$mail->body = $cformsSettings['global']['cforms_style_doctype'] . $mail->eol . "<html xmlns=\"http://www.w3.org/1999/xhtml\">" . $mail->eol . "<head><title></title></head>" . $mail->eol . "<body {$cformsSettings['global']['cforms_style']['body']}>" . $cmsghtml . "</body></html>" . $mail->eol; $mail->body_alt = $cmsg; } else { $mail->body = $cmsg; } $sent = $mail->send(); } } if ($sent != '1') { $usermessage_text = __('Error occurred while sending the auto confirmation message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sent : $mail->ErrorInfo; } } ### redirect to a different page on suceess? if ($cformsSettings['form' . $no]['cforms' . $no . '_redirect'] && !$isWPcommentForm) { if (function_exists('my_cforms_logic')) { $rp = my_cforms_logic($trackf, $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'], 'redirection'); } else { $rp = $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page']; } if ($rp != '') { ?> <script type="text/javascript"> location.href = '<?php echo $rp; ?> '; </script> <?php } } } else {
function cf_move_files(&$trackf, $no, $subID) { global $cformsSettings, $file; $temp = explode('$#$', stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_upload_dir']))); $fileuploaddir = $temp[0]; $inSession = strpos($subID, 'xx') !== false; //if( !$inSession ) $subID_ = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $subID . '-'; $file2 = $file; $i = 0; $_SESSION['cforms']['upload'][$no]['doAttach'] = !$cformsSettings['form' . $no]['cforms' . $no . '_noattachments']; ### debug db("... in session={$inSession}, moving files on form {$no}, tracking ID={$subID_}"); if (is_array($file2) && isset($file2[tmp_name])) { foreach ($file2[tmp_name] as $tmpfile) { ### copy attachment to local server dir if (is_uploaded_file($tmpfile)) { $fileInfoArr = array('name' => str_replace(' ', '_', $file2['name'][$i]), 'path' => $fileuploaddir, 'subID' => $subID); if (function_exists('my_cforms_logic')) { $fileInfoArr = my_cforms_logic(&$trackf, $fileInfoArr, 'fileDestination'); } if (!array_key_exists('modified', $fileInfoArr)) { $fileInfoArr['name'] = $subID_ . $fileInfoArr['name']; } $destfile = $fileInfoArr['path'] . '/' . $fileInfoArr['name']; move_uploaded_file($tmpfile, $destfile); ### debug db(" {$tmpfile} -> {$destfile}"); $file[tmp_name][$i] = $destfile; if ($inSession) { $_SESSION['cforms']['upload'][$no]['files'][] = $destfile; } } $i++; } } }
function cforms($args = '', $no = '') { global $smtpsettings, $subID, $cforms_root, $wpdb, $track, $wp_db_version, $cformsSettings; parse_str($args, $r); $oldno = $no == '1' ? '' : $no; ### remeber old val, to reset session when in new MP form ##debug db("Original form on page #{$oldno}"); ### multi page form: overwrite $no $isWPcommentForm = substr($cformsSettings['form' . $oldno]['cforms' . $oldno . '_tellafriend'], 0, 1) == '2'; $isMPform = $cformsSettings['form' . $oldno]['cforms' . $oldno . '_mp']['mp_form']; $isTAF = substr($cformsSettings['form' . $oldno]['cforms' . $oldno . '_tellafriend'], 0, 1); ##debug db("Comment form = {$isWPcommentForm}"); db("Multi-page form = {$isMPform}"); if ($isMPform && is_array($_SESSION['cforms']) && $_SESSION['cforms']['current'] > 0 && !$isWPcommentForm) { $no = $_SESSION['cforms']['current']; } ### Safety, in case someone uses '1' for the default form $no = $no == '1' ? '' : $no; ##debug db("Switch to form #{$no}"); $moveBack = false; ### multi page form: reset button if (isset($_REQUEST['resetbutton' . $no]) && is_array($_SESSION['cforms'])) { $no = $oldno; unset($_SESSION['cforms']); $_SESSION['cforms']['current'] = 0; $_SESSION['cforms']['first'] = $oldno; $_SESSION['cforms']['pos'] = 1; ##debug db("Reset-Button pressed"); } else { ### multi page form: back button if (isset($_REQUEST['backbutton' . $no]) && isset($_SESSION['cforms']) && $_SESSION['cforms']['pos'] - 1 >= 0) { $no = $_SESSION['cforms']['list'][$_SESSION['cforms']['pos']-- - 1]; $_SESSION['cforms']['current'] = $no; $moveBack = true; ##debug db("Back-Button pressed"); } else { ### mp init: must be mp, first & not submitted! if ($isMPform && $cformsSettings['form' . $oldno]['cforms' . $oldno . '_mp']['mp_first'] && !isset($_REQUEST['sendbutton' . $no])) { ##debug db("Current form is *first* MP-form"); db("Session found, you're on the first form and session is reset!"); $no = $oldno == '1' ? '' : $oldno; ### restore old val unset($_SESSION['cforms']); $_SESSION['cforms']['current'] = 0; $_SESSION['cforms']['first'] = $no; $_SESSION['cforms']['pos'] = 1; } } } ##debug db(print_r($_SESSION, 1)); ### custom fields support if (!(strpos($no, '+') === false)) { $no = substr($no, 0, -1); $customfields = build_fstat($args); $field_count = count($customfields); $custom = true; } else { $custom = false; $field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields']; } $content = ''; $err = 0; $filefield = 0; $validations = array(); $all_valid = 1; $off = 0; $fieldsetnr = 1; $c_errflag = false; $custom_error = ''; $usermessage_class = ''; ### get user credentials if (function_exists('wp_get_current_user')) { $user = wp_get_current_user(); } ### non Ajax method if (isset($_REQUEST['sendbutton' . $no])) { require_once dirname(__FILE__) . '/lib_nonajax.php'; $usermessage_class = $all_valid ? ' success' : ' failure'; } ### called from lib_WPcomments ? if ($isWPcommentForm && $send2author) { return $all_valid; } ### ### ### paint form ### ### $success = false; ### fix for WP Comment (loading after redirect) if (isset($_GET['cfemail']) && $isWPcommentForm) { $usermessage_class = ' success'; $success = true; if ($_GET['cfemail'] == 'sent') { $usermessage_text = preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success'])); } elseif ($_GET['cfemail'] == 'posted') { $usermessage_text = preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms_commentsuccess'])); } } $break = '<br />'; $nl = "\n"; $tab = "\t"; $tt = "\t\t"; $ntt = "\n\t\t"; $nttt = "\n\t\t\t"; ### either show info message above or below $usermessage_text = check_default_vars($usermessage_text, $no); $usermessage_text = check_cust_vars($usermessage_text, $track, $no); ### logic: possibly change usermessage if (function_exists('my_cforms_logic')) { $usermessage_text = my_cforms_logic($trackf, $usermessage_text, 'successMessage'); } $umc = $usermessage_class != '' && $no > 1 ? ' ' . $usermessage_class . $no : ''; ##debug db("User info for form #{$no}"); ### where to show message if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 0, 1) == 'y') { $content .= $ntt . '<div id="usermessage' . $no . 'a" class="cf_info' . $usermessage_class . $umc . ' ">' . $usermessage_text . '</div>'; $actiontarget = 'a'; } else { if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 1, 1) == 'y') { $actiontarget = 'b'; } } ### multi page form: overwrite $no, move on to next form if ($all_valid && isset($_REQUEST['sendbutton' . $no])) { $isMPformNext = false; ### default $oldcurrent = $no; if ($isMPform && isset($_SESSION['cforms']) && $_SESSION['cforms']['current'] > 0 && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next'] != -1) { $isMPformNext = true; $no = check_form_name($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next']); ##debug db("Session active and now moving on to form #{$no}"); ### logic: possibly change next form if (function_exists('my_cforms_logic')) { $no = my_cforms_logic($trackf, $no, "nextForm"); } ### use trackf! $oldcurrent = $_SESSION['cforms']['current']; $_SESSION['cforms']['current'] = $no == '' ? 1 : $no; $field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields']; } elseif ($isMPform && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next'] == -1) { ##debug db("Session was active but is being reset now"); $oldcurrent = $no; $no = $_SESSION['cforms']['first']; unset($_SESSION['cforms']); $_SESSION['cforms']['current'] = 0; $_SESSION['cforms']['first'] = $no; $_SESSION['cforms']['pos'] = 1; $field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields']; } } ##debug db("All good, currently on form #{$no}"); ##debug: optional ## db(print_r($_SESSION,1)); ## db(print_r($track,1)); ### redirect == 2 : hide form? || or if max entries reached! w/ SESSION support if#2 if ($all_valid && ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] && isset($_REQUEST['sendbutton' . $no]) || $cformsSettings['form' . $oldcurrent]['cforms' . $oldcurrent . '_hide'] && isset($_REQUEST['sendbutton' . $oldcurrent]))) { return $content; } else { if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && get_cforms_submission_left($no) <= 0 || !cf_check_time($no)) { if ($cflimit == "reached") { return stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt']); } else { return $content . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt']); } } } ### alternative form action $alt_action = false; if ($cformsSettings['form' . $no]['cforms' . $no . '_action'] == '1') { $action = $cformsSettings['form' . $no]['cforms' . $no . '_action_page']; $alt_action = true; } else { if ($isWPcommentForm) { $action = $cforms_root . '/lib_WPcomment.php'; } else { $action = get_current_page(false) . '#usermessage' . $no . $actiontarget; } } ### start with form tag $content .= $ntt . '<form enctype="multipart/form-data" action="' . $action . '" method="post" class="cform' . ($cformsSettings['form' . $no]['cforms' . $no . '_dontclear'] ? ' cfnoreset' : '') . '" id="cforms' . $no . 'form">' . $nl; ### Session item counter (for default values) $sItem = 1; ### start with no fieldset $fieldsetopen = false; $verification = false; $captcha = false; $upload = false; $fscount = 1; $ol = false; for ($i = 1; $i <= $field_count; $i++) { if (!$custom) { $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . $i]); } else { $field_stat = explode('$#$', $customfields[$i - 1]); } $field_name = $field_stat[0]; $field_type = $field_stat[1]; $field_required = $field_stat[2]; $field_emailcheck = $field_stat[3]; $field_clear = $field_stat[4]; $field_disabled = $field_stat[5]; $field_readonly = $field_stat[6]; ### ommit certain fields if (in_array($field_type, array('cauthor', 'url', 'email')) && $user->ID) { continue; } ### check for custom err message and split field_name $obj = explode('|err:', $field_name, 2); $fielderr = $obj[1]; if ($fielderr != '') { switch ($field_type) { case 'upload': $custom_error .= 'cf_uploadfile' . $no . '-' . $i . '$#$' . $fielderr . '|'; break; case 'captcha': $custom_error .= 'cforms_captcha' . $no . '$#$' . $fielderr . '|'; break; case 'verification': $custom_error .= 'cforms_q' . $no . '$#$' . $fielderr . '|'; break; case "cauthor": case "url": case "email": case "comment": $custom_error .= $field_type . '$#$' . $fielderr . '|'; break; default: preg_match('/^([^#\\|]*).*/', $field_name, $input_name); if (strpos($input_name[1], '[id:') > 0) { preg_match('/\\[id:(.+)\\]/', $input_name[1], $input_name); } $custom_error .= $cformsSettings['form' . $no]['cforms' . $no . '_customnames'] == '1' ? cf_sanitize_ids($input_name[1]) : 'cf' . $no . '_field_' . $i; $custom_error .= '$#$' . $fielderr . '|'; break; } } ### check for title attrib $obj = explode('|title:', $obj[0], 2); $fieldTitle = $obj[1] != '' ? ' title="' . str_replace('"', '"', stripslashes($obj[1])) . '"' : ''; ### special treatment for selectboxes if (in_array($field_type, array('multiselectbox', 'selectbox', 'radiobuttons', 'send2author', 'luv', 'subscribe', 'checkbox', 'checkboxgroup', 'ccbox', 'emailtobox'))) { $chkboxClicked = array(); if (in_array($field_type, array('luv', 'subscribe', 'checkbox', 'ccbox')) && strpos($obj[0], '|set:') > 1) { $chkboxClicked = explode('|set:', stripslashes($obj[0])); $obj[0] = $chkboxClicked[0]; } $options = explode('#', stripslashes($obj[0])); $field_name = $options[0]; } ### check if fieldset is open if (!$fieldsetopen && !$ol && $field_type != 'fieldsetstart') { $content .= $tt . '<ol class="cf-ol">'; $ol = true; } $labelclass = ''; ### visitor verification if (!