empty($uploaded_file_lookup)) { //get the existing data within the table $uploaded_element_names = array_keys($uploaded_file_lookup); $uploaded_element_names_joined = implode(',', $uploaded_element_names); $query = "SELECT {$uploaded_element_names_joined} from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where `id`=?"; $params = array($record_insert_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); $existing_files_data = array(); $multi_upload_info = array(); foreach ($uploaded_element_names as $element_name) { $existing_files_data[$element_name] = $row[$element_name]; $element_name_exploded = explode('_', $element_name); $multi_upload_info[$element_name] = $element_info[$element_name_exploded[1]]['file_enable_multi_upload']; } //merge the data foreach ($uploaded_file_lookup as $element_name => $filename) { $new_files_array = array(); $old_files_array = array(); $new_files_array = explode('|', $filename); $old_files_array = explode('|', $existing_files_data[$element_name]); if (!empty($multi_upload_info[$element_name])) { //if multi upload enabled, merge the data $merged_files_array = array_merge($new_files_array, $old_files_array); $merged_files_array = array_unique($merged_files_array); } else { //otherwise, just use the new one $merged_files_array = $old_files_array; //delete the old files as well, if the files aren't the same with the new one if ($filename != $existing_files_data[$element_name]) { foreach ($new_files_array as $filename) { $filename = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/{$filename}.tmp"; if (file_exists($filename)) { unlink($filename); } } } } $merged_files_joined = implode('|', $merged_files_array); $merged_files_data[$element_name] = $merged_files_joined; } $update_clause = ''; foreach ($merged_files_data as $element_name => $filename) { $update_clause .= "`{$element_name}`='{$filename}',"; } $update_clause = rtrim($update_clause, ","); $query = "UPDATE `" . MF_TABLE_PREFIX . "form_{$form_id}_review` SET {$update_clause} WHERE id=?"; $params = array($record_insert_id); mf_do_query($query, $params, $dbh); } //END writing into temporary file ------------------------ } } //start sending notification email to admin ------------------------------------------ if ($is_inserted && !empty($esl_enable) && !empty($form_email) && empty($form_review) && $form_page_total == 1 || $is_inserted && !empty($esl_enable) && !empty($form_email) && $is_committed) { //get parameters for the email //from name if (!empty($esl_from_name)) { if (is_numeric($esl_from_name)) { $admin_email_param['from_name'] = '{element_' . $esl_from_name . '}'; } else { $admin_email_param['from_name'] = $esl_from_name; } } else { $admin_email_param['from_name'] = 'MachForm'; } //from email address if (!empty($esl_from_email_address)) { if (is_numeric($esl_from_email_address)) { $admin_email_param['from_email'] = '{element_' . $esl_from_email_address . '}'; } else { $admin_email_param['from_email'] = $esl_from_email_address; } } else { $domain = str_replace('www.', '', $_SERVER['SERVER_NAME']); $admin_email_param['from_email'] = "no-reply@{$domain}"; } //subject if (!empty($esl_subject)) { $admin_email_param['subject'] = $esl_subject; } else { $admin_email_param['subject'] = '{form_name} [#{entry_no}]'; } //content if (!empty($esl_content)) { $admin_email_param['content'] = $esl_content; } else { $admin_email_param['content'] = '{entry_data}'; } $admin_email_param['as_plain_text'] = $esl_plain_text; $admin_email_param['target_is_admin'] = true; $admin_email_param['machform_base_path'] = $input['machform_base_path']; mf_send_notification($dbh, $form_id, $record_insert_id, $form_email, $admin_email_param); } //end emailing notifications to admin ---------------------------------------------- //start sending notification email to user ------------------------------------------ if ($is_inserted && !empty($esr_enable) && !empty($esr_email_address) && empty($form_review) && $form_page_total == 1 || $is_inserted && !empty($esr_enable) && !empty($esr_email_address) && $is_committed) { //get parameters for the email //to email if (is_numeric($esr_email_address)) { $esr_email_address = '{element_' . $esr_email_address . '}'; } //from name if (!empty($esr_from_name)) { if (is_numeric($esr_from_name)) { $user_email_param['from_name'] = '{element_' . $esr_from_name . '}'; } else { $user_email_param['from_name'] = $esr_from_name; } } else { $user_email_param['from_name'] = 'MachForm'; } //from email address if (!empty($esr_from_email_address)) { if (is_numeric($esr_from_email_address)) { $user_email_param['from_email'] = '{element_' . $esr_from_email_address . '}'; } else { $user_email_param['from_email'] = $esr_from_email_address; } } else { $domain = str_replace('www.', '', $_SERVER['SERVER_NAME']); $user_email_param['from_email'] = "no-reply@{$domain}"; } //subject if (!empty($esr_subject)) { $user_email_param['subject'] = $esr_subject; } else { $user_email_param['subject'] = '{form_name} - Receipt'; } //content if (!empty($esr_content)) { $user_email_param['content'] = $esr_content; } else { $user_email_param['content'] = '{entry_data}'; } $user_email_param['as_plain_text'] = $esr_plain_text; $user_email_param['target_is_admin'] = false; mf_send_notification($dbh, $form_id, $record_insert_id, $esr_email_address, $user_email_param); } //end emailing notifications to user --------------------------------------------- //if there is no error message or elements, send true as status if (empty($error_elements) && empty($process_result['custom_error'])) { $process_result['status'] = true; if ($form_page_total > 1) { //if this is multipage form $_SESSION['mf_form_loaded'][$form_id][$page_number] = true; if ($is_saving_form_resume) { //if the user is saving his progress instead of submitting the form //copy the record from review table into main form table and set the status to incomplete (status=2) //also generate resume url $has_invalid_resume_email = false; //validate the email address first, if the user entered invalid email address, display error message if (!empty($input['element_resume_email'])) { $regex = '/^[A-z0-9][\\w.-]*@[A-z0-9][\\w\\-\\.]+\\.[A-z0-9]{2,6}$/'; $resume_email = trim($input['element_resume_email']); $preg_result = preg_match($regex, $resume_email); if (empty($preg_result)) { $has_invalid_resume_email = true; $error_elements['element_resume_email'] = $mf_lang['val_email']; $process_result['status'] = false; $process_result['error_elements'] = $error_elements; $process_result['old_values']['element_resume_email'] = $input['element_resume_email']; } } if (!$has_invalid_resume_email) { $form_resume_key = substr(strtolower(md5(uniqid(rand(), true))), 0, 10); //move data from ap_form_x_review table to ap_form_x table //get all column name except session_id and id $query = "SELECT * FROM `" . MF_TABLE_PREFIX . "form_{$form_id}_review` WHERE session_id=?"; $params = array($session_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); $columns = array(); foreach ($row as $column_name => $column_data) { if ($column_name != 'id' && $column_name != 'session_id') { $columns[] = $column_name; } } $columns_joined = implode("`,`", $columns); $columns_joined = '`' . $columns_joined . '`'; $old_resume_key = $row['resume_key']; //copy data from review table $query = "INSERT INTO `" . MF_TABLE_PREFIX . "form_{$form_id}`({$columns_joined}) SELECT {$columns_joined} from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` WHERE session_id=?"; $params = array($session_id); mf_do_query($query, $params, $dbh); $new_record_id = (int) $dbh->lastInsertId(); $query = "UPDATE `" . MF_TABLE_PREFIX . "form_{$form_id}` set `status`=2,resume_key='{$form_resume_key}' where `id`=?"; $params = array($new_record_id); mf_do_query($query, $params, $dbh); //delete current entry within review table $query = "DELETE from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` WHERE session_id=?"; $params = array($session_id); mf_do_query($query, $params, $dbh); //delete old entries which saved previously if (!empty($old_resume_key)) { $query = "DELETE from `" . MF_TABLE_PREFIX . "form_{$form_id}` WHERE resume_key=? and status=2"; $params = array($old_resume_key); mf_do_query($query, $params, $dbh); } //pass form resume key $process_result['form_resume_key'] = $form_resume_key; //pass form resume url $ssl_suffix = mf_get_ssl_suffix(); $form_resume_url = "http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . mf_get_dirname($_SERVER['PHP_SELF']) . "/view.php?id={$form_id}&mf_resume={$form_resume_key}"; $process_result['form_resume_url'] = $form_resume_url; if (!empty($resume_email)) { //send the resume link to the provided email mf_send_resume_link($dbh, $form_name, $form_resume_url, $resume_email); } } } else { //get the next page number and send it //don't send page number if this is already the last page, unless back button being clicked if ($input['page_number'] < $form_page_total) { if (!empty($input['submit_primary']) || !empty($input['submit_primary_x'])) { $process_result['next_page_number'] = $page_number + 1; } elseif (!empty($input['submit_secondary']) || !empty($input['submit_secondary_x'])) { $process_result['next_page_number'] = $page_number - 1; } else { $process_result['next_page_number'] = $page_number + 1; } } else { //if this is the last page if (!empty($input['submit_primary']) || !empty($input['submit_primary_x'])) { if (!empty($form_review)) { $process_result['review_id'] = $record_insert_id; } } elseif (!empty($input['submit_secondary']) || !empty($input['submit_secondary_x'])) { $process_result['next_page_number'] = $page_number - 1; } else { if (!empty($form_review)) { $process_result['review_id'] = $record_insert_id; } } } } } else { //if this is single page form //if 'form review' enabled, send review_id if (!empty($form_review)) { $process_result['review_id'] = $record_insert_id; } else { //form submitted successfully, set the session to display success page $_SESSION['mf_form_completed'][$form_id] = true; } } } else { $process_result['status'] = false; } //get payment processor URL, if applicable for this form if ($process_result['status'] === true) { $merchant_redirect_url = mf_get_merchant_redirect_url($dbh, $form_id, $record_insert_id); if (!empty($merchant_redirect_url)) { $process_result['form_redirect'] = $merchant_redirect_url; } } return $process_result; }
function mf_display_form_payment($dbh, $form_id, $record_id, $form_params = array()) { global $mf_lang; if (!empty($form_params['integration_method'])) { $integration_method = $form_params['integration_method']; } else { $integration_method = ''; } if (!empty($form_params['machform_path'])) { $machform_path = $form_params['machform_path']; } else { $machform_path = ''; } if (!empty($form_params['machform_data_path'])) { $machform_data_path = $form_params['machform_data_path']; } else { $machform_data_path = ''; } //check permission to access this page if ($_SESSION['mf_form_payment_access'][$form_id] !== true) { return "Your session has been expired. Please <a href='view.php?id={$form_id}'>click here</a> to start again."; } $mf_settings = mf_get_settings($dbh); //get form properties data $query = "select \r\n\t\t\t\t\t\t form_name,\r\n\t\t\t\t\t\t form_has_css,\r\n\t\t\t\t\t\t form_redirect,\r\n\t\t\t\t\t\t form_language,\r\n\t\t\t\t\t\t form_review,\r\n\t\t\t\t\t\t form_review_primary_text,\r\n\t\t\t\t\t\t form_review_secondary_text,\r\n\t\t\t\t\t\t form_review_primary_img,\r\n\t\t\t\t\t\t form_review_secondary_img,\r\n\t\t\t\t\t\t form_review_use_image,\r\n\t\t\t\t\t\t form_review_title,\r\n\t\t\t\t\t\t form_review_description,\r\n\t\t\t\t\t\t form_resume_enable,\r\n\t\t\t\t\t\t form_page_total,\r\n\t\t\t\t\t\t form_lastpage_title,\r\n\t\t\t\t\t\t form_pagination_type,\r\n\t\t\t\t\t\t form_theme_id,\r\n\t\t\t\t\t\t payment_show_total,\r\n\t\t\t\t\t\t payment_total_location,\r\n\t\t\t\t\t\t payment_enable_merchant,\r\n\t\t\t\t\t\t payment_merchant_type,\r\n\t\t\t\t\t\t payment_currency,\r\n\t\t\t\t\t\t payment_price_type,\r\n\t\t\t\t\t\t payment_price_name,\r\n\t\t\t\t\t\t payment_price_amount,\r\n\t\t\t\t\t\t payment_ask_billing,\r\n\t\t\t\t\t\t payment_ask_shipping,\r\n\t\t\t\t\t\t payment_stripe_live_public_key,\r\n\t\t\t\t\t\t payment_stripe_test_public_key,\r\n\t\t\t\t\t\t payment_stripe_enable_test_mode,\r\n\t\t\t\t\t\t payment_enable_recurring,\r\n\t\t\t\t\t\t payment_recurring_cycle,\r\n\t\t\t\t\t\t payment_recurring_unit,\r\n\t\t\t\t\t\t payment_enable_trial,\r\n\t\t\t\t\t\t payment_trial_period,\r\n\t\t\t\t\t\t payment_trial_unit,\r\n\t\t\t\t\t\t payment_trial_amount,\r\n\t\t\t\t\t\t payment_delay_notifications\r\n\t\t\t\t from \r\n\t\t\t\t \t " . MF_TABLE_PREFIX . "forms \r\n\t\t\t\t where \r\n\t\t\t\t \t form_id=?"; $params = array($form_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); $form_language = $row['form_language']; if (!empty($form_language)) { mf_set_language($form_language); } $form_payment_title = $mf_lang['form_payment_title']; $form_payment_description = $mf_lang['form_payment_description']; $form_has_css = $row['form_has_css']; $form_redirect = $row['form_redirect']; $form_review = (int) $row['form_review']; $form_review_primary_text = $row['form_review_primary_text']; $form_review_secondary_text = $row['form_review_secondary_text']; $form_review_primary_img = $row['form_review_primary_img']; $form_review_secondary_img = $row['form_review_secondary_img']; $form_review_use_image = (int) $row['form_review_use_image']; $form_review_title = $row['form_review_title']; $form_review_description = $row['form_review_description']; $form_page_total = (int) $row['form_page_total']; $form_lastpage_title = $row['form_lastpage_title']; $form_pagination_type = $row['form_pagination_type']; $form_name = htmlspecialchars($row['form_name'], ENT_QUOTES); $form_theme_id = $row['form_theme_id']; $form_resume_enable = (int) $row['form_resume_enable']; $payment_show_total = (int) $row['payment_show_total']; $payment_total_location = $row['payment_total_location']; $payment_enable_merchant = (int) $row['payment_enable_merchant']; if ($payment_enable_merchant < 1) { $payment_enable_merchant = 0; } $payment_currency = $row['payment_currency']; $payment_price_type = $row['payment_price_type']; $payment_price_amount = $row['payment_price_amount']; $payment_price_name = htmlspecialchars($row['payment_price_name'], ENT_QUOTES); $payment_ask_billing = (int) $row['payment_ask_billing']; $payment_ask_shipping = (int) $row['payment_ask_shipping']; $payment_merchant_type = $row['payment_merchant_type']; $payment_stripe_enable_test_mode = (int) $row['payment_stripe_enable_test_mode']; $payment_stripe_live_public_key = trim($row['payment_stripe_live_public_key']); $payment_stripe_test_public_key = trim($row['payment_stripe_test_public_key']); $payment_enable_recurring = (int) $row['payment_enable_recurring']; $payment_recurring_cycle = (int) $row['payment_recurring_cycle']; $payment_recurring_unit = $row['payment_recurring_unit']; $payment_enable_trial = (int) $row['payment_enable_trial']; $payment_trial_period = (int) $row['payment_trial_period']; $payment_trial_unit = $row['payment_trial_unit']; $payment_trial_amount = (double) $row['payment_trial_amount']; $payment_delay_notifications = (int) $row['payment_delay_notifications']; //check for specific form css, if any, use it instead if ($form_has_css) { $css_dir = $mf_settings['data_dir'] . "/form_{$form_id}/css/"; } if ($integration_method == 'iframe') { $embed_class = 'class="embed"'; } //get total payment $currency_symbol = '$'; if ($payment_price_type == 'variable') { $total_payment_amount = (double) mf_get_payment_total($dbh, $form_id, $record_id, 0, 'live'); $payment_items = mf_get_payment_items($dbh, $form_id, $record_id, 'live'); //build the payment list markup $payment_list_items_markup = ''; if (!empty($payment_items)) { foreach ($payment_items as $item) { if ($item['type'] == 'money') { $payment_list_items_markup .= "<li>{$item['title']} <span>{$currency_symbol}{$item['amount']}</span></li>" . "\n"; } else { if ($item['type'] == 'checkbox') { $payment_list_items_markup .= "<li>{$item['sub_title']} <span>{$currency_symbol}{$item['amount']}</span></li>" . "\n"; } else { if ($item['type'] == 'select' || $item['type'] == 'radio') { $payment_list_items_markup .= "<li>{$item['title']} <em>({$item['sub_title']})</em> <span>{$currency_symbol}{$item['amount']}</span></li>" . "\n"; } } } } } } else { if ($payment_price_type == 'fixed') { $total_payment_amount = $payment_price_amount; $payment_list_items_markup = "<li>{$payment_price_name}</li>"; } } //construct payment terms if (!empty($payment_enable_recurring)) { $payment_plurals = ''; if ($payment_recurring_cycle > 1) { $payment_plurals = 's'; $payment_recurring_cycle_markup = $payment_recurring_cycle . ' '; } if (!empty($payment_enable_trial)) { //recurring with trial period $payment_trial_price = $currency_symbol . $payment_trial_amount; if (empty($payment_trial_amount)) { $payment_trial_price = 'free'; } $payment_trial_plurals = ''; if ($payment_trial_period > 1) { $payment_trial_plurals = 's'; } $payment_term_markup = <<<EOT \t\t\t\t\t<li class="payment_summary_term"> \t\t\t\t\t\t<em>Trial period: {$payment_trial_period} {$payment_trial_unit}{$payment_trial_plurals} ({$payment_trial_price})</em><br> \t\t\t\t\t\t<em>Then you will be charged {$currency_symbol}{$total_payment_amount} every {$payment_recurring_cycle_markup}{$payment_recurring_unit}{$payment_plurals}</em> \t\t\t\t\t</li> EOT; } else { $payment_term_markup = "<li class=\"payment_summary_term\"><em>You will be charged {$currency_symbol}{$total_payment_amount} every {$payment_recurring_cycle_markup}{$payment_recurring_unit}{$payment_plurals}</em></li>"; } } //if the form has multiple pages //display the pagination header if ($form_page_total > 1) { //build pagination header based on the selected type. possible values: //steps - display multi steps progress //percentage - display progress bar with percentage //disabled - disabled $page_breaks_data = array(); $page_title_array = array(); //get page titles $query = "SELECT \r\n\t\t\t\t\t\t\telement_page_title\r\n\t\t\t\t\t\tFROM \r\n\t\t\t\t\t\t\t" . MF_TABLE_PREFIX . "form_elements\r\n\t\t\t\t\t WHERE\r\n\t\t\t\t\t\t\tform_id = ? and element_status = 1 and element_type = 'page_break'\r\n\t\t\t\t\tORDER BY \r\n\t\t\t\t\t \t\telement_page_number asc"; $params = array($form_id); $sth = mf_do_query($query, $params, $dbh); while ($row = mf_do_fetch_result($sth)) { $page_title_array[] = $row['element_page_title']; } if ($form_pagination_type == 'steps') { $page_titles_markup = ''; $i = 1; foreach ($page_title_array as $page_title) { $page_titles_markup .= '<td align="center"><span id="page_num_' . $i . '" class="ap_tp_num">' . $i . '</span><span id="page_title_' . $i . '" class="ap_tp_text">' . $page_title . '</span></td><td align="center" class="ap_tp_arrow">></td>' . "\n"; $i++; } //add the last page title into the pagination header markup $page_titles_markup .= '<td align="center"><span id="page_num_' . $i . '" class="ap_tp_num">' . $i . '</span><span id="page_title_' . $i . '" class="ap_tp_text">' . $form_lastpage_title . '</span></td>'; if (!empty($form_review)) { $i++; $page_titles_markup .= '<td align="center" class="ap_tp_arrow">></td><td align="center"><span id="page_num_' . $i . '" class="ap_tp_num">' . $i . '</span><span id="page_title_' . $i . '" class="ap_tp_text">' . $form_review_title . '</span></td>'; } $i++; $page_titles_markup .= '<td align="center" class="ap_tp_arrow">></td><td align="center"><span id="page_num_' . $i . '" class="ap_tp_num ap_tp_num_active">' . $i . '</span><span id="page_title_' . $i . '" class="ap_tp_text ap_tp_text_active">' . $mf_lang['form_payment_header_title'] . '</span></td>'; $pagination_header = <<<EOT \t\t\t<ul> \t\t\t<li id="pagination_header" class="li_pagination"> \t\t\t <table class="ap_table_pagination" width="100%" border="0" cellspacing="0" cellpadding="0"> \t\t\t <tr> \t\t\t \t{$page_titles_markup} \t\t\t </tr> \t\t\t</table> \t\t\t</li> \t\t\t</ul> EOT; } else { if ($form_pagination_type == 'percentage') { $page_total = count($page_title_array) + 2; if (!empty($form_review)) { $page_total++; } $percent_value = 99; $page_number_title = sprintf($mf_lang['page_title'], $page_total, $page_total); $pagination_header = <<<EOT \t\t\t<ul> \t\t\t\t<li id="pagination_header" class="li_pagination" title="Click to edit"> \t\t\t <h3 id="page_title_{$page_total}">{$page_number_title}</h3> \t\t\t\t<div class="mf_progress_container"> \t\t\t \t<div id="mf_progress_percentage" class="mf_progress_value" style="width: {$percent_value}%"><span>{$percent_value}%</span></div> \t\t\t\t</div> \t\t\t\t</li> \t\t\t</ul> EOT; } else { $pagination_header = ''; } } } //build the button markup $button_markup = <<<EOT <input id="btn_submit_payment" class="button_text btn_primary" type="submit" data-originallabel="{$mf_lang['payment_submit_button']}" value="{$mf_lang['payment_submit_button']}" /> EOT; //if this form is using custom theme if (!empty($form_theme_id)) { //get the field highlight color for the particular theme $query = "SELECT \r\n\t\t\t\t\t\t\thighlight_bg_type,\r\n\t\t\t\t\t\t\thighlight_bg_color,\r\n\t\t\t\t\t\t\tform_shadow_style,\r\n\t\t\t\t\t\t\tform_shadow_size,\r\n\t\t\t\t\t\t\tform_shadow_brightness,\r\n\t\t\t\t\t\t\tform_button_type,\r\n\t\t\t\t\t\t\tform_button_text,\r\n\t\t\t\t\t\t\tform_button_image,\r\n\t\t\t\t\t\t\ttheme_has_css \r\n\t\t\t\t\t\tFROM \r\n\t\t\t\t\t\t\t" . MF_TABLE_PREFIX . "form_themes \r\n\t\t\t\t\t WHERE \r\n\t\t\t\t\t \t\ttheme_id = ?"; $params = array($form_theme_id); $sth = mf_do_query($query, $params, $dbh); $row = mf_do_fetch_result($sth); $form_shadow_style = $row['form_shadow_style']; $form_shadow_size = $row['form_shadow_size']; $form_shadow_brightness = $row['form_shadow_brightness']; $theme_has_css = (int) $row['theme_has_css']; //if the theme has css file, make sure to refer to that file //otherwise, generate the css dynamically if (!empty($theme_has_css)) { $theme_css_link = '<link rel="stylesheet" type="text/css" href="' . $machform_path . $mf_settings['data_dir'] . '/themes/theme_' . $form_theme_id . '.css" media="all" />'; } else { $theme_css_link = '<link rel="stylesheet" type="text/css" href="' . $machform_path . 'css_theme.php?theme_id=' . $form_theme_id . '" media="all" />'; } if ($row['highlight_bg_type'] == 'color') { $field_highlight_color = $row['highlight_bg_color']; } else { //if the field highlight is using pattern instead of color, set the color to empty string $field_highlight_color = ''; } //get the css link for the fonts $font_css_markup = mf_theme_get_fonts_link($dbh, $form_theme_id); //get the form shadow classes if (!empty($form_shadow_style) && $form_shadow_style != 'disabled') { preg_match_all("/[A-Z]/", $form_shadow_style, $prefix_matches); //this regex simply get the capital characters of the shadow style name //example: RightPerspectiveShadow result to RPS and then being sliced to RP $form_shadow_prefix_code = substr(implode("", $prefix_matches[0]), 0, -1); $form_shadow_size_class = $form_shadow_prefix_code . ucfirst($form_shadow_size); $form_shadow_brightness_class = $form_shadow_prefix_code . ucfirst($form_shadow_brightness); if (empty($integration_method)) { //only display shadow if the form is not being embedded using any method $form_container_class = $form_shadow_style . ' ' . $form_shadow_size_class . ' ' . $form_shadow_brightness_class; } } } else { //if the form doesn't have any theme being applied $field_highlight_color = '#FFF7C0'; if (empty($integration_method)) { $form_container_class = 'WarpShadow WLarge WNormal'; //default shadow } else { $form_container_class = ''; //dont show any shadow when the form being embedded } } if (empty($mf_settings['disable_machform_link'])) { $powered_by_markup = 'Powered by <a href="http://www.appnitro.com" target="_blank">MachForm</a>'; } else { $powered_by_markup = ''; } $self_address = htmlentities($_SERVER['PHP_SELF']); //prevent XSS $country = mf_get_country_list(); $country_markup = '<option value="" selected="selected"></option>' . "\n"; foreach ($country as $data) { $country_markup .= "<option value=\"{$data['value']}\">{$data['label']}</option>\n"; } $billing_address_markup = ''; if (!empty($payment_ask_billing)) { $billing_address_markup = <<<EOT \t\t\t\t<li id="li_billing_address" class="address"> \t\t\t\t\t<label class="description">Billing Address <span class="required">*</span></label> \t\t\t\t\t<div> \t\t\t\t\t\t<span id="li_billing_span_1"> \t\t\t\t\t\t\t<input id="billing_street" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="billing_street">{$mf_lang['address_street']}</label> \t\t\t\t\t\t</span> \t\t\t\t\t \t\t\t\t\t\t<span id="li_billing_span_2" class="left state_list"> \t\t\t\t\t\t\t<input id="billing_city" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="billing_city">{$mf_lang['address_city']}</label> \t\t\t\t\t\t</span> \t\t\t\t\t \t\t\t\t\t\t<span id="li_billing_span_3" class="right state_list"> \t\t\t\t\t\t\t<input id="billing_state" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="billing_state">{$mf_lang['address_state']}</label> \t\t\t\t\t\t</span> \t\t\t\t\t \t\t\t\t\t\t<span id="li_billing_span_4" class="left"> \t\t\t\t\t\t\t<input id="billing_zipcode" class="element text large" maxlength="15" value="{$default_value_5}" type="text" /> \t\t\t\t\t\t\t<label for="billing_zipcode">{$mf_lang['address_zip']}</label> \t\t\t\t\t\t</span> \t\t\t\t\t\t \t\t\t\t\t\t<span id="li_billing_span_5" class="right"> \t\t\t\t\t\t\t<select class="element select large" id="billing_country"> \t\t\t\t\t\t\t\t{$country_markup}\t \t\t\t\t\t\t\t</select> \t\t\t\t\t\t<label for="billing_country">{$mf_lang['address_country']}</label> \t\t\t\t\t </span> \t\t\t\t </div><p id="billing_error_message" class="error" style="display: none"></p> \t\t\t\t</li> EOT; } $shipping_address_markup = ''; if (!empty($payment_ask_shipping)) { $shipping_address_markup = <<<EOT \t\t\t\t<li id="li_shipping_address" class="address"> \t\t\t\t\t<label class="description shipping_address_detail" style="display: none">Shipping Address <span class="required">*</span></label> \t\t\t\t\t<div class="shipping_address_detail" style="display: none"> \t\t\t\t\t\t<span id="li_shipping_span_1"> \t\t\t\t\t\t\t<input id="shipping_street" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="shipping_street">{$mf_lang['address_street']}</label> \t\t\t\t\t\t</span> \t\t\t\t\t \t\t\t\t\t\t<span id="li_shipping_span_2" class="left state_list"> \t\t\t\t\t\t\t<input id="shipping_city" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="shipping_city">{$mf_lang['address_city']}</label> \t\t\t\t\t\t</span> \t\t\t\t\t \t\t\t\t\t\t<span id="li_shipping_span_3" class="right state_list"> \t\t\t\t\t\t\t<input id="shipping_state" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="shipping_state">{$mf_lang['address_state']}</label> \t\t\t\t\t\t</span> \t\t\t\t\t \t\t\t\t\t\t<span id="li_shipping_span_4" class="left"> \t\t\t\t\t\t\t<input id="shipping_zipcode" class="element text large" maxlength="15" value="{$default_value_5}" type="text" /> \t\t\t\t\t\t\t<label for="shipping_zipcode">{$mf_lang['address_zip']}</label> \t\t\t\t\t\t</span> \t\t\t\t\t\t \t\t\t\t\t\t<span id="li_shipping_span_5" class="right"> \t\t\t\t\t\t\t<select class="element select large" id="shipping_country"> \t\t\t\t\t\t\t\t{$country_markup}\t \t\t\t\t\t\t\t</select> \t\t\t\t\t\t<label for="shipping_country">{$mf_lang['address_country']}</label> \t\t\t\t\t </span> \t\t\t\t\t <p id="shipping_error_message" class="error" style="display: none"></p> \t\t\t\t </div> \t\t\t\t <div> \t\t\t\t\t <input type="checkbox" value="1" checked="checked" class="checkbox" id="mf_same_shipping_address"> \t\t\t\t\t\t<label for="mf_same_shipping_address" class="choice">My shipping address is the same as my billing address</label> \t\t\t\t\t</div> \t\t\t\t</li> EOT; } if ($payment_merchant_type == 'stripe') { if (!empty($payment_stripe_enable_test_mode)) { $stripe_public_key = $payment_stripe_test_public_key; } else { $stripe_public_key = $payment_stripe_live_public_key; } $stripe_js = <<<EOT <script type="text/javascript" src="https://js.stripe.com/v1/"></script> <script type="text/javascript"> \tStripe.setPublishableKey('{$stripe_public_key}'); </script> <script type="text/javascript" src="{$machform_path}js/payment_stripe.js"></script> EOT; } $ssl_suffix = mf_get_ssl_suffix(); $jquery_url = 'http' . $ssl_suffix . '://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js'; $current_year = date("Y"); $year_dropdown_markup = ''; foreach (range($current_year, $current_year + 15) as $year) { $year_dropdown_markup .= "<option value=\"{$year}\">{$year}</option>" . "\n"; } if ($integration_method == 'php') { $form_markup = <<<EOT <link rel="stylesheet" type="text/css" href="{$machform_path}{$css_dir}view.css" media="all" /> <link rel="stylesheet" type="text/css" href="{$machform_path}view.mobile.css" media="all" /> {$theme_css_link} {$font_css_markup} <script type="text/javascript" src="{$jquery_url}"></script> <script type="text/javascript" src="{$machform_path}js/jquery-ui/ui/jquery.effects.core.js"></script> <script type="text/javascript" src="{$machform_path}view.js"></script> {$stripe_js} <style> html{ \tbackground: none repeat scroll 0 0 transparent; } </style> <div id="main_body" class="integrated no_guidelines" data-machformpath="{$machform_path}"> \t<div id="form_container"> \t\t<form id="form_{$form_id}" class="appnitro" method="post" action="javascript:" data-highlightcolor="{$field_highlight_color}"> \t\t <div class="form_description"> \t\t\t\t<h2>{$form_payment_title}</h2> \t\t\t\t<p>{$form_payment_description}</p> \t\t\t</div> \t\t\t{$pagination_header} \t\t\t \t\t\t<ul class="payment_summary"> \t\t\t\t<li class="payment_summary_amount total_payment" data-basetotal="{$total_payment_amount}"> \t\t\t\t\t<span> \t\t\t\t\t\t<h3>{$currency_symbol}<var>0</var></h3> \t\t\t\t\t\t<h5>{$mf_lang['payment_total']}</h5> \t\t\t\t\t</span> \t\t\t\t</li> \t\t\t\t<li class="payment_summary_list"> \t\t\t\t\t<ul class="payment_list_items"> \t\t\t\t\t\t{$payment_list_items_markup} \t\t\t\t\t</ul> \t\t\t\t</li> \t\t\t\t{$payment_term_markup} \t\t\t</ul> \t\t\t<ul class="payment_detail_form"> \t\t\t\t<li id="error_message" style="display: none"> \t\t\t\t\t\t<h3 id="error_message_title">{$mf_lang['error_title']}</h3> \t\t\t\t\t\t<p id="error_message_desc">{$mf_lang['error_desc']}</p> \t\t\t\t</li>\t \t\t\t\t<li id="li_accepted_cards"> \t\t\t\t\t<img src="{$machform_path}images/cards/visa.png" alt="Visa" title="Visa" /> \t\t\t\t\t<img src="{$machform_path}images/cards/mastercard.png" alt="MasterCard" title="MasterCard" /> \t\t\t\t\t<img src="{$machform_path}images/cards/amex.png" alt="American Express" title="American Express" /> \t\t\t\t\t<img src="{$machform_path}images/cards/jcb.png" alt="JCB" title="JCB" /> \t\t\t\t\t<img src="{$machform_path}images/cards/discover.png" alt="Discover" title="Discover" /> \t\t\t\t\t<img src="{$machform_path}images/cards/diners.png" alt="Diners Club" title="Diners Club" /> \t\t\t\t</li> \t\t\t\t<li id="li_credit_card" class="credit_card"> \t\t\t\t\t<label class="description">Credit Card <span class="required">*</span></label> \t\t\t\t\t<div> \t\t\t\t\t\t<span id="li_cc_span_1" class="left"> \t\t\t\t\t\t\t<input id="cc_first_name" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="cc_first_name">First Name</label> \t\t\t\t\t\t</span> \t\t\t\t\t \t\t\t\t\t\t<span id="li_cc_span_2" class="right"> \t\t\t\t\t\t\t<input id="cc_last_name" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="cc_last_name">Last Name</label> \t\t\t\t\t\t</span> \t\t\t\t\t\t<span id="li_cc_span_3" class="left"> \t\t\t\t\t\t\t<input id="cc_number" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="cc_number">Credit Card Number</label> \t\t\t\t\t\t</span> \t\t\t\t\t \t\t\t\t\t\t<span id="li_cc_span_4" class="right"> \t\t\t\t\t\t\t<input id="cc_cvv" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="cc_cvv">CVV</label> \t\t\t\t\t\t</span> \t\t\t\t\t\t<span id="li_cc_span_5" style="text-align: right"> \t\t\t\t\t\t\t<img id="cc_secure_icon" src="{$machform_path}images/icons/lock.png" alt="Secure" title="Secure" /> \t\t\t\t\t\t\t<label for="cc_expiry_month" style="display: inline">Expiration: </label> \t\t\t\t\t\t\t<select class="element select" id="cc_expiry_month"> \t\t\t\t\t\t\t\t<option value="01">01 - January</option> \t\t\t\t\t\t\t\t<option value="02">02 - February</option> \t\t\t\t\t\t\t\t<option value="03">03 - March</option> \t\t\t\t\t\t\t\t<option value="04">04 - April</option> \t\t\t\t\t\t\t\t<option value="05">05 - May</option> \t\t\t\t\t\t\t\t<option value="06">06 - June</option> \t\t\t\t\t\t\t\t<option value="07">07 - July</option> \t\t\t\t\t\t\t\t<option value="08">08 - August</option> \t\t\t\t\t\t\t\t<option value="09">09 - September</option> \t\t\t\t\t\t\t\t<option value="10">10 - October</option> \t\t\t\t\t\t\t\t<option value="11">11 - November</option> \t\t\t\t\t\t\t\t<option value="12">12 - December</option> \t\t\t\t\t\t\t</select> \t\t\t\t\t\t\t<select class="element select" id="cc_expiry_year"> \t\t\t\t\t\t\t\t{$year_dropdown_markup} \t\t\t\t\t\t\t</select> \t\t\t\t\t\t</span> \t\t\t\t\t</div><p id="credit_card_error_message" class="error" style="display: none"></p> \t\t\t\t</li> \t\t\t\t<li id="li_2" class="section_break"> \t\t\t\t</li> \t\t\t\t{$billing_address_markup} \t\t\t\t{$shipping_address_markup} \t\t\t\t<li id="li_buttons" class="buttons"> \t\t\t\t\t<input type="hidden" id="form_id" value="{$form_id}" /> \t\t\t\t {$button_markup} \t\t\t\t <img id="mf_payment_loader_img" style="display: none" src="{$machform_path}images/loader_small_grey.gif" /> \t\t\t\t</li> \t\t\t</ul> \t\t</form>\t\t \t\t<form id="form_payment_redirect" method="post" action="{$self_address}"> \t\t\t<input type="hidden" id="form_id_redirect" name="form_id_redirect" value="{$form_id}" /> \t\t</form>\t\t \t</div> </div> EOT; } else { if ($integration_method == 'iframe') { $auto_height_js = <<<EOT <script type="text/javascript" src="{$machform_path}js/jquery.ba-postmessage.min.js"></script> <script type="text/javascript"> \$(function(){ \t\$.postMessage({mf_iframe_height: \$('body').outerHeight(true)}, '*', parent ); }); </script> EOT; } $form_markup = <<<EOT <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html {$embed_class} xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <title>{$form_name}</title> <link rel="stylesheet" type="text/css" href="{$machform_path}{$css_dir}view.css" media="all" /> <link rel="stylesheet" type="text/css" href="{$machform_path}view.mobile.css" media="all" /> {$theme_css_link} {$font_css_markup} <script type="text/javascript" src="{$jquery_url}"></script> <script type="text/javascript" src="{$machform_path}js/jquery-ui/ui/jquery.effects.core.js"></script> <script type="text/javascript" src="{$machform_path}view.js"></script> {$stripe_js} {$auto_height_js} </head> <body id="main_body" class="no_guidelines" data-machformpath="{$machform_path}"> \t \t<img id="top" src="{$machform_path}images/top.png" alt="" /> \t<div id="form_container" class="{$form_container_class}"> \t \t\t<h1><a>MachForm</a></h1> \t\t<form id="form_{$form_id}" class="appnitro" method="post" action="javascript:" data-highlightcolor="{$field_highlight_color}"> \t\t <div class="form_description"> \t\t\t\t<h2>{$form_payment_title}</h2> \t\t\t\t<p>{$form_payment_description}</p> \t\t\t</div> \t\t\t{$pagination_header} \t\t\t \t\t\t<ul class="payment_summary"> \t\t\t\t<li class="payment_summary_amount total_payment" data-basetotal="{$total_payment_amount}"> \t\t\t\t\t<span> \t\t\t\t\t\t<h3>{$currency_symbol}<var>0</var></h3> \t\t\t\t\t\t<h5>{$mf_lang['payment_total']}</h5> \t\t\t\t\t</span> \t\t\t\t</li> \t\t\t\t<li class="payment_summary_list"> \t\t\t\t\t<ul class="payment_list_items"> \t\t\t\t\t\t{$payment_list_items_markup} \t\t\t\t\t</ul> \t\t\t\t</li> \t\t\t\t{$payment_term_markup} \t\t\t</ul> \t\t\t<ul class="payment_detail_form"> \t\t\t\t<li id="error_message" style="display: none"> \t\t\t\t\t\t<h3 id="error_message_title">{$mf_lang['error_title']}</h3> \t\t\t\t\t\t<p id="error_message_desc">{$mf_lang['error_desc']}</p> \t\t\t\t</li>\t \t\t\t\t<li id="li_accepted_cards"> \t\t\t\t\t<img src="{$machform_path}images/cards/visa.png" alt="Visa" title="Visa" /> \t\t\t\t\t<img src="{$machform_path}images/cards/mastercard.png" alt="MasterCard" title="MasterCard" /> \t\t\t\t\t<img src="{$machform_path}images/cards/amex.png" alt="American Express" title="American Express" /> \t\t\t\t\t<img src="{$machform_path}images/cards/jcb.png" alt="JCB" title="JCB" /> \t\t\t\t\t<img src="{$machform_path}images/cards/discover.png" alt="Discover" title="Discover" /> \t\t\t\t\t<img src="{$machform_path}images/cards/diners.png" alt="Diners Club" title="Diners Club" /> \t\t\t\t</li> \t\t\t\t<li id="li_credit_card" class="credit_card"> \t\t\t\t\t<label class="description">Credit Card <span class="required">*</span></label> \t\t\t\t\t<div> \t\t\t\t\t\t<span id="li_cc_span_1" class="left"> \t\t\t\t\t\t\t<input id="cc_first_name" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="cc_first_name">First Name</label> \t\t\t\t\t\t</span> \t\t\t\t\t \t\t\t\t\t\t<span id="li_cc_span_2" class="right"> \t\t\t\t\t\t\t<input id="cc_last_name" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="cc_last_name">Last Name</label> \t\t\t\t\t\t</span> \t\t\t\t\t\t<span id="li_cc_span_3" class="left"> \t\t\t\t\t\t\t<input id="cc_number" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="cc_number">Credit Card Number</label> \t\t\t\t\t\t</span> \t\t\t\t\t \t\t\t\t\t\t<span id="li_cc_span_4" class="right"> \t\t\t\t\t\t\t<input id="cc_cvv" class="element text large" value="" type="text" /> \t\t\t\t\t\t\t<label for="cc_cvv">CVV</label> \t\t\t\t\t\t</span> \t\t\t\t\t\t<span id="li_cc_span_5" style="text-align: right"> \t\t\t\t\t\t\t<img id="cc_secure_icon" src="{$machform_path}images/icons/lock.png" alt="Secure" title="Secure" /> \t\t\t\t\t\t\t<label for="cc_expiry_month" style="display: inline">Expiration: </label> \t\t\t\t\t\t\t<select class="element select" id="cc_expiry_month"> \t\t\t\t\t\t\t\t<option value="01">01 - January</option> \t\t\t\t\t\t\t\t<option value="02">02 - February</option> \t\t\t\t\t\t\t\t<option value="03">03 - March</option> \t\t\t\t\t\t\t\t<option value="04">04 - April</option> \t\t\t\t\t\t\t\t<option value="05">05 - May</option> \t\t\t\t\t\t\t\t<option value="06">06 - June</option> \t\t\t\t\t\t\t\t<option value="07">07 - July</option> \t\t\t\t\t\t\t\t<option value="08">08 - August</option> \t\t\t\t\t\t\t\t<option value="09">09 - September</option> \t\t\t\t\t\t\t\t<option value="10">10 - October</option> \t\t\t\t\t\t\t\t<option value="11">11 - November</option> \t\t\t\t\t\t\t\t<option value="12">12 - December</option> \t\t\t\t\t\t\t</select> \t\t\t\t\t\t\t<select class="element select" id="cc_expiry_year"> \t\t\t\t\t\t\t\t{$year_dropdown_markup} \t\t\t\t\t\t\t</select> \t\t\t\t\t\t</span> \t\t\t\t\t</div><p id="credit_card_error_message" class="error" style="display: none"></p> \t\t\t\t</li> \t\t\t\t<li id="li_2" class="section_break"> \t\t\t\t</li> \t\t\t\t{$billing_address_markup} \t\t\t\t{$shipping_address_markup} \t\t\t\t<li id="li_buttons" class="buttons"> \t\t\t\t\t<input type="hidden" id="form_id" value="{$form_id}" /> \t\t\t\t {$button_markup} \t\t\t\t <img id="mf_payment_loader_img" style="display: none" src="{$machform_path}images/loader_small_grey.gif" /> \t\t\t\t</li> \t\t\t</ul> \t\t</form>\t\t \t\t<form id="form_payment_redirect" method="post" action="{$self_address}"> \t\t\t<input type="hidden" id="form_id_redirect" name="form_id_redirect" value="{$form_id}" /> \t\t</form>\t \t</div> \t<img id="bottom" src="{$machform_path}images/bottom.png" alt="" /> \t</body> </html> EOT; } return $form_markup; }
function display_machform($config) { $form_id = $config['form_id']; $show_border = $config['show_border']; $machform_path = $config['base_path']; $machform_data_path = ''; if ($show_border === true) { $integration_method = ''; } else { $integration_method = 'php'; } //start session if there isn't any if (session_id() == "") { @session_start(); } $dbh = mf_connect_db(); if (mf_is_form_submitted()) { //if form submitted $input_array = mf_sanitize($_POST); $input_array['machform_data_path'] = $machform_data_path; $input_array['machform_base_path'] = $machform_path; $submit_result = mf_process_form($dbh, $input_array); if (!isset($input_array['password'])) { //if normal form submitted if ($submit_result['status'] === true) { if (!empty($submit_result['form_resume_url'])) { //the user saving a form, display success page with the resume URL $_SESSION['mf_form_resume_url'][$input_array['form_id']] = $submit_result['form_resume_url']; if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?done=1'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&done=1'</script>"; } exit; } else { if ($submit_result['logic_page_enable'] === true) { //the page has skip logic enable and a custom destination page has been set $target_page_id = $submit_result['target_page_id']; if (is_numeric($target_page_id)) { if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?mf_page={$target_page_id}'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&mf_page={$target_page_id}'</script>"; } exit; } else { if ($target_page_id == 'payment') { //allow access to payment page $_SESSION['mf_form_payment_access'][$input_array['form_id']] = true; $_SESSION['mf_payment_record_id'][$input_array['form_id']] = $submit_result['entry_id']; if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_payment=1'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_payment=1'</script>"; } exit; } else { if ($target_page_id == 'review') { if (!empty($submit_result['origin_page_number'])) { $page_num_params = '&mf_page_from=' . $submit_result['origin_page_number']; } $_SESSION['review_id'] = $submit_result['review_id']; if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_review=1{$page_num_params}'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_review=1{$page_num_params}'</script>"; } exit; } else { if ($target_page_id == 'success') { //redirect to success page if (empty($submit_result['form_redirect'])) { if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?done=1'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&done=1'</script>"; } exit; } else { echo "<script type=\"text/javascript\">top.location = '{$submit_result['form_redirect']}'</script>"; exit; } } } } } } else { if (!empty($submit_result['review_id'])) { //redirect to review page if (!empty($submit_result['origin_page_number'])) { $page_num_params = '&mf_page_from=' . $submit_result['origin_page_number']; } $_SESSION['review_id'] = $submit_result['review_id']; if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_review=1{$page_num_params}'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_review=1{$page_num_params}'</script>"; } exit; } else { $ssl_suffix = mf_get_ssl_suffix(); if (!empty($submit_result['next_page_number'])) { //redirect to the next page number $_SESSION['mf_form_access'][$input_array['form_id']][$submit_result['next_page_number']] = true; echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&mf_page={$submit_result['next_page_number']}'</script>"; exit; } else { //otherwise display success message or redirect to the custom redirect URL or payment page if (mf_is_payment_has_value($dbh, $input_array['form_id'], $submit_result['entry_id'])) { //redirect to credit card payment page, if the merchant is being enabled and the amount is not zero //allow access to payment page $_SESSION['mf_form_payment_access'][$input_array['form_id']] = true; $_SESSION['mf_payment_record_id'][$input_array['form_id']] = $submit_result['entry_id']; if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_payment=1'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_payment=1'</script>"; } exit; } else { if (empty($submit_result['form_redirect'])) { if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?done=1'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&done=1'</script>"; } exit; } else { echo "<script type=\"text/javascript\">top.location = '{$submit_result['form_redirect']}'</script>"; exit; } } } } } } } else { if ($submit_result['status'] === false) { //there are errors, display the form again with the errors $old_values = $submit_result['old_values']; $custom_error = @$submit_result['custom_error']; $error_elements = $submit_result['error_elements']; $form_params = array(); $form_params['page_number'] = $input_array['page_number']; $form_params['populated_values'] = $old_values; $form_params['error_elements'] = $error_elements; $form_params['custom_error'] = $custom_error; $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form($dbh, $input_array['form_id'], $form_params); } } } else { //if password form submitted if ($submit_result['status'] === true) { //on success, display the form $form_params = array(); $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form($dbh, $input_array['form_id'], $form_params); } else { $custom_error = $submit_result['custom_error']; //error, display the pasword form again $form_params = array(); $form_params['custom_error'] = $custom_error; $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form($dbh, $input_array['form_id'], $form_params); } } } else { if (!empty($_POST['review_submit']) || !empty($_POST['review_submit_x'])) { //if form review being submitted //commit data from review table to actual table //however, we need to check if this form has payment enabled or not //if the form doesn't have any payment enabled, continue with commit and redirect to success page $form_properties = mf_get_form_properties($dbh, $form_id, array('payment_enable_merchant', 'payment_delay_notifications', 'payment_merchant_type')); $ssl_suffix = mf_get_ssl_suffix(); $record_id = $_SESSION['review_id']; if ($form_properties['payment_enable_merchant'] != 1) { $commit_options = array(); $commit_options['machform_path'] = $machform_path; $commit_options['machform_data_path'] = $machform_data_path; $commit_result = mf_commit_form_review($dbh, $form_id, $record_id, $commit_options); unset($_SESSION['review_id']); if (empty($commit_result['form_redirect'])) { if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?done=1'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&done=1'</script>"; } exit; } else { echo "<script type=\"text/javascript\">top.location = '{$commit_result['form_redirect']}'</script>"; exit; } } else { //if the form has payment enabled, continue commit and redirect to payment page $commit_options = array(); //delay notifications only available on stripe if (!empty($form_properties['payment_delay_notifications']) && $form_properties['payment_merchant_type'] == 'stripe') { $commit_options['send_notification'] = false; } $commit_result = mf_commit_form_review($dbh, $form_id, $record_id, $commit_options); unset($_SESSION['review_id']); //allow access to payment page $_SESSION['mf_form_payment_access'][$form_id] = true; $_SESSION['mf_payment_record_id'][$form_id] = $commit_result['record_insert_id']; if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_payment=1'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_payment=1'</script>"; } exit; } } else { if (!empty($_POST['review_back']) || !empty($_POST['review_back_x'])) { //go back to form from review page $origin_page_num = (int) $_POST['mf_page_from']; $ssl_suffix = mf_get_ssl_suffix(); echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$form_id}&mf_page={$origin_page_num}'</script>"; exit; } else { if (!empty($_POST['form_id_redirect'])) { //form payment being submitted $paid_form_id = (int) trim($_POST['form_id_redirect']); if ($_SESSION['mf_payment_completed'][$paid_form_id] === true) { //when payment succeeded, $paid_form_id should contain the form id number $form_properties = mf_get_form_properties($dbh, $paid_form_id, array('form_redirect_enable', 'form_redirect', 'form_review', 'form_page_total', 'payment_delay_notifications')); //process any delayed notifications if (!empty($form_properties['payment_delay_notifications'])) { mf_process_delayed_notifications($dbh, $paid_form_id, $_SESSION['mf_payment_record_id'][$paid_form_id]); } //redirect to the default success page or the custom redirect URL being set on form properties if (!empty($form_properties['form_redirect_enable']) && !empty($form_properties['form_redirect'])) { echo "<script type=\"text/javascript\">top.location = '{$form_properties['form_redirect']}'</script>"; exit; } else { if (strpos($_SERVER['REQUEST_URI'], '?') === false) { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?done=1'</script>"; } else { echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&done=1'</script>"; } exit; } } else { $markup = 'You are not authorized to access this page.'; } } else { if (!empty($_GET['show_review'])) { //show review page if (empty($_SESSION['review_id'])) { die("Your session has been expired. Please start again."); } else { $record_id = $_SESSION['review_id']; } $from_page_num = (int) $_GET['mf_page_from']; if (empty($from_page_num)) { $form_page_num = 1; } $form_params = array(); $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form_review($dbh, $form_id, $record_id, $from_page_num, $form_params); } else { if (!empty($_GET['show_payment'])) { //show payment page $record_id = $_SESSION['mf_payment_record_id'][$form_id]; $form_params = array(); $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form_payment($dbh, $form_id, $record_id, $form_params); } else { $form_id = $form_id; $page_number = (int) trim($_GET['mf_page']); $page_number = mf_verify_page_access($form_id, $page_number); $resume_key = trim($_GET['mf_resume']); if (!empty($resume_key)) { $_SESSION['mf_form_resume_key'][$form_id] = $resume_key; } if (!empty($_GET['done']) && (!empty($_SESSION['mf_form_completed'][$form_id]) || !empty($_SESSION['mf_form_resume_url'][$form_id]))) { $form_params = array(); $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $markup = mf_display_success($dbh, $form_id, $form_params); } else { $form_params = array(); $form_params['page_number'] = $page_number; $form_params['integration_method'] = $integration_method; $form_params['machform_path'] = $machform_path; $form_params['machform_data_path'] = $machform_data_path; $markup = mf_display_form($dbh, $form_id, $form_params); } } } } } } } echo $markup; }