$verification && $field_type == 'verification') { srand(microtime() * 1000003); $qall = explode("\r\n", $cformsSettings['global']['cforms_sec_qa']); $n = rand(0, count(array_keys($qall)) - 1); $q = $qall[$n]; $q = explode('=', $q); ### q[0]=qestion q[1]=answer $field_name = stripslashes(htmlspecialchars($q[0])); $labelclass = ' class="secq"'; } else { if ($field_type == 'captcha') { $labelclass = ' class="seccap"'; } } $defaultvalue = ''; ### setting the default val & regexp if it exists if (!in_array($field_type, array('fieldsetstart', 'fieldsetend', 'radiobuttons', 'send2author', 'luv', 'subscribe', 'checkbox', 'checkboxgroup', 'ccbox', 'emailtobox', 'multiselectbox', 'selectbox', 'verification'))) { ### check if default val & regexp are set $obj = explode('|', $obj[0], 3); if ($obj[2] != '') { $reg_exp = str_replace('"', '"', stripslashes($obj[2])); } else { $reg_exp = ''; } if ($obj[1] != '') { $defaultvalue = str_replace('"', '"', check_default_vars(stripslashes($obj[1]), $no)); } $field_name = $obj[0]; } ### label ID's $labelIDx = ''; $labelID = $cformsSettings['global']['cforms_labelID'] == '1' ? ' id="label-' . $no . '-' . $i . '"' : ''; ### <li> ID's $liID = $cformsSettings['global']['cforms_liID'] == '1' || substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) == "y" || substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) == "y" ? ' id="li-' . $no . '-' . $i . '"' : ''; ### input field names & label if ($cformsSettings['form' . $no]['cforms' . $no . '_customnames'] == '1') { if (strpos($field_name, '[id:') !== false) { $idPartA = strpos($field_name, '[id:'); $idPartB = strpos($field_name, ']', $idPartA); $input_id = $input_name = cf_sanitize_ids(substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4)); $field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1); } else { $input_id = $input_name = cf_sanitize_ids(stripslashes($field_name)); } } else { $input_id = $input_name = 'cf' . $no . '_field_' . $i; } $field_class = ''; $field_value = ''; switch ($field_type) { case 'luv': $input_id = $input_name = 'luv'; break; case 'subscribe': $input_id = $input_name = 'subscribe'; break; case 'verification': if (is_user_logged_in() && $cformsSettings['global']['cforms_captcha_def']['foqa'] != '1') { continue 2; } $input_id = $input_name = 'cforms_q' . $no; break; case 'captcha': if (is_user_logged_in() && $cformsSettings['global']['cforms_captcha_def']['fo'] != '1') { continue 2; } $input_id = $input_name = 'cforms_captcha' . $no; break; case 'upload': $input_id = $input_name = 'cf_uploadfile' . $no . '-' . $i; $field_class = 'upload'; break; case "send2author": case "email": case "cauthor": case "url": $input_id = $input_name = $field_type; case "datepicker": case "yourname": case "youremail": case "friendsname": case "friendsemail": case "textfield": case "pwfield": $field_class = 'single'; break; case "hidden": $field_class = 'hidden'; break; case 'comment': $input_id = $input_name = $field_type; $field_class = 'area'; break; case 'textarea': $field_class = 'area'; break; } ### additional field classes if ($field_disabled) { $field_class .= ' disabled'; } if ($field_readonly) { $field_class .= ' readonly'; } if ($field_emailcheck) { $field_class .= ' fldemail'; } if ($field_required) { $field_class .= ' fldrequired'; } ### error ? $liERR = $insertErr = ''; ### only for mp forms if ($moveBack || $isMPformNext) { $field_value = htmlspecialchars(stripslashes($_SESSION['cforms']['cf_form' . $no][$_SESSION['cforms']['cf_form' . $no]['$$$' . $sItem++]])); } if (!$all_valid) { ### errors... if ($validations[$i] == 1) { $field_class .= ''; } else { $field_class .= ' cf_error'; ### enhanced error display if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) == "y") { $liERR = 'cf_li_err'; } if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) == "y") { $insertErr = $fielderr != '' ? '<ul class="cf_li_text_err"><li>' . stripslashes($fielderr) . '</li></ul>' : ''; } } if ($field_type == 'multiselectbox' || $field_type == 'checkboxgroup') { $field_value = $_REQUEST[$input_name]; ### in this case it's an array! will do the stripping later } else { $field_value = htmlspecialchars(stripslashes($_REQUEST[$input_name])); } } else { if (!isset($_REQUEST['sendbutton' . $no]) && isset($_REQUEST[$input_name]) || $cformsSettings['form' . $no]['cforms' . $no . '_dontclear']) { ### only pre-populating fields... if ($field_type == 'multiselectbox' || $field_type == 'checkboxgroup') { $field_value = $_REQUEST[$input_name]; } else { $field_value = htmlspecialchars(stripslashes($_REQUEST[$input_name])); } } } ### print label only for non "textonly" fields! Skip some others too, and handle them below indiv. if (!in_array($field_type, array('hidden', 'textonly', 'fieldsetstart', 'fieldsetend', 'ccbox', 'luv', 'subscribe', 'checkbox', 'checkboxgroup', 'send2author', 'radiobuttons'))) { $content .= $nttt . '<li' . $liID . ' class="' . $liERR . '">' . $insertErr . '<label' . $labelID . ' for="' . $input_id . '"' . $labelclass . '><span>' . stripslashes($field_name) . '</span></label>'; } ### if not reloaded (due to err) then use default values if ($field_value == '' && $defaultvalue != '') { $field_value = $defaultvalue; } ### field disabled or readonly, greyed out? $disabled = $field_disabled ? ' disabled="disabled"' : ''; $readonly = $field_readonly ? ' readonly="readonly"' : ''; ### add input field $dp = ''; $naming = false; $field = ''; $val = ''; $force_checked = false; $cookieset = ''; switch ($field_type) { case "upload": $upload = true; ### set upload flag for ajax suppression! $field = '<input' . $readonly . $disabled . ' type="file" name="cf_uploadfile' . $no . '[]" id="cf_uploadfile' . $no . '-' . $i . '" class="cf_upload ' . $field_class . '"' . $fieldTitle . '/>'; break; case "textonly": $field .= $nttt . '<li' . $liID . ' class="textonly' . ($defaultvalue != '' ? ' ' . $defaultvalue : '') . '"' . ($reg_exp != '' ? ' style="' . $reg_exp . '" ' : '') . '>' . stripslashes($field_name) . '</li>'; break; case "fieldsetstart": if ($fieldsetopen) { $field = $ntt . '</ol>' . $nl . $tt . '</fieldset>' . $nl; $fieldsetopen = false; $ol = false; } if (!$fieldsetopen) { if ($ol) { $field = $ntt . '</ol>' . $nl; } $field .= $tt . '<fieldset class="cf-fs' . $fscount++ . '">' . $nl . $tt . '<legend>' . stripslashes($field_name) . '</legend>' . $nl . $tt . '<ol class="cf-ol">'; $fieldsetopen = true; $ol = true; } break; case "fieldsetend": if ($fieldsetopen) { $field = $ntt . '</ol>' . $nl . $tt . '</fieldset>' . $nl; $fieldsetopen = false; $ol = false; } else { $field = ''; } break; case "verification": $field = '<input type="text" name="' . $input_name . '" id="cforms_q' . $no . '" class="secinput ' . $field_class . '" value=""' . $fieldTitle . '/>'; $verification = true; break; case "captcha": $field = '<input type="text" name="' . $input_name . '" id="cforms_captcha' . $no . '" class="secinput' . $field_class . '" value=""' . $fieldTitle . '/>' . '<img id="cf_captcha_img' . $no . '" class="captcha" src="' . $cforms_root . '/cforms-captcha.php?ts=' . $no . get_captcha_uri() . '" alt=""/>' . '<a title="' . __('reset captcha image', 'cforms') . '" href="javascript:reset_captcha(\'' . $no . '\')"><img class="captcha-reset" src="' . $cforms_root . '/images/spacer.gif" alt="Captcha"/></a>'; $captcha = true; break; case "cauthor": $cookieset = 'comment_author_' . COOKIEHASH; case "url": $cookieset = $cookieset == '' ? 'comment_author_url_' . COOKIEHASH : $cookieset; case "email": $cookieset = $cookieset == '' ? 'comment_author_email_' . COOKIEHASH : $cookieset; $field_value = $_COOKIE[$cookieset] != '' ? $_COOKIE[$cookieset] : $field_value; case "datepicker": case "yourname": case "youremail": case "friendsname": case "friendsemail": case "textfield": case "pwfield": $field_value = check_post_vars($field_value); $type = $field_type == 'pwfield' ? 'password' : 'text'; $field_class = $field_type == 'datepicker' ? $field_class . ' cf_date' : $field_class; $onfocus = $field_clear ? ' onfocus="clearField(this)" onblur="setField(this)"' : ''; $field = '<input' . $readonly . $disabled . ' type="' . $type . '" name="' . $input_name . '" id="' . $input_id . '" class="' . $field_class . '" value="' . $field_value . '"' . $onfocus . $fieldTitle . '/>'; if ($reg_exp != '') { $field .= '<input type="hidden" name="' . $input_name . '_regexp" id="' . $input_id . '_regexp" value="' . $reg_exp . '"' . $fieldTitle . '/>'; } $field .= $dp; break; case "hidden": $field_value = check_post_vars($field_value); if (preg_match('/^<([a-zA-Z0-9]+)>$/', $field_value, $getkey)) { $field_value = $_GET[$getkey[1]]; } $field .= $nttt . '<li class="cf_hidden"><input type="hidden" class="cfhidden" name="' . $input_name . '" id="' . $input_id . '" value="' . $field_value . '"' . $fieldTitle . '/></li>'; break; case "comment": case "textarea": $onfocus = $field_clear ? ' onfocus="clearField(this)" onblur="setField(this)"' : ''; $field = '<textarea' . $readonly . $disabled . ' cols="30" rows="8" name="' . $input_name . '" id="' . $input_id . '" class="' . $field_class . '"' . $onfocus . $fieldTitle . '>' . $field_value . '</textarea>'; if ($reg_exp != '') { $field .= '<input type="hidden" name="' . $input_name . '_regexp" id="' . $input_id . '_regexp" value="' . $reg_exp . '"' . $fieldTitle . '/>'; } break; case "subscribe": if (class_exists('sg_subscribe') && $field_type == 'subscribe') { global $sg_subscribe; sg_subscribe_start(); if (($email = $sg_subscribe->current_viewer_subscription_status()) == 'admin' && current_user_can('manage_options')) { $field .= '<li' . $liID . '>' . str_replace('[manager_link]', $sg_subscribe->manage_link($email, true, false), $sg_subscribe->author_text) . '</li>'; continue; } else { if ($email != '') { $field .= '<li' . $liID . '>' . str_replace('[manager_link]', $sg_subscribe->manage_link($email, true, false), $sg_subscribe->subscribed_text) . '</li>'; continue; } } $val = ' value="subscribe"'; } case "luv": if (function_exists('comment_luv') && $field_type == 'luv') { get_currentuserinfo(); global $user_level; if ($user_level == 10) { continue 2; } //empty for now $val = ' value="luv"'; } case "ccbox": case "checkbox": if (!$field_value) { $preChecked = strpos($chkboxClicked[1], 'true') !== false ? ' checked="checked"' : ''; } else { $preChecked = $field_value && $field_value != '-' ? ' checked="checked"' : ''; } ### '-' for mp session! $err = ''; if (!$all_valid && $validations[$i] != 1) { $err = ' cf_errortxt'; } if ($options[1] != '') { $opt = explode('|', $options[1], 2); $before = '<li' . $liID . ' class="' . $liERR . '">' . $insertErr; $after = '<label' . $labelID . ' for="' . $input_id . '" class="cf-after' . $err . '"><span>' . $opt[0] . '</span></label></li>'; $ba = 'a'; } else { $opt = explode('|', $field_name, 2); $before = '<li' . $liID . ' class="' . $liERR . '">' . $insertErr . '<label' . $labelID . ' for="' . $input_name . '" class="cf-before' . $err . '"><span>' . $opt[0] . '</span></label>'; $after = '</li>'; $ba = 'b'; } ### if | val provided, then use "X" if ($val == '') { $val = $opt[1] != '' ? ' value="' . $opt[1] . '"' : ''; } $field = $nttt . $before . '<input' . $readonly . $disabled . ' type="checkbox" name="' . $input_name . '" id="' . $input_id . '" class="cf-box-' . $ba . $field_class . '"' . $val . $fieldTitle . $preChecked . '/>' . $after; break; case "checkboxgroup": $liID_b = $liID != '' ? substr($liID, 0, -1) . 'items"' : ''; array_shift($options); $field .= $nttt . '<li' . $liID . ' class="cf-box-title">' . $field_name . '</li>' . $nttt . '<li' . $liID_b . ' class="cf-box-group">'; $id = 1; $j = 0; ### mp session support if ($moveBack || $isMPformNext) { $field_value = explode(',', $field_value); } foreach ($options as $option) { ### supporting names & values $boxPreset = explode('|set:', $option); $opt = explode('|', $boxPreset[0], 2); if ($opt[1] == '') { $opt[1] = $opt[0]; } $checked = ''; if ($moveBack || $isMPformNext) { if (in_array($opt[1], array_values($field_value))) { $checked = 'checked="checked"'; } } elseif (is_array($field_value)) { if ($opt[1] == htmlspecialchars(stripslashes(strip_tags($field_value[$j])))) { $checked = 'checked="checked"'; $j++; } } else { if (strpos($boxPreset[1], 'true') !== false) { $checked = ' checked="checked"'; } } if ($labelID != '') { $labelIDx = substr($labelID, 0, -1) . $id . '"'; } if ($opt[0] == '') { $field .= $nttt . $tab . '<br />'; } else { $field .= $nttt . $tab . '<input' . $readonly . $disabled . ' type="checkbox" id="' . $input_id . '-' . $id . '" name="' . $input_name . '[]" value="' . $opt[1] . '" ' . $checked . ' class="cf-box-b"' . $fieldTitle . '/>' . '<label' . $labelIDx . ' for="' . $input_id . '-' . $id++ . '" class="cf-group-after"><span>' . $opt[0] . "</span></label>"; } } $field .= $nttt . '</li>'; break; case "multiselectbox": ### $field .= $nttt . '<li><label ' . $labelID . ' for="'.$input_name.'"'. $labelclass . '><span>' . stripslashes(($field_name)) . '</span></label>'; $field .= '<select' . $readonly . $disabled . ' multiple="multiple" name="' . $input_name . '[]" id="' . $input_id . '" class="cfselectmulti ' . $field_class . '"' . $fieldTitle . '>'; array_shift($options); $j = 0; ### mp session support if ($moveBack || $isMPformNext) { $field_value = explode(',', $field_value); } foreach ($options as $option) { ### supporting names & values $optPreset = explode('|set:', $option); $opt = explode('|', $optPreset[0], 2); if ($opt[1] == '') { $opt[1] = $opt[0]; } $checked = ''; if ($moveBack || $isMPformNext) { if (in_array($opt[1], array_values($field_value))) { $checked = 'selected="selected"'; } } elseif (is_array($field_value)) { if ($opt[1] == stripslashes(htmlspecialchars(strip_tags($field_value[$j])))) { $checked = ' selected="selected"'; $j++; } } else { if (strpos($optPreset[1], 'true') !== false) { $checked = ' selected="selected"'; } } $field .= $nttt . $tab . '<option value="' . str_replace('"', '"', $opt[1]) . '"' . $checked . '>' . $opt[0] . '</option>'; } $field .= $nttt . '</select>'; break; case "emailtobox": case "selectbox": $field = '<select' . $readonly . $disabled . ' name="' . $input_name . '" id="' . $input_id . '" class="cformselect' . $field_class . '" ' . $fieldTitle . '>'; array_shift($options); $jj = $j = 0; foreach ($options as $option) { ### supporting names & values $optPreset = explode('|set:', $option); $opt = explode('|', $optPreset[0], 2); if ($opt[1] == '') { $opt[1] = $opt[0]; } ### email-to-box valid entry? if ($field_type == 'emailtobox' && $opt[1] != '-') { $jj = $j++; } else { $jj = '--'; } $checked = ''; if ($field_value == '') { if (strpos($optPreset[1], 'true') !== false) { $checked = ' selected="selected"'; } } else { if ($opt[1] == $field_value || $jj == $field_value) { $checked = ' selected="selected"'; } } $field .= $nttt . $tab . '<option value="' . ($field_type == 'emailtobox' ? $jj : $opt[1]) . '"' . $checked . '>' . $opt[0] . '</option>'; } $field .= $nttt . '</select>'; break; case "send2author": $force_checked = strpos($field_stat[0], '|set:') === false ? true : false; case "radiobuttons": $liID_b = $liID != '' ? substr($liID, 0, -1) . 'items"' : ''; ### only if label ID's active array_shift($options); $field .= $nttt . '<li' . $liID . ' class="' . $liERR . ' cf-box-title">' . $insertErr . $field_name . '</li>' . $nttt . '<li' . $liID_b . ' class="cf-box-group">'; $id = 1; foreach ($options as $option) { $checked = ''; ### supporting names & values $radioPreset = explode('|set:', $option); $opt = explode('|', $radioPreset[0], 2); if ($opt[1] == '') { $opt[1] = $opt[0]; } if ($field_value == '') { if (strpos($radioPreset[1], 'true') !== false || $force_checked && $id == 1) { $checked = ' checked="checked"'; } } else { if ($opt[1] == $field_value) { $checked = ' checked="checked"'; } } if ($labelID != '') { $labelIDx = substr($labelID, 0, -1) . $id . '"'; } if ($opt[0] == '') { $field .= $nttt . $tab . '<br />'; } else { $field .= $nttt . $tab . '<input' . $readonly . $disabled . ' type="radio" id="' . $input_id . '-' . $id . '" name="' . $input_name . '" value="' . $opt[1] . '"' . $checked . ' class="cf-box-b' . ($second ? ' cformradioplus' : '') . ($field_required ? ' fldrequired' : '') . '"' . $fieldTitle . '/>' . '<label' . $labelIDx . ' for="' . $input_id . '-' . $id++ . '" class="cf-after"><span>' . $opt[0] . "</span></label>"; } } $field .= $nttt . '</li>'; break; } ### add new field $content .= $field; ### adding "required" text if needed if ($field_emailcheck == 1) { $content .= '<span class="emailreqtxt">' . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_emailrequired']) . '</span>'; } else { if ($field_required == 1 && !in_array($field_type, array('ccbox', 'luv', 'subscribe', 'checkbox', 'radiobuttons'))) { $content .= '<span class="reqtxt">' . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_required']) . '</span>'; } } ### close out li item if (!in_array($field_type, array('hidden', 'fieldsetstart', 'fieldsetend', 'radiobuttons', 'luv', 'subscribe', 'checkbox', 'checkboxgroup', 'ccbox', 'textonly', 'send2author'))) { $content .= '</li>'; } } ### all fields ### close any open tags if ($ol) { $content .= $ntt . '</ol>'; } if ($fieldsetopen) { $content .= $ntt . '</fieldset>'; } ### rest of the form if ($cformsSettings['form' . $no]['cforms' . $no . '_ajax'] == '1' && !$upload && !$custom && !$alt_action) { $ajaxenabled = ' onclick="return cforms_validate(\'' . $no . '\', false)"'; } else { if (($upload || $custom || $alt_action) && $cformsSettings['form' . $no]['cforms' . $no . '_ajax'] == '1') { $ajaxenabled = ' onclick="return cforms_validate(\'' . $no . '\', true)"'; } else { $ajaxenabled = ''; } } ### just to appease html "strict" $content .= $ntt . '<fieldset class="cf_hidden">' . $nttt . '<legend> </legend>'; ### if visitor verification turned on: if ($verification) { $content .= $nttt . '<input type="hidden" name="cforms_a' . $no . '" id="cforms_a' . $no . '" value="' . md5(rawurlencode(strtolower($q[1]))) . '"/>'; } ### custom error $custom_error = substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) . substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) . substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 4, 1) . $custom_error; ### TAF or WP comment or Extra Fields if ((int) $isTAF > 0) { $nono = $isWPcommentForm ? '' : $no; if ($isWPcommentForm) { $content .= $nttt . '<input type="hidden" name="comment_parent" id="comment_parent" value="' . ($_REQUEST['replytocom'] != '' ? $_REQUEST['replytocom'] : '0') . '"/>'; } $content .= $nttt . '<input type="hidden" name="comment_post_ID' . $nono . '" id="comment_post_ID' . $nono . '" value="' . (isset($_GET['pid']) ? $_GET['pid'] : get_the_ID()) . '"/>' . $nttt . '<input type="hidden" name="cforms_pl' . $no . '" id="cforms_pl' . $no . '" value="' . (isset($_GET['pid']) ? get_permalink($_GET['pid']) : get_permalink()) . '"/>'; } $content .= $nttt . '<input type="hidden" name="cf_working' . $no . '" id="cf_working' . $no . '" value="' . rawurlencode($cformsSettings['form' . $no]['cforms' . $no . '_working']) . '"/>' . $nttt . '<input type="hidden" name="cf_failure' . $no . '" id="cf_failure' . $no . '" value="' . rawurlencode($cformsSettings['form' . $no]['cforms' . $no . '_failure']) . '"/>' . $nttt . '<input type="hidden" name="cf_codeerr' . $no . '" id="cf_codeerr' . $no . '" value="' . rawurlencode($cformsSettings['global']['cforms_codeerr']) . '"/>' . $nttt . '<input type="hidden" name="cf_customerr' . $no . '" id="cf_customerr' . $no . '" value="' . rawurlencode($custom_error) . '"/>' . $nttt . '<input type="hidden" name="cf_popup' . $no . '" id="cf_popup' . $no . '" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_popup'] . '"/>'; $content .= $ntt . '</fieldset>'; ### multi page form: reset $reset = ''; if ($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_form'] && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_reset']) { $reset = '<input tabindex="999" type="submit" name="resetbutton' . $no . '" id="resetbutton' . $no . '" class="resetbutton" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_resettext'] . '" onclick="return confirm(\'' . __('Note: This will reset all your input!', 'cforms') . '\')">'; } ### multi page form: back $back = ''; if ($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_form'] && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_back']) { $back = '<input type="submit" name="backbutton' . $no . '" id="backbutton' . $no . '" class="backbutton" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_backtext'] . '">'; } $content .= $ntt . '<p class="cf-sb">' . $reset . $back . '<input type="submit" name="sendbutton' . $no . '" id="sendbutton' . $no . '" class="sendbutton" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_submit_text'] . '"' . $ajaxenabled . '/></p>'; $content .= $ntt . '</form>'; ### Thank you for leaving this in place $content .= $ntt . '<p class="linklove" id="ll' . $no . '"><a href="http://www.deliciousdays.com/cforms-plugin"><em>cforms</em> contact form by delicious:days</a></p>'; ### either show message above or below $usermessage_text = check_default_vars($usermessage_text, $no); $usermessage_text = check_cust_vars($usermessage_text, $track, $no); if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 1, 1) == 'y' && !($success && $cformsSettings['form' . $no]['cforms' . $no . '_hide'])) { $content .= $tt . '<div id="usermessage' . $no . 'b" class="cf_info ' . $usermessage_class . $umc . '" >' . $usermessage_text . '</div>' . $nl; } ### flush debug messages dbflush(); return $content; }
function cforms2_database_getentries() { check_admin_referer('database_getentries'); if (!current_user_can('track_cforms')) { die("access restricted."); } global $wpdb; $wpdb->cformssubmissions = $wpdb->prefix . 'cformssubmissions'; $wpdb->cformsdata = $wpdb->prefix . 'cformsdata'; ### new global settings container, will eventually be the only one! $cformsSettings = get_option('cforms_settings'); $showIDs = $_POST['showids']; if ($showIDs != '') { $sortBy = isset($_POST['sortby']) && $_POST['sortby'] != '' ? $_POST['sortby'] : 'sub_id'; $sortOrder = isset($_POST['sortorder']) && $_POST['sortorder'] === 'asc' ? 'asc' : 'desc'; $qtype = $_POST['qtype']; ### get form id from name $query = str_replace('*', '', $_POST['query']); $form_ids = false; if ($qtype == 'form_id' && $query != '') { $forms = $cformsSettings['global']['cforms_formcount']; for ($i = 0; $i < $forms; $i++) { $no = $i == 0 ? '' : $i + 1; if (preg_match('/' . $query . '/i', $cformsSettings['form' . $no]['cforms' . $no . '_fname'])) { $form_ids = $form_ids . "'{$no}',"; } } $querystr = !$form_ids ? '$%&/' : ' form_id IN (' . substr($form_ids, 0, -1) . ')'; } else { $querystr = '%' . $query . '%'; } $sql = "SELECT *, form_id, ip FROM {$wpdb->cformsdata}, {$wpdb->cformssubmissions} WHERE sub_id=id "; $sqlargs = array(); if ($showIDs != 'all') { $sub_ids = explode(',', substr($showIDs, 0, -1)); $placeholder = implode(',', array_fill(0, count($sub_ids), '%d')); $sql .= "AND sub_id in ({$placeholder}) "; $sqlargs = array_merge($sqlargs, $sub_ids); } if ($form_ids) { $sql .= "AND %s "; $sqlargs[] = $querystr; } elseif ($query != '') { $sql .= "AND %s LIKE %s "; $sqlargs[] = $qtype; $sqlargs[] = $querystr; } $sql .= "ORDER BY %s {$sortOrder}, f_id"; $sqlargs[] = $sortBy; $sql = $wpdb->prepare($sql, $sqlargs); $entries = $wpdb->get_results($sql); cforms2_dbg($sql); ?> <div id="top"> <?php if ($entries) { $sub_id = ''; foreach ($entries as $entry) { if ($sub_id != $entry->sub_id) { if ($sub_id != '') { echo '</div>'; } $sub_id = $entry->sub_id; $date = mysql2date(get_option('date_format'), $entry->sub_date); $time = mysql2date(get_option('time_format'), $entry->sub_date); echo '<div class="showform" id="entry' . $entry->sub_id . '">' . '<table class="dataheader"><tr><td>' . __('Form:', 'cforms2') . ' </td><td class="b">' . stripslashes($cformsSettings['form' . $entry->form_id]['cforms' . $entry->form_id . '_fname']) . '</td><td class="e">(ID:' . $entry->sub_id . ')</td><td class="d">' . $time . ' ' . $date . '</td>' . '<td class="s"> </td><td><a href="#" class="xdatabutton allbuttons deleteall" type="submit" id="xbutton' . $entry->sub_id . '">' . __('Delete this entry', 'cforms2') . '</a></td>' . '<td><a class="cdatabutton dashicons dashicons-dismiss" type="submit" id="cbutton' . $entry->sub_id . '" title="' . __('close this entry', 'cforms2') . '"></a></td>' . "</tr></table>\n"; } $name = $entry->field_name == '' ? '' : stripslashes($entry->field_name); $val = $entry->field_val == '' ? '' : stripslashes($entry->field_val); if (strpos($name, '[*') !== false) { // attachments? preg_match('/.*\\[\\*(.*)\\]$/i', $name, $r); $no = $r[1] == '' ? $entry->form_id : ($r[1] == 1 ? '' : $r[1]); $temp = explode('$#$', stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_upload_dir']))); $fileuploaddir = $temp[0]; $fileuploaddirurl = $temp[1]; $subID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->sub_id . '-'; if ($fileuploaddirurl == '') { $fileurl = get_site_url() . substr(trailingslashit($fileuploaddir), strlen(get_home_path()) - 1); } else { $fileurl = trailingslashit($fileuploaddirurl); } $passID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->sub_id; $fileInfoArr = array('name' => strip_tags($val), 'path' => $fileurl, 'subID' => $passID); if (function_exists('my_cforms_logic')) { $fileInfoArr = my_cforms_logic($entries, $fileInfoArr, 'fileDestinationTrackingPage'); } if (!array_key_exists('modified', $fileInfoArr)) { $fileInfoArr['name'] = $subID . $fileInfoArr['name']; } $fileurl = $fileInfoArr['path'] . $fileInfoArr['name'] . $_GET['format']; echo '<div class="showformfield meta"><div class="L">'; echo substr($name, 0, strpos($name, '[*')); if ($entry->field_val == '') { echo '</div><div class="R">' . __('-', 'cforms2') . '</div></div>' . "\n"; } else { echo '</div><div class="R">' . '<a href="' . $fileurl . '">' . str_replace("\n", "<br />", strip_tags($val)) . '</a>' . '</div></div>' . "\n"; } } elseif ($name == 'page') { // special field: page echo '<div class="showformfield meta"><div class="L">'; _e('Submitted via page', 'cforms2'); echo '</div><div class="R">' . str_replace("\n", "<br />", strip_tags($val)) . '</div></div>' . "\n"; echo '<div class="showformfield meta"><div class="L">'; _e('IP address', 'cforms2'); echo '</div><div class="R"><a href="http://geomaplookup.net/?ip=' . $entry->ip . '" title="' . __('IP Lookup', 'cforms2') . '">' . $entry->ip . '</a></div></div>' . "\n"; } elseif (strpos($name, 'Fieldset') !== false) { if (strpos($name, 'FieldsetEnd') === false) { echo '<div class="showformfield tfieldset"><div class="L"> </div><div class="R">' . strip_tags($val) . '</div></div>' . "\n"; } } else { echo '<div class="showformfield"><div class="L">' . $name . '</div>' . '<div id="' . $entry->f_id . '" class="R">' . str_replace("\n", "<br />", strip_tags($val)) . '</div></div>' . "\n"; } } echo '</div>'; } else { ?> <p align="center"><?php _e('Sorry, data not found. Please refresh your data table.', 'cforms2'); ?> </p> </div> <?php } } die; }
function cforms_submitcomment($content) { global $cformsSettings, $wpdb, $subID, $smtpsettings, $track, $trackf, $Ajaxpid, $AjaxURL, $wp_locale, $abspath; $WPsuccess = false; ### WP Comment flag $isAjaxWPcomment = strpos($content, '***'); ### WP comment feature $content = explode('***', $content); $content = $content[0]; $content = explode('+++', $content); ### Added special fields if (count($content) > 3) { $commentparent = $content[1]; $Ajaxpid = $content[2]; $AjaxURL = $content[3]; } else { $Ajaxpid = $content[1]; $AjaxURL = $content[2]; } $segments = explode('$#$', $content[0]); $params = array(); $sep = strpos(__FILE__, '/') === false ? '\\' : '/'; $WPpluggable = $abspath . 'wp-includes' . $sep . 'pluggable.php'; if (file_exists($WPpluggable)) { require_once $WPpluggable; } $CFfunctionsC = dirname(dirname(__FILE__)) . $cformsSettings['global']['cforms_IIS'] . 'cforms-custom' . $cformsSettings['global']['cforms_IIS'] . 'my-functions.php'; $CFfunctions = dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . 'my-functions.php'; if (file_exists($CFfunctionsC)) { include_once $CFfunctionsC; } else { if (file_exists($CFfunctions)) { include_once $CFfunctions; } } if (function_exists('wp_get_current_user')) { $user = wp_get_current_user(); } for ($i = 1; $i <= sizeof($segments); $i++) { $params['field_' . $i] = $segments[$i]; } ### fix reference to first form if ($segments[0] == '1') { $params['id'] = $no = ''; } else { $params['id'] = $no = $segments[0]; } ### TAF flag $isTAF = substr($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'], 0, 1); ### user filter ? if (function_exists('my_cforms_ajax_filter')) { $params = my_cforms_ajax_filter($params); } ### init variables $track = array(); $trackinstance = array(); $to_one = -1; $ccme = false; $field_email = ''; $off = 0; $fieldsetnr = 1; $taf_youremail = false; $taf_friendsemail = false; ### form limit reached if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && get_cforms_submission_left($no) == 0 || !cf_check_time($no)) { $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1); return $pre . preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt'])) . $hide; } ### for comment luv get_currentuserinfo(); global $user_level; ### Subscribe-To-Comments $isSubscribed == ''; if (class_exists('sg_subscribe')) { global $sg_subscribe; sg_subscribe_start(); $isSubscribed = $sg_subscribe->current_viewer_subscription_status(); } $captchaopt = $cformsSettings['global']['cforms_captcha_def']; for ($i = 1; $i <= sizeof($params) - 2; $i++) { $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]); while (in_array($field_stat[1], array('fieldsetstart', 'fieldsetend', 'textonly', 'captcha', 'verification'))) { if ($field_stat[1] == 'captcha' && !(is_user_logged_in() && !$captchaopt['fo'] == '1')) { break; } if ($field_stat[1] == 'verification' && !(is_user_logged_in() && !$captchaopt['foqa'] == '1')) { break; } if ($field_stat[1] == 'fieldsetstart') { $track['$$$' . ((int) $i + (int) $off)] = 'Fieldset' . $fieldsetnr; $track['Fieldset' . $fieldsetnr++] = $field_stat[0]; } elseif ($field_stat[1] == 'fieldsetend') { $track['FieldsetEnd' . $fieldsetnr++] = '--'; } ### get next in line... $off++; $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]); if ($field_stat[1] == '') { break 2; } ### all fields searched, break both while & for } ### filter all redundant WP comment fields if user is logged in while (in_array($field_stat[1], array('cauthor', 'email', 'url')) && $user->ID) { $temp = explode('|', $field_stat[0], 3); ### get field name $temp = explode('#', $temp[0], 2); switch ($field_stat[1]) { case 'cauthor': $track['cauthor'] = $track[$temp[0]] = $user->display_name; $track['$$$' . ((int) $i + (int) $off)] = $temp[0]; break; case 'email': $track['email'] = $track[$temp[0]] = $field_email = $user->user_email; $track['$$$' . ((int) $i + (int) $off)] = $temp[0]; break; case 'url': $track['url'] = $track[$temp[0]] = $user->user_url; $track['$$$' . ((int) $i + (int) $off)] = $temp[0]; break; } $off++; $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]); if ($field_stat[1] == '') { break 2; } ### all fields searched, break both while & for } $field_name = $field_stat[0]; $field_type = $field_stat[1]; ### remove [id: ] first if (strpos($field_name, '[id:') !== false) { $idPartA = strpos($field_name, '[id:'); $idPartB = strpos($field_name, ']', $idPartA); $customTrackingID = substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4); $field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1); } else { $customTrackingID = ''; } ### dissect field $obj = explode('|', $field_name, 3); ### strip out default value $field_name = $obj[0]; ### special WP comment fields if (in_array($field_stat[1], array('luv', 'subscribe', 'cauthor', 'email', 'url', 'comment', 'send2author'))) { $temp = explode('#', $field_name, 2); if ($temp[0] == '') { $field_name = $field_stat[1]; } else { $field_name = $temp[0]; } ### keep copy of values $track[$field_stat[1]] = stripslashes($params['field_' . $i]); if ($field_stat[1] == 'email') { $field_email = $params['field_' . $i]; } } ### special Tell-A-Friend fields if ($taf_friendsemail == '' && $field_type == 'friendsemail' && $field_stat[3] == '1') { $field_email = $taf_friendsemail = $params['field_' . $i]; } if ($taf_youremail == '' && $field_type == 'youremail' && $field_stat[3] == '1') { $taf_youremail = $params['field_' . $i]; } if ($field_type == 'friendsname') { $taf_friendsname = $params['field_' . $i]; } if ($field_type == 'yourname') { $taf_yourname = $params['field_' . $i]; } ### lets find an email field ("Is Email") and that's not empty! if ($field_email == '' && $field_stat[3] == '1') { $field_email = $params['field_' . $i]; } ### special case: select & radio if ($field_type == "multiselectbox" || $field_type == "selectbox" || $field_type == "radiobuttons" || $field_type == "checkboxgroup") { $field_name = explode('#', $field_name); $field_name = $field_name[0]; } ### special case: check box if ($field_type == "checkbox" || $field_type == "ccbox") { $field_name = explode('#', $field_name); $field_name = $field_name[1] == '' ? $field_name[0] : $field_name[1]; $field_name = explode('|', $field_name); $field_name = $field_name[0]; ### if ccbox & checked if ($field_type == "ccbox" && $params['field_' . $i] != "-") { $ccme = 'field_' . $i; } } if ($field_type == "emailtobox") { ### special case where the value needs to bet get from the DB! $to_one = $params['field_' . $i]; $field_name = explode('#', $field_stat[0]); ### can't use field_name, since '|' check earlier $tmp = explode('|', $field_name[$to_one + 1]); ### remove possible |set:true $value = $tmp[0]; ### values start from 0 or after! $to = $replyto = stripslashes($tmp[1]); $field_name = $field_name[0]; } else { if (strtoupper(get_option('blog_charset')) != 'UTF-8' && function_exists('mb_convert_encoding')) { $value = mb_convert_encoding(utf8_decode(stripslashes($params['field_' . $i])), get_option('blog_charset')); } else { $value = stripslashes($params['field_' . $i]); } } ### only if hidden! if ($field_type == 'hidden') { $value = rawurldecode($value); } ### Q&A verification if ($field_type == "verification") { $field_name = __('Q&A', 'cforms'); } ### determine tracked field name $inc = ''; $trackname = trim($field_name); if (array_key_exists($trackname, $track)) { if ($trackinstance[$trackname] == '') { $trackinstance[$trackname] = 2; } $inc = '___' . $trackinstance[$trackname]++; } $track['$$$' . (int) ($i + $off)] = $trackname . $inc; $track[$trackname . $inc] = $value; if ($customTrackingID != '') { $track['$$$' . $customTrackingID] = $trackname . $inc; } } ### for ### assemble text & html email $r = formatEmail($track, $no); $formdata = $r['text']; $htmlformdata = $r['html']; ### ### record: ### $subID = $isTAF == '2' && $track['send2author'] != '1' ? 'noid' : write_tracking_record($no, $field_email); ### ### allow the user to use form data for other apps ### $trackf['id'] = $no; $trackf['data'] = $track; if (function_exists('my_cforms_action')) { my_cforms_action($trackf); } ### Catch WP-Comment function | if send2author just continue if ($isAjaxWPcomment !== false && $track['send2author'] == '0') { require_once dirname(__FILE__) . '/lib_WPcomment.php'; ### Catch WP-Comment function: error if (!$WPsuccess) { return $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1) . $WPresp . '|---'; } } ### Catch WP-Comment function ### multiple recipients? and to whom is the email sent? to_one = picked recip. if ($isAjaxWPcomment !== false && $track['send2author'] == '1') { $to = $wpdb->get_results("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = {$Ajaxpid} AND U.ID=P.post_author"); $to = $replyto = $to[0]->user_email != '' ? $to[0]->user_email : $replyto; } else { if (!($to_one != -1 && $to != '')) { $to = $replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_email'])); } } ### from $frommail = check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track, $no); ### T-A-F override? if ($isTAF == '1' && $taf_youremail && $taf_friendsemail) { $replyto = "\"{$taf_yourname}\" <{$taf_youremail}>"; } ### logic: dynamic admin email address if (function_exists('my_cforms_logic')) { $to = my_cforms_logic($trackf, $to, 'adminTO'); } ### use trackf! ### either use configured subject or user determined $vsubject = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_subject']); $vsubject = check_default_vars($vsubject, $no); $vsubject = check_cust_vars($vsubject, $track, $no); ### prep message text, replace variables $message = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header']); if (function_exists('my_cforms_logic')) { $message = my_cforms_logic($trackf, $message, 'adminEmailTXT'); } $message = check_default_vars($message, $no); $message = check_cust_vars($message, $track, $no); ### actual user message $htmlmessage = ''; if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 2, 1) == '1') { $htmlmessage = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header_html']); if (function_exists('my_cforms_logic')) { $htmlmessage = my_cforms_logic($trackf, $htmlmessage, 'adminEmailHTML'); } $htmlmessage = check_default_vars($htmlmessage, $no); $htmlmessage = check_cust_vars($htmlmessage, $track, $no); } $mail = new cf_mail($no, $frommail, $to, $field_email, true); $mail->subj = $vsubject; $mail->char_set = 'utf-8'; ### HTML email if ($mail->html_show) { $mail->is_html(true); $mail->body = "<html>" . $mail->eol . "<body>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol; $mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } else { $mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } ### SMTP server or native PHP mail() ? if ($cformsSettings['form' . $no]['cforms' . $no . '_emailoff'] == '1' || $WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] != '21') { $sentadmin = 1; } else { if ($smtpsettings[0] == '1') { $sentadmin = cforms_phpmailer($no, $frommail, $field_email, $to, $vsubject, $message, $formdata, $htmlmessage, $htmlformdata); } else { $sentadmin = $mail->send(); } } if ($sentadmin == 1) { ### send copy or notification? if ($cformsSettings['form' . $no]['cforms' . $no . '_confirm'] == '1' && $field_email != '' || $ccme && $trackf[$ccme] != '-') { $frommail = check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track, $no); ### actual user message $cmsg = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg']); if (function_exists('my_cforms_logic')) { $cmsg = my_cforms_logic($trackf, $cmsg, 'autoConfTXT'); } $cmsg = check_default_vars($cmsg, $no); $cmsg = check_cust_vars($cmsg, $track, $no); ### HTML text $cmsghtml = ''; if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 3, 1) == '1') { $cmsghtml = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg_html']); if (function_exists('my_cforms_logic')) { $cmsghtml = my_cforms_logic($trackf, $cmsghtml, 'autoConfHTML'); } $cmsghtml = check_default_vars($cmsghtml, $no); $cmsghtml = check_cust_vars($cmsghtml, $track, $no); } ### subject $subject2 = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_csubject']); $subject2 = check_default_vars($subject2, $no); $subject2 = check_cust_vars($subject2, $track, $no); ### different cc & ac subjects? $s = explode('$#$', $subject2); $s[1] = $s[1] != '' ? $s[1] : $s[0]; ### email tracking via 3rd party? ### if in Tell-A-Friend Mode, then overwrite header stuff... if ($taf_youremail && $taf_friendsemail && $isTAF == '1') { $field_email = "\"{$taf_friendsname}\" <{$taf_friendsemail}>"; } else { $field_email = $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] != '' ? $field_email . $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] : $field_email; } $mail = new cf_mail($no, $frommail, $field_email, $replyto); ### auto conf attachment? $a = $cformsSettings['form' . $no]['cforms' . $no . '_cattachment'][0]; $a = substr($a, 0, 1) == '/' ? $a : dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . $a; if ($a != '' && file_exists($a)) { $n = substr($a, strrpos($a, $cformsSettings['global']['cforms_IIS']) + 1, strlen($a)); $m = getMIME(strtolower(substr($n, strrpos($n, '.') + 1, strlen($n)))); $mail->add_file($a, $n, 'base64', $m); ### optional name } $mail->char_set = 'utf-8'; ### CC or auto conf? if ($ccme && $trackf[$ccme] != '-') { if ($smtpsettings[0] == '1') { $sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[1], $message, $formdata, $htmlmessage, $htmlformdata, 'ac'); } else { $mail->subj = $s[1]; if ($mail->html_show_ac) { $mail->is_html(true); $mail->body = "<html>" . $mail->eol . "<body>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol; $mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } else { $mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } $sent = $mail->send(); } } else { if ($smtpsettings[0] == '1') { $sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[0], $cmsg, '', $cmsghtml, '', 'ac'); } else { $mail->subj = $s[0]; if ($mail->html_show_ac) { $mail->is_html(true); $mail->body = "<html>" . $mail->eol . "<body>" . $cmsghtml . "</body></html>" . $mail->eol; $mail->body_alt = $cmsg; } else { $mail->body = $cmsg; } $sent = $mail->send(); } } if ($sent != '1') { $err = __('Error occurred while sending the auto confirmation message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sent : $mail->ErrorInfo; $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1); return $pre . $err . '|!!!'; } } ### cc ### return success msg $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1); $successMsg = check_default_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success']), $no); $successMsg = check_cust_vars($successMsg, $track, $no); $successMsg = str_replace($mail->eol, '<br />', $successMsg); ### logic: possibly change usermessage if (function_exists('my_cforms_logic')) { $successMsg = my_cforms_logic($trackf, $successMsg, 'successMessage'); } ### WP-Comment: override if ($WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] == '21') { $successMsg = $WPresp; } $opt = ''; ### hide? if ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] || get_cforms_submission_left($no) == 0) { $opt .= '|~~~'; } ### redirect to a different page on suceess? if ($cformsSettings['form' . $no]['cforms' . $no . '_redirect']) { if (function_exists('my_cforms_logic')) { $red = my_cforms_logic($trackf, $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'], 'redirection'); if ($red != '') { $opt .= '|>>>' . $red; } ### use trackf! } else { $opt .= '|>>>' . $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page']; } } return $pre . $successMsg . $opt; } else { ### no admin mail sent! ### return error msg $err = __('Error occurred while sending the message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sentadmin : $mail->ErrorInfo; $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1); return $pre . $err . '|!!!'; } }
} } } ### ### have to upload a file? ### global $file; $file = ''; $i = 0; if (isset($_FILES['cf_uploadfile' . $no]) && $all_valid) { $file = $_FILES['cf_uploadfile' . $no]; foreach ($file[name] as $value) { if (!empty($value)) { ### this will check if any blank field is entered if (function_exists('my_cforms_logic')) { $file[name][$i] = my_cforms_logic($_REQUEST, $_FILES['cf_uploadfile' . $no][name][$i], "filename"); } $fileerr = ''; ### A successful upload will pass this test. It makes no sense to override this one. if ($file['error'][$i] > 0) { $fileerr = $cformsSettings['global']['cforms_upload_err1']; } ### A successful upload will pass this test. It makes no sense to override this one. $fileext[$i] = strtolower(substr($value, strrpos($value, '.') + 1, strlen($value))); $allextensions = explode(',', preg_replace('/\\s/', '', strtolower($cformsSettings['form' . $no]['cforms' . $no . '_upload_ext']))); if ($cformsSettings['form' . $no]['cforms' . $no . '_upload_ext'] != '' && !in_array($fileext[$i], $allextensions)) { $fileerr = $cformsSettings['global']['cforms_upload_err5']; } ### A non-empty file will pass this test. if (!($file['size'][$i] > 0)) { $fileerr = $cformsSettings['global']['cforms_upload_err2'];
function cforms2_get_csv_tab($handle, $fnames, $where, $in_list, $sortBy, $sortOrder, $cformsSettings, $charset, $format = 'csv') { global $wpdb; $results = $wpdb->get_results("SELECT ip, id, sub_date, form_id, field_name,field_val FROM {$wpdb->cformsdata},{$wpdb->cformssubmissions} WHERE sub_id=id {$where} {$in_list} ORDER BY {$sortBy} {$sortOrder}, f_id ASC"); //TODO check SQL injection $br = "\n"; $buffer = array(); $body = ''; $sub_id = ''; $format = $format == "csv" ? "," : "\t"; $ipTab = $_GET['addip'] == 'true' ? $format : ''; $head = $_GET['header'] == 'true' ? $format . $format . $ipTab : ''; $last_n = ''; foreach ($results as $entry) { if ($entry->field_name == 'page' || strpos($entry->field_name, 'Fieldset') !== false) { continue; } $next_n = $entry->form_id == '' ? '1' : $entry->form_id; if ($sub_id != $entry->id) { ### new record starts if ($buffer[body] != '') { if ($_GET['header'] == 'true' && $buffer[last_n] != $buffer[last2_n]) { fwrite($handle, $buffer[head] . $br . $buffer[body] . $br); } else { fwrite($handle, $buffer[body] . $br); } } $buffer[body] = $body; ### save 1 line $buffer[head] = $head; ### save 1 line $buffer[last2_n] = $buffer[last_n]; $buffer[last_n] = $last_n; $body = '"' . __('Form', 'cforms2') . ': ' . cforms2_enc_data($fnames[$next_n], $charset) . '"' . $format . '"' . cforms2_enc_data($entry->sub_date, $charset) . '"' . $format . ($_GET['addip'] == 'true' ? $entry->ip . $format : ''); $head = $_GET['header'] == 'true' ? $format . $format . $ipTab : ''; $last_n = $next_n; $sub_id = $entry->id; } $url = ''; $urlTab = ''; if ($_GET['addurl'] == 'true' && strpos($entry->field_name, '[*')) { preg_match('/.*\\[\\*(.*)\\]$/i', $entry->field_name, $t); $no = $t[1] == '' ? $entry->form_id : ($t[1] == 1 ? '' : $t[1]); $urlTab = $format; $entry->field_name = substr($entry->field_name, 0, strpos($entry->field_name, '[*')); $t = explode('$#$', stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_upload_dir']))); $fdir = $t[0]; $fdirURL = $t[1]; $subID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->id . '-'; if ($fdirURL == '') { $plugindir = dirname(dirname(plugin_basename(__FILE__))); $url = plugin_dir_url(__FILE__) . substr($fdir, strpos($fdir, $plugindir) + strlen($plugindir) + 1); } else { $url = $fdirURL; } $passID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->id; $fileInfoArr = array('name' => strip_tags($entry->field_val), 'path' => $url, 'subID' => $passID); if (function_exists('my_cforms_logic')) { $fileInfoArr = my_cforms_logic($results, $fileInfoArr, 'fileDestinationTrackingPage'); } if (!array_key_exists('modified', $fileInfoArr)) { $fileInfoArr['name'] = $subID . $fileInfoArr['name']; } $url = $fileInfoArr['path'] . '/' . $fileInfoArr['name'] . $format; } $head .= $_GET['header'] == 'true' ? '"' . cforms2_enc_data(stripslashes($entry->field_name), $charset) . '"' . $format . $urlTab : ''; $body .= '"' . str_replace('"', '""', cforms2_enc_data(stripslashes($entry->field_val), $charset)) . '"' . $format . $url; } ### foreach ### clean up buffer if ($buffer[body] != '') { if ($_GET['header'] == 'true' && $buffer[last_n] != $buffer[last2_n]) { fwrite($handle, $buffer[head] . $br . $buffer[body] . $br); } else { fwrite($handle, $buffer[body] . $br); } } ### clean up last body if ($_GET['header'] == 'true' && $buffer[last_n] != $next_n) { fwrite($handle, $head . $br . $body . $br); } else { fwrite($handle, $body . $br); } return; }
function cforms2($args = '', $no = '') { global $subID, $track, $cformsSettings, $trackf, $send2author; $oldno = $no == '1' ? '' : $no; ### remeber old val, to reset session when in new MP form ##debug cforms2_dbg("Original form on page #{$oldno}"); ### multi page form: overwrite $no $isWPcommentForm = substr($cformsSettings['form' . $oldno]['cforms' . $oldno . '_tellafriend'], 0, 1) == '2'; $isMPform = $cformsSettings['form' . $oldno]['cforms' . $oldno . '_mp']['mp_form']; $isTAF = substr($cformsSettings['form' . $oldno]['cforms' . $oldno . '_tellafriend'], 0, 1); ##debug cforms2_dbg("Comment form = {$isWPcommentForm}"); cforms2_dbg("Multi-page form = {$isMPform}"); if (isset($_SESSION) && isset($_SESSION['cforms']['current'])) { cforms2_dbg("PHP Session = " . $_SESSION['cforms']['current']); } if ($isMPform && is_array($_SESSION['cforms']) && $_SESSION['cforms']['current'] > 0 && !$isWPcommentForm) { cforms2_dbg("form no. rewrite from #{$no} to #") . $_SESSION['cforms']['current']; $no = $_SESSION['cforms']['current']; } ### Safety, in case someone uses '1' for the default form $no = $no == '1' ? '' : $no; ##debug cforms2_dbg("Switch to form #{$no}"); $moveBack = false; ### multi page form: reset button if (isset($_REQUEST['resetbutton' . $no]) && is_array($_SESSION['cforms'])) { $no = $oldno; unset($_SESSION['cforms']); $_SESSION['cforms']['current'] = 0; $_SESSION['cforms']['first'] = $oldno; $_SESSION['cforms']['pos'] = 1; unset($_REQUEST); ##debug cforms2_dbg("Reset-Button pressed"); } else { ### multi page form: back button if (isset($_REQUEST['backbutton' . $no]) && isset($_SESSION['cforms']) && $_SESSION['cforms']['pos'] - 1 >= 0) { $no = $_SESSION['cforms']['list'][$_SESSION['cforms']['pos']-- - 1]; $_SESSION['cforms']['current'] = $no; $moveBack = true; ##debug cforms2_dbg("Back-Button pressed"); } else { ### mp init: must be mp, first & not submitted! if ($isMPform && !is_array($_SESSION['cforms']) && $cformsSettings['form' . $oldno]['cforms' . $oldno . '_mp']['mp_first']) { //if( $isMPform && $cformsSettings['form'.$oldno]['cforms'.$oldno.'_mp']['mp_first'] && !isset($_REQUEST['sendbutton'.$no]) ){ ##debug cforms2_dbg("Current form is *first* MP-form"); cforms2_dbg("Session found, you're on the first form and session is reset!"); $no = $oldno == '1' ? '' : $oldno; ### restore old val unset($_SESSION['cforms']); $_SESSION['cforms']['current'] = 0; $_SESSION['cforms']['first'] = $no; $_SESSION['cforms']['pos'] = 1; } } } ##debug cforms2_dbg(print_r($_SESSION, 1)); ### custom fields support if (!(strpos($no, '+') === false)) { $no = substr($no, 0, -1); $customfields = cforms2_build_fstat($args); $field_count = count($customfields); $custom = true; } else { $custom = false; $field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields']; } $content = ''; $err = 0; $validations = array(); $all_valid = 1; $off = 0; $fieldsetnr = 1; $c_errflag = false; $custom_error = ''; $usermessage_class = ''; $usermessage_text = ""; $user = wp_get_current_user(); // TODO integrate this check better $server_upload_size_error = false; $displayMaxSize = ini_get('post_max_size'); if ($_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && empty($_FILES) && $_SERVER['CONTENT_LENGTH'] > 0) { $server_upload_size_error = true; $msgSize = $_SERVER['CONTENT_LENGTH'] / 1048576; echo "<pre>Maximum size allowed:" . $displayMaxSize . "; size of your message:" . number_format((double) $msgSize, 2, '.', '') . "M</pre>"; } ### non Ajax method if (isset($_REQUEST['sendbutton' . $no]) || $server_upload_size_error) { require_once plugin_dir_path(__FILE__) . 'lib_nonajax.php'; $usermessage_class = $all_valid ? ' success' : ' failure'; } ### called from lib_WPcomments ? if ($isWPcommentForm && $send2author) { return $all_valid; } ### ### ### paint form ### ### $success = false; ### fix for WP Comment (loading after redirect) if (isset($_GET['cfemail']) && $isWPcommentForm) { $usermessage_class = ' success'; $success = true; if ($_GET['cfemail'] == 'sent') { $usermessage_text = preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success'])); } elseif ($_GET['cfemail'] == 'posted') { $usermessage_text = preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['global']['cforms_commentsuccess'])); } else { $usermessage_class = ' failure'; $success = false; } } ### either show info message above or below $usermessage_text = cforms2_check_default_vars($usermessage_text, $no); $usermessage_text = cforms2_check_cust_vars($usermessage_text, $track); ### logic: possibly change usermessage if (function_exists('my_cforms_logic')) { $usermessage_text = my_cforms_logic($trackf, $usermessage_text, 'successMessage'); } $umc = $usermessage_class != '' && $no > 1 ? ' ' . $usermessage_class . $no : ''; ##debug cforms2_dbg("User info for form #{$no}"); ### where to show message if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 0, 1) == 'y') { $content .= '<div id="usermessage' . $no . 'a" class="cf_info' . $usermessage_class . $umc . ' ">' . $usermessage_text . '</div>'; $actiontarget = 'a'; } else { if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 1, 1) == 'y') { $actiontarget = 'b'; } } ### multi page form: overwrite $no, move on to next form $oldcurrent = $no; if ($all_valid && isset($_REQUEST['sendbutton' . $no])) { $isMPformNext = false; ### default $oldcurrent = $no; ##debug cforms2_dbg("Form is all valid & sendbutton pressed."); if ($isMPform && isset($_SESSION['cforms']) && $_SESSION['cforms']['current'] > 0 && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next'] != -1) { $isMPformNext = true; $no = cforms2_check_form_name($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next']); ##debug cforms2_dbg("Session active and now moving on to form #{$no}"); ### logic: possibly change next form if (function_exists('my_cforms_logic')) { $no = my_cforms_logic($trackf, $no, "nextForm"); } ### use trackf! $oldcurrent = $_SESSION['cforms']['current']; $_SESSION['cforms']['current'] = $no == '' ? 1 : $no; $field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields']; } elseif ($isMPform && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next'] == -1) { ##debug cforms2_dbg("Session was active but is being reset now"); $oldcurrent = $no; $no = $_SESSION['cforms']['first']; unset($_SESSION['cforms']); $_SESSION['cforms']['current'] = 0; $_SESSION['cforms']['first'] = $no; $_SESSION['cforms']['pos'] = 1; $field_count = $cformsSettings['form' . $no]['cforms' . $no . '_count_fields']; } else { unset($_SESSION['cforms']); $_SESSION['cforms']['current'] = 0; $_SESSION['cforms']['first'] = $no; $_SESSION['cforms']['pos'] = 1; } } else { unset($_SESSION['cforms']); $_SESSION['cforms']['current'] = 0; $_SESSION['cforms']['first'] = $no; $_SESSION['cforms']['pos'] = 1; } ##debug cforms2_dbg("All good, currently on form #{$no}, [current]=" . $_SESSION['cforms']['current']); ##debug cforms2_dbg(print_r($_SESSION, 1)); cforms2_dbg(print_r($track, 1)); ### redirect == 2 : hide form? || or if max entries reached! w/ SESSION support if#2 if ($all_valid && ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] && isset($_REQUEST['sendbutton' . $no]) || $cformsSettings['form' . $oldcurrent]['cforms' . $oldcurrent . '_hide'] && isset($_REQUEST['sendbutton' . $oldcurrent]))) { return $content; } else { if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && cforms2_get_submission_left($no) <= 0 || !cforms2_check_time($no)) { global $cflimit; if ($cflimit == "reached") { return stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt']); } else { return $content . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt']); } } } ### alternative form action $alt_action = false; if ($cformsSettings['form' . $no]['cforms' . $no . '_action'] == '1') { $action = $cformsSettings['form' . $no]['cforms' . $no . '_action_page']; $alt_action = true; } else { if ($isWPcommentForm) { $action = admin_url('admin-ajax.php'); } else { $action = cforms2_get_current_page() . '#usermessage' . $no . $actiontarget; } } $enctype = $cformsSettings['form' . $no]['cforms' . $no . '_formaction'] ? 'enctype="application/x-www-form-urlencoded"' : 'enctype="multipart/form-data"'; ### start with form tag $content .= '<form ' . $enctype . ' action="' . $action . '" method="post" class="cform ' . sanitize_title_with_dashes($cformsSettings['form' . $no]['cforms' . $no . '_fname']) . ' ' . ($cformsSettings['form' . $no]['cforms' . $no . '_dontclear'] ? ' cfnoreset' : '') . '" id="cforms' . $no . 'form">'; ### Session item counter (for default values) $sItem = 1; ### start with no fieldset $fieldsetopen = false; $captcha = false; $upload = false; $fscount = 1; $ol = false; $inpFieldArr = array(); // for var[] type input fields for ($i = 1; $i <= $field_count; $i++) { if (!$custom) { $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . $i]); } else { $field_stat = explode('$#$', $customfields[$i - 1]); } $field_name = $field_stat[0]; $field_type = $field_stat[1]; $field_required = $field_stat[2]; $field_emailcheck = $field_stat[3]; $field_clear = $field_stat[4]; $field_disabled = $field_stat[5]; $field_readonly = $field_stat[6]; ### ommit certain fields if (in_array($field_type, array('cauthor', 'url', 'email')) && $user->ID) { continue; } ### check for html5 attributes $obj = explode('|html5:', $field_name, 2); $obj[] = ""; $html5 = $obj[1] != '' ? preg_split('/\\x{00A4}/u', $obj[1], -1) : ''; ###debug cforms2_dbg("\t\t html5 check, settings = " . print_r($html5, 1)); ### check for custom err message and split field_name $obj = explode('|err:', $obj[0], 2); $obj[] = ""; $fielderr = $obj[1]; ###debug cforms2_dbg("\t adding {$field_type} field: {$field_name}"); if ($fielderr != '') { switch ($field_type) { case 'upload': $custom_error .= 'cf_uploadfile' . $no . '-' . $i . '$#$' . $fielderr . '|'; break; case 'captcha': $custom_error .= 'cforms_captcha' . $no . '$#$' . $fielderr . '|'; break; case "cauthor": case "url": case "email": case "comment": $custom_error .= $field_type . '$#$' . $fielderr . '|'; break; default: preg_match('/^([^#\\|]*).*/', $field_name, $input_name); if (strpos($input_name[1], '[id:') > 0) { preg_match('/\\[id:(.+)\\]/', $input_name[1], $input_name); } $custom_error .= $cformsSettings['form' . $no]['cforms' . $no . '_customnames'] == '1' ? cforms2_sanitize_ids($input_name[1]) : 'cf' . $no . '_field_' . $i; $custom_error .= '$#$' . $fielderr . '|'; } } ### check for title attrib $obj = explode('|title:', $obj[0], 2); $obj[] = ""; $fieldTitle = $obj[1] != '' ? str_replace('"', '"', stripslashes($obj[1])) : ''; ###debug cforms2_dbg("\t\t title check, obj[0] = " . $obj[0]); ### special treatment for selectboxes if (in_array($field_type, array('multiselectbox', 'selectbox', 'radiobuttons', 'send2author', 'checkbox', 'checkboxgroup', 'ccbox', 'emailtobox'))) { $chkboxClicked = array(); if (in_array($field_type, array('checkbox', 'ccbox')) && strpos($obj[0], '|set:') > 1) { $chkboxClicked = explode('|set:', stripslashes($obj[0])); $obj[0] = $chkboxClicked[0]; } $chkboxClicked[] = ""; $chkboxClicked[] = ""; ###debug cforms2_dbg("\t\t found checkbox:, obj[0] = " . $obj[0]); $options = explode('#', stripslashes($obj[0])); if (in_array($field_type, array('checkbox', 'ccbox'))) { $field_name = $options[0] == '' ? $options[1] : $options[0]; } else { $field_name = $options[0]; } ###debug cforms2_dbg("\t\t left from '#' (=field_name) = " . $options[0] . ", right from '#': " . $options[1] . " -> field_name= {$field_name}"); } ### check if fieldset is open if (!$fieldsetopen && !$ol && $field_type != 'fieldsetstart') { $content .= '<ol class="cf-ol">'; $ol = true; } $defaultvalue = ''; ### setting the default val & regexp if it exists if (!in_array($field_type, array('fieldsetstart', 'fieldsetend', 'radiobuttons', 'send2author', 'checkbox', 'checkboxgroup', 'ccbox', 'emailtobox', 'multiselectbox', 'selectbox'))) { ### check if default val & regexp are set $obj = explode('|', $obj[0], 3); $obj[] = ""; $obj[] = ""; if ($obj[2] != '') { $reg_exp = str_replace('"', '"', stripslashes($obj[2])); } else { $reg_exp = ''; } if ($obj[1] != '') { $defaultvalue = str_replace(array('"', '\\n'), array('"', "\r"), cforms2_check_default_vars(stripslashes($obj[1]), $no)); } $field_name = $obj[0]; } ### label ID's $labelIDx = ''; $labelID = $cformsSettings['global']['cforms_labelID'] == '1' ? ' id="label-' . $no . '-' . $i . '"' : ''; ### <li> ID's $liID = $cformsSettings['global']['cforms_liID'] == '1' || substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) == "y" || substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) == "y" ? ' id="li-' . $no . '-' . $i . '"' : ''; ### input field names & label $isFieldArray = false; if ($cformsSettings['form' . $no]['cforms' . $no . '_customnames'] == '1') { if (strpos($field_name, '[id:') !== false) { $isFieldArray = strpos($field_name, '[]'); $idPartA = strpos($field_name, '[id:'); $idPartB = strrpos($field_name, ']', $idPartA); if ($isFieldArray) { $input_id = $input_name = cforms2_sanitize_ids(substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4)); if (!$inpFieldArr[$input_id] || $inpFieldArr[$input_id] == '') { $inpFieldArr[$input_id] = 1; } $input_id .= $inpFieldArr[$input_id]++; $input_name .= '[]'; } else { $input_id = $input_name = cforms2_sanitize_ids(substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4)); } $field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1); ###debug cforms2_dbg("\t \t parsing custom ID/NAME...new field_name = {$field_name}, ID={$input_id}"); } else { $input_id = $input_name = cforms2_sanitize_ids(stripslashes($field_name)); } } else { $input_id = $input_name = 'cf' . $no . '_field_' . $i; } $field_class = ''; $field_value = ''; $captchas = cforms2_get_pluggable_captchas(); if (array_key_exists($field_type, $captchas) && is_user_logged_in() && !$captchas[$field_type]->check_authn_users()) { continue; } switch ($field_type) { case 'captcha': if (is_user_logged_in() && $cformsSettings['global']['cforms_captcha_def']['fo'] != '1') { continue 2; } $input_id = $input_name = 'cforms_captcha' . $no; break; case 'upload': $input_id = $input_name = 'cf_uploadfile' . $no . '-' . $i; $field_class = 'upload'; break; case "send2author": case "email": case "cauthor": case "url": $input_id = $input_name = $field_type; case "datepicker": case "yourname": case "youremail": case "friendsname": case "friendsemail": case "textfield": case "pwfield": $field_class = 'single'; break; case "hidden": $field_class = 'hidden'; break; case 'comment': $input_id = $input_name = $field_type; $field_class = 'area'; break; case 'textarea': $field_class = 'area'; break; default: } ### additional field classes if ($field_disabled) { $field_class .= ' disabled'; } if ($field_readonly) { $field_class .= ' readonly'; } if ($field_emailcheck) { $field_class .= ' fldemail'; } if ($field_required) { $field_class .= ' fldrequired'; } ### error ? $liERR = $insertErr = ''; ### only for mp forms if ($moveBack || $isMPform) { // $isMPformNext $field_value = htmlspecialchars(stripslashes($_SESSION['cforms']['cf_form' . $no][$_SESSION['cforms']['cf_form' . $no]['$$$' . $sItem++]])); cforms2_dbg('retrieving session values to pre-fill...' . $field_value); } if (!$all_valid) { ### errors... if (!$server_upload_size_error && $validations[$i] != 1) { $field_class .= ' cf_error'; ### enhanced error display if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) == "y") { $liERR = 'cf_li_err'; } if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) == "y") { $insertErr = $fielderr != '' ? '<ul class="cf_li_text_err"><li>' . stripslashes($fielderr) . '</li></ul>' : ''; } } if (!isset($_REQUEST[$input_name])) { $_REQUEST[$input_name] = ''; } ### the field could not be there at all if ($field_type == 'multiselectbox' || $field_type == 'checkboxgroup') { $field_value = $_REQUEST[$input_name]; } else { $field_value = htmlspecialchars(stripslashes($_REQUEST[$input_name])); } } else { if (!isset($_REQUEST['sendbutton' . $no]) && isset($_REQUEST[$input_name]) || $cformsSettings['form' . $no]['cforms' . $no . '_dontclear']) { ### only pre-populating fields... if ($field_type == 'multiselectbox' || $field_type == 'checkboxgroup') { $field_value = $_REQUEST[$input_name]; } else { $field_value = htmlspecialchars(stripslashes($_REQUEST[$input_name])); } } } ### print label only for non "textonly" fields! Skip some others too, and handle them below indiv. $standard_field = !in_array($field_type, array('hidden', 'textonly', 'fieldsetstart', 'fieldsetend', 'ccbox', 'checkbox', 'checkboxgroup', 'send2author', 'radiobuttons')); if ($standard_field) { $content .= '<li' . $liID . ' class="' . $liERR . '">' . $insertErr; if (!in_array($field_type, array_keys($captchas))) { $content .= '<label' . $labelID . ' for="' . $input_id . '"' . ($field_type == 'captcha' ? ' class="seccap"' : '') . '><span>' . stripslashes($field_name) . '</span></label>'; } } ### if not reloaded (due to err) then use default values if ($field_value == '' && $defaultvalue != '') { $field_value = $defaultvalue; } ### field disabled or readonly, greyed out? $disabled = $field_disabled ? ' disabled="disabled"' : ''; $readonly = $field_readonly ? ' readonly="readonly"' : ''; ### add input field $dp = ''; $field = ''; $val = ''; $force_checked = false; $cookieset = ''; if (array_key_exists($field_type, $captchas)) { $req = $captchas[$field_type]->get_request('secinput ' . $field_class, $fieldTitle); $field = $req['html'] . '<input type="hidden" name="' . $field_type . '/hint" value="' . rawurlencode($req['hint']) . '"/>'; } else { switch ($field_type) { case "upload": $upload = true; ### set upload flag for ajax suppression! $field = '<input' . $readonly . $disabled . ' type="file" name="cf_uploadfile' . $no . '[]" id="cf_uploadfile' . $no . '-' . $i . '" class="cf_upload ' . $field_class . '" title="' . $fieldTitle . '"/>'; break; case "textonly": $field .= '<li' . $liID . ' class="textonly' . ($defaultvalue != '' ? ' ' . $defaultvalue : '') . '"' . ($reg_exp != '' ? ' style="' . $reg_exp . '" ' : '') . '>' . stripslashes($field_name) . '</li>'; break; case "fieldsetstart": if ($fieldsetopen) { $field = '</ol></fieldset>'; $fieldsetopen = false; $ol = false; } if (!$fieldsetopen) { if ($ol) { $field = '</ol>'; } $field .= '<fieldset class="cf-fs' . $fscount++ . '">' . '<legend>' . stripslashes($field_name) . '</legend>' . '<ol class="cf-ol">'; $fieldsetopen = true; $ol = true; } break; case "fieldsetend": if ($fieldsetopen) { $field = '</ol></fieldset>'; $fieldsetopen = false; $ol = false; } else { $field = ''; } break; case "captcha": $field = '<input type="text" name="' . $input_name . '" id="cforms_captcha' . $no . '" class="secinput' . $field_class . '" title="' . $fieldTitle . '"/>' . '<img id="cf_captcha_img' . $no . '" class="captcha" src="#" alt=""/><script type="text/javascript">jQuery(function() {reset_captcha(' . $no . ');});</script>' . '<a title="' . __('reset captcha image', 'cforms') . '" href="javascript:reset_captcha(\'' . $no . '\')"><img class="captcha-reset" src="' . plugin_dir_url(__FILE__) . 'images/spacer.gif" alt="Captcha"/></a>'; $captcha = true; break; case "cauthor": $cookieset = 'comment_author_' . COOKIEHASH; case "url": $cookieset = $cookieset == '' ? 'comment_author_url_' . COOKIEHASH : $cookieset; case "email": $cookieset = $cookieset == '' ? 'comment_author_email_' . COOKIEHASH : $cookieset; $field_value = $_COOKIE[$cookieset] != '' ? $_COOKIE[$cookieset] : $field_value; case "datepicker": case "yourname": case "youremail": case "friendsname": case "friendsemail": case "textfield": case "pwfield": case "html5color": case "html5date": case "html5datetime": case "html5datetime-local": case "html5email": case "html5month": case "html5number": case "html5range": case "html5search": case "html5tel": case "html5time": case "html5url": case "html5week": $field_value = cforms2_check_post_vars($field_value); $h5 = ''; if (strpos($field_type, 'tml5') !== false) { $type = substr($field_type, 5); if (is_array($html5)) { $h5_0 = $html5[0] == '1' ? ' autocomplete="on"' : ''; $h5_1 = $html5[1] == '1' ? ' autofocus ="autofocus"' : ''; $h5_2 = $html5[2] != '' ? ' min="' . $html5[2] . '"' : ''; $h5_3 = $html5[3] != '' ? ' max="' . $html5[3] . '"' : ''; $h5_4 = $html5[4] != '' ? ' pattern="' . $html5[4] . '"' : ''; $h5_5 = $html5[5] != '' ? ' step="' . $html5[5] . '"' : ''; $h5_6 = $html5[6] != '' ? ' placeholder="' . $html5[6] . '"' : ''; $h5 = $h5_0 . $h5_1 . $h5_2 . $h5_3 . $h5_4 . $h5_5 . $h5_6; } $h5_7 = $field_required ? ' required="required"' : ''; $h5 .= $h5_7 . ' '; ###debug cforms2_dbg('......html5 attributes: ' . $h5); } else { $type = $field_type == 'pwfield' ? 'password' : 'text'; } $field_class = $field_type == 'datepicker' ? $field_class . ' cf_date' : $field_class; $onfocus = $field_clear ? ' onfocus="clearField(this)" onblur="setField(this)"' : ''; $field = '<input' . $h5 . $readonly . $disabled . ' type="' . $type . '" name="' . $input_name . '" id="' . $input_id . '" class="' . $field_class . '" value="' . $field_value . '"' . $onfocus . ' title="' . $fieldTitle . '"/>'; if ($reg_exp != '') { $field .= '<input type="hidden" name="' . $input_name . '_regexp" id="' . $input_id . '_regexp" value="' . $reg_exp . '" title="' . $fieldTitle . '"/>'; } $field .= $dp; break; case "hidden": $field_value = cforms2_check_post_vars($field_value); $field_value = cforms2_check_default_vars($field_value, $no); if (preg_match('/^<([a-zA-Z0-9]+)>$/', $field_value, $getkey)) { $field_value = $_GET[$getkey[1]]; } $field .= '<li class="cf_hidden"><input type="hidden" class="cfhidden" name="' . $input_name . '" id="' . $input_id . '" value="' . $field_value . '" title="' . $fieldTitle . '"/></li>'; break; case "comment": case "textarea": $onfocus = $field_clear ? ' onfocus="clearField(this)" onblur="setField(this)"' : ''; $field = '<textarea' . $readonly . $disabled . ' cols="30" rows="8" name="' . $input_name . '" id="' . $input_id . '" class="' . $field_class . '"' . $onfocus . ' title="' . $fieldTitle . '">' . $field_value . '</textarea>'; if ($reg_exp != '') { $field .= '<input type="hidden" name="' . $input_name . '_regexp" id="' . $input_id . '_regexp" value="' . $reg_exp . '" title="' . $fieldTitle . '"/>'; } break; case "ccbox": case "checkbox": if (!$all_valid || $all_valid && $cformsSettings['form' . $no]['cforms' . $no . '_dontclear'] || $isMPform && is_array($_SESSION['cforms']['cf_form' . $no])) { //exclude MP! if first time on the form = array = null $preChecked = $field_value && $field_value != '' ? ' checked="checked"' : ''; } else { $preChecked = strpos($chkboxClicked[1], 'true') !== false ? ' checked="checked"' : ''; } // $all_valid = user choice prevails $err = ''; if (!$server_upload_size_error && !$all_valid && $validations[$i] != 1) { $err = ' cf_errortxt'; } $opt = explode('|', $field_name, 2); $opt[] = ""; if ($options[1] != '') { ### $options = explode('#', stripslashes($obj[0]) ) (line 476) $before = '<li' . $liID . ' class="' . $liERR . '">' . $insertErr; $after = '<label' . $labelID . ' for="' . $input_id . '" class="cf-after' . $err . '"><span>' . $opt[0] . '</span></label></li>'; $ba = 'a'; } else { $before = '<li' . $liID . ' class="' . $liERR . '">' . $insertErr . '<label' . $labelID . ' for="' . $input_name . '" class="cf-before' . $err . '"><span>' . $opt[0] . '</span></label>'; $after = '</li>'; $ba = 'b'; } ### if | val provided, then use "X" if ($val == '') { $val = $opt[1] != '' ? ' value="' . $opt[1] . '"' : ''; } $field = $before . '<input' . $readonly . $disabled . ' type="checkbox" name="' . $input_name . '" id="' . $input_id . '" class="cf-box-' . $ba . $field_class . '"' . $val . ' title="' . $fieldTitle . '"' . $preChecked . '/>' . $after; break; case "checkboxgroup": $liID_b = $liID != '' ? substr($liID, 0, -1) . 'items"' : ''; array_shift($options); $field .= '<li' . $liID . ' class="cf-box-title">' . $field_name . '</li>' . '<li' . $liID_b . ' class="cf-box-group">'; $id = 1; $j = 0; ### mp session support if (($moveBack || $isMPform) && !is_array($field_value)) { $field_value = explode(',', $field_value); } foreach ($options as $option) { ### supporting names & values $boxPreset = explode('|set:', $option); $opt = explode('|', $boxPreset[0], 2); if ($opt[1] == '') { $opt[1] = $opt[0]; } $checked = ''; if ($moveBack || $isMPform) { //$isMPformNext if (in_array($opt[1], array_values($field_value))) { $checked = 'checked="checked"'; } } elseif (is_array($field_value)) { if ($opt[1] == htmlspecialchars(stripslashes(strip_tags($field_value[$j])))) { $checked = 'checked="checked"'; $j++; } } else { if (strpos($boxPreset[1], 'true') !== false) { $checked = ' checked="checked"'; } } $brackets = $isFieldArray ? '' : '[]'; if ($labelID != '') { $labelIDx = substr($labelID, 0, -1) . $id . '"'; } if ($opt[0] == '') { $field .= '<br />'; } else { $field .= '<input' . $readonly . $disabled . ' type="checkbox" id="' . $input_id . '-' . $id . '" name="' . $input_name . $brackets . '" value="' . $opt[1] . '" ' . $checked . ' class="cf-box-b" title="' . $fieldTitle . '"/>' . '<label' . $labelIDx . ' for="' . $input_id . '-' . $id++ . '" class="cf-group-after"><span>' . $opt[0] . "</span></label>"; } } $field .= '</li>'; break; case "multiselectbox": $field .= '<select' . $readonly . $disabled . ' multiple="multiple" name="' . $input_name . '[]" id="' . $input_id . '" class="cfselectmulti ' . $field_class . '" title="' . $fieldTitle . '">'; array_shift($options); $j = 0; ### mp session support if ($moveBack || $isMPform) { //$isMPformNext $field_value = explode(',', $field_value); } foreach ($options as $option) { ### supporting names & values $optPreset = explode('|set:', $option); $opt = explode('|', $optPreset[0], 2); if ($opt[1] == '') { $opt[1] = $opt[0]; } $checked = ''; if ($moveBack || $isMPform) { if (in_array($opt[1], array_values($field_value))) { $checked = 'selected="selected"'; } } elseif (is_array($field_value)) { if ($opt[1] == stripslashes(htmlspecialchars(strip_tags($field_value[$j])))) { $checked = ' selected="selected"'; $j++; } } else { if (strpos($optPreset[1], 'true') !== false) { $checked = ' selected="selected"'; } } $field .= '<option value="' . str_replace('"', '"', $opt[1]) . '"' . $checked . '>' . $opt[0] . '</option>'; } $field .= '</select>'; break; case "emailtobox": case "selectbox": $field = '<select' . $readonly . $disabled . ' name="' . $input_name . '" id="' . $input_id . '" class="cformselect' . $field_class . '" title="' . $fieldTitle . '">'; array_shift($options); $jj = $j = 0; foreach ($options as $option) { ### supporting names & values $optPreset = explode('|set:', $option); $optPreset[] = ""; $opt = explode('|', $optPreset[0], 2); $opt[] = ""; if ($opt[1] == '') { $opt[1] = $opt[0]; } ### email-to-box valid entry? if ($field_type == 'emailtobox' && $opt[1] != '-') { $jj = $j; } else { $jj = '-'; } $j++; $checked = ''; if ($field_value == '' || $field_value == '-') { if (strpos($optPreset[1], 'true') !== false) { $checked = ' selected="selected"'; } } else { if ($opt[1] == $field_value || $jj == $field_value) { $checked = ' selected="selected"'; } } $field .= '<option value="' . ($field_type == 'emailtobox' ? $jj : $opt[1]) . '"' . $checked . '>' . $opt[0] . '</option>'; } $field .= '</select>'; break; case "send2author": $force_checked = strpos($field_stat[0], '|set:') === false ? true : false; case "radiobuttons": $liID_b = $liID != '' ? substr($liID, 0, -1) . 'items"' : ''; ### only if label ID's active array_shift($options); $field .= '<li' . $liID . ' class="' . $liERR . ' cf-box-title">' . $insertErr . $field_name . '</li>' . '<li' . $liID_b . ' class="cf-box-group">'; $id = 1; foreach ($options as $option) { $checked = ''; ### supporting names & values $radioPreset = explode('|set:', $option); $opt = explode('|', $radioPreset[0], 2); $opt[] = ""; if ($opt[1] == '') { $opt[1] = $opt[0]; } if ($field_value == '') { if (strpos($radioPreset[1], 'true') !== false || $force_checked && $id == 1) { $checked = ' checked="checked"'; } } else { if ($opt[1] == $field_value) { $checked = ' checked="checked"'; } } if ($labelID != '') { $labelIDx = substr($labelID, 0, -1) . $id . '"'; } if ($opt[0] == '') { $field .= '<br />'; } else { $field .= '<input' . $readonly . $disabled . ' type="radio" id="' . $input_id . '-' . $id . '" name="' . $input_name . '" value="' . $opt[1] . '"' . $checked . ' class="cf-box-b' . ($field_required ? ' fldrequired' : '') . '" title="' . $fieldTitle . '"/>' . '<label' . $labelIDx . ' for="' . $input_id . '-' . $id++ . '" class="cf-after"><span>' . $opt[0] . "</span></label>"; } } $field .= '</li>'; break; } } ### debug cforms2_dbg("Form setup: {$field_type}, val={$field_value}, default={$defaultvalue}"); ### add new field $content .= $field; ### adding "required" text if needed if ($field_emailcheck == 1) { $content .= '<span class="emailreqtxt">' . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_emailrequired']) . '</span>'; } else { if ($field_required == 1 && !in_array($field_type, array('ccbox', 'checkbox', 'radiobuttons'))) { $content .= '<span class="reqtxt">' . stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_required']) . '</span>'; } } ### close out li item if ($standard_field) { $content .= '</li>'; } } ### all fields ### close any open tags if ($ol) { $content .= '</ol>'; } if ($fieldsetopen) { $content .= '</fieldset>'; } ### rest of the form if ($cformsSettings['form' . $no]['cforms' . $no . '_ajax'] == '1' && !$upload && !$custom && !$alt_action) { $ajaxenabled = ' onclick="return cforms_validate(\'' . $no . '\', false)"'; } else { if (($upload || $custom || $alt_action) && $cformsSettings['form' . $no]['cforms' . $no . '_ajax'] == '1') { $ajaxenabled = ' onclick="return cforms_validate(\'' . $no . '\', true)"'; } else { $ajaxenabled = '/>' . '<input type="hidden" name="action" value="submitcomment_direct"/>' . '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce('submitcomment_direct') . '"'; } } ### just to appease html "strict" $content .= '<fieldset class="cf_hidden"><legend> </legend>'; ### custom error $custom_error = substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 2, 1) . substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 3, 1) . substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 4, 1) . $custom_error; ### TAF or WP comment or Extra Fields if ((int) $isTAF > 0) { $nono = $isWPcommentForm ? '' : $no; if ($isWPcommentForm) { $content .= '<input type="hidden" name="comment_parent" id="comment_parent" value="' . ($_REQUEST['replytocom'] != '' ? $_REQUEST['replytocom'] : '0') . '"/>'; } $content .= '<input type="hidden" name="comment_post_ID' . $nono . '" id="comment_post_ID' . $nono . '" value="' . (isset($_GET['pid']) ? $_GET['pid'] : get_the_ID()) . '"/>' . '<input type="hidden" name="cforms_pl' . $no . '" id="cforms_pl' . $no . '" value="' . (isset($_GET['pid']) ? get_permalink($_GET['pid']) : get_permalink()) . '"/>'; } $content .= '<input type="hidden" name="cf_working' . $no . '" id="cf_working' . $no . '" value="<span>' . rawurlencode($cformsSettings['form' . $no]['cforms' . $no . '_working']) . '</span>"/>' . '<input type="hidden" name="cf_failure' . $no . '" id="cf_failure' . $no . '" value="<span>' . rawurlencode($cformsSettings['form' . $no]['cforms' . $no . '_failure']) . '</span>"/>' . '<input type="hidden" name="cf_codeerr' . $no . '" id="cf_codeerr' . $no . '" value="<span>' . rawurlencode($cformsSettings['global']['cforms_codeerr']) . '</span>"/>' . '<input type="hidden" name="cf_customerr' . $no . '" id="cf_customerr' . $no . '" value="' . rawurlencode($custom_error) . '"/>' . '<input type="hidden" name="cf_popup' . $no . '" id="cf_popup' . $no . '" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_popup'] . '"/>'; $content .= '</fieldset>'; ### multi page form: reset $reset = ''; if ($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_form'] && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_reset']) { $reset = '<input tabindex="999" type="submit" name="resetbutton' . $no . '" id="resetbutton' . $no . '" class="resetbutton" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_resettext'] . '" onclick="return confirm(\'' . __('Note: This will reset all your input!', 'cforms') . '\')">'; } ### multi page form: back $back = ''; if ($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_form'] && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_back'] && !$cformsSettings['form' . $oldno]['cforms' . $no . '_mp']['mp_first']) { $back = '<input type="submit" name="backbutton' . $no . '" id="backbutton' . $no . '" class="backbutton" value="' . $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_backtext'] . '">'; } $content .= '<p class="cf-sb">' . $reset . $back . '<input type="submit" name="sendbutton' . $no . '" id="sendbutton' . $no . '" class="sendbutton" value="' . stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_submit_text'])) . '"' . $ajaxenabled . '/></p>'; if ($isWPcommentForm) { ob_start(); do_action('comment_form', get_the_ID()); $content .= ob_get_clean(); } $content .= '</form>'; ### either show message above or below $usermessage_text = cforms2_check_default_vars($usermessage_text, $no); $usermessage_text = cforms2_check_cust_vars($usermessage_text, $track); if (substr($cformsSettings['form' . $no]['cforms' . $no . '_showpos'], 1, 1) == 'y' && !($success && $cformsSettings['form' . $no]['cforms' . $no . '_hide'])) { $content .= '<div id="usermessage' . $no . 'b" class="cf_info ' . $usermessage_class . $umc . '" >' . $usermessage_text . '</div>'; } ### debug cforms2_dbg("(cforms) Last stop..." . print_r($_SESSION, 1)); return $content; }
function cforms2_submitcomment() { check_admin_referer('submitcomment'); global $cformsSettings, $wpdb, $subID, $track, $trackf, $Ajaxpid, $AjaxURL, $WPresp, $commentparent; header('Content-Type: text/plain'); $content = ''; if (isset($_POST['rsargs'])) { $content = $_POST['rsargs']; } $WPsuccess = false; $content = explode('+++', $content); ### Added special fields if (count($content) > 3) { $commentparent = $content[1]; $Ajaxpid = $content[2]; $AjaxURL = $content[3]; } else { $Ajaxpid = $content[1]; $AjaxURL = $content[2]; } $segments = explode('$#$', $content[0]); $params = array(); $user = wp_get_current_user(); for ($i = 1; $i <= sizeof($segments); $i++) { $params['field_' . $i] = $segments[$i]; } ### fix reference to first form if ($segments[0] == '1') { $params['id'] = $no = ''; } else { $params['id'] = $no = $segments[0]; } ### TAF flag $isTAF = substr($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'], 0, 1); ### user filter ? if (function_exists('my_cforms_ajax_filter')) { my_cforms_ajax_filter($params); } ### init variables $track = array(); $trackinstance = array(); $to_one = -1; $ccme = false; $field_email = ''; $off = 0; $fieldsetnr = 1; $taf_youremail = false; $taf_friendsemail = false; ### form limit reached if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && cforms2_get_submission_left($no) == 0 || !cforms2_check_time($no)) { $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1); echo $pre . preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt'])); die; } $captchaopt = $cformsSettings['global']['cforms_captcha_def']; for ($i = 1; $i <= sizeof($params) - 2; $i++) { $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]); while (in_array($field_stat[1], array('fieldsetstart', 'fieldsetend', 'textonly', 'captcha', 'verification'))) { if ($field_stat[1] == 'captcha' && !(is_user_logged_in() && $captchaopt['fo'] != '1')) { break; } if (cforms2_check_pluggable_captchas_authn_users($field_stat[1])) { break; } if ($field_stat[1] == 'fieldsetstart') { $track['$$$' . ((int) $i + (int) $off)] = 'Fieldset' . $fieldsetnr; $track['Fieldset' . $fieldsetnr++] = $field_stat[0]; } elseif ($field_stat[1] == 'fieldsetend') { $track['FieldsetEnd' . $fieldsetnr++] = '--'; } ### get next in line... $off++; $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]); if ($field_stat[1] == '') { break 2; } ### all fields searched, break both while & for } ### filter all redundant WP comment fields if user is logged in while (in_array($field_stat[1], array('cauthor', 'email', 'url')) && $user->ID) { $temp = explode('|', $field_stat[0], 3); ### get field name $temp = explode('#', $temp[0], 2); switch ($field_stat[1]) { case 'cauthor': $track['cauthor'] = $track[$temp[0]] = $user->display_name; $track['$$$' . ((int) $i + (int) $off)] = $temp[0]; break; case 'email': $track['email'] = $track[$temp[0]] = $field_email = $user->user_email; $track['$$$' . ((int) $i + (int) $off)] = $temp[0]; break; case 'url': $track['url'] = $track[$temp[0]] = $user->user_url; $track['$$$' . ((int) $i + (int) $off)] = $temp[0]; break; } $off++; $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]); if ($field_stat[1] == '') { break 2; } ### all fields searched, break both while & for } $field_name = $field_stat[0]; $field_type = $field_stat[1]; ### remove [id: ] first if (strpos($field_name, '[id:') !== false) { preg_match('/^([^\\[]*)\\[id:([^\\|\\]]+(\\[\\])?)\\]([^\\|]*).*/', $field_name, $input_name); // author: cbacchini $field_name = $input_name[1] . $input_name[4]; $customTrackingID = cforms2_sanitize_ids($input_name[2]); } else { $customTrackingID = ''; } ### dissect field $obj = explode('|', $field_name, 3); ### strip out default value $field_name = $obj[0]; ### special WP comment fields if (in_array($field_stat[1], array('cauthor', 'email', 'url', 'comment', 'send2author'))) { $temp = explode('#', $field_name, 2); if ($temp[0] == '') { $field_name = $field_stat[1]; } else { $field_name = $temp[0]; } ### keep copy of values $track[$field_stat[1]] = stripslashes($params['field_' . $i]); if ($field_stat[1] == 'email') { $field_email = $params['field_' . $i]; } } ### special Tell-A-Friend fields if ($taf_friendsemail == '' && $field_type == 'friendsemail' && $field_stat[3] == '1') { preg_match("/^[_a-z0-9+-]+(\\.[_a-z0-9+-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,4})\$/i", $params['field_' . $i], $r); $field_email = $taf_friendsemail = $r[1]; // double checking anti spam TAF } if ($taf_youremail == '' && $field_type == 'youremail' && $field_stat[3] == '1') { $taf_youremail = $params['field_' . $i]; } if ($field_type == 'friendsname') { $taf_friendsname = $params['field_' . $i]; } if ($field_type == 'yourname') { $taf_yourname = $params['field_' . $i]; } ### lets find an email field ("Is Email") and that's not empty! if ($field_email == '' && $field_stat[3] == '1') { $field_email = $params['field_' . $i]; } ### special case: select & radio if ($field_type == "multiselectbox" || $field_type == "selectbox" || $field_type == "radiobuttons" || $field_type == "checkboxgroup") { $field_name = explode('#', $field_name); $field_name = $field_name[0]; } ### special case: check box if ($field_type == "checkbox" || $field_type == "ccbox") { $field_name = explode('#', $field_name); $field_name = $field_name[1] == '' ? $field_name[0] : $field_name[1]; $field_name = explode('|', $field_name); $field_name = $field_name[0]; ### if ccbox & checked if ($field_type == "ccbox" && $params['field_' . $i] != "") { //10.2. removed "-" ##$ccme = 'field_' . $i; $ccme = $field_name; } } if ($field_type == "emailtobox") { ### special case where the value needs to bet get from the DB! $to_one = $params['field_' . $i]; $field_name = explode('#', $field_stat[0]); ### can't use field_name, since '|' check earlier $tmp = explode('|', $field_name[$to_one + 1]); ### remove possible |set:true $value = $tmp[0]; ### values start from 0 or after! $to = $replyto = stripslashes($tmp[1]); $field_name = $field_name[0]; } else { if (strtoupper(get_option('blog_charset')) != 'UTF-8' && function_exists('mb_convert_encoding')) { $value = mb_convert_encoding(utf8_decode(stripslashes($params['field_' . $i])), get_option('blog_charset')); } else { $value = stripslashes($params['field_' . $i]); } } ### only if hidden! if ($field_type == 'hidden') { $value = rawurldecode($value); } ### check boxes if ($field_type == "checkbox" || $field_type == "ccbox") { if ($value == 'on') { $value = '(x)'; } else { $value = ''; } } ### determine tracked field name $inc = ''; $trackname = trim($field_name); if (array_key_exists($trackname, $track)) { if ($trackinstance[$trackname] == '') { $trackinstance[$trackname] = 2; } $inc = '___' . $trackinstance[$trackname]++; } $track['$$$' . (int) ($i + $off)] = $trackname . $inc; $track[$trackname . $inc] = $value; if ($customTrackingID != '') { $track['$$$' . $customTrackingID] = $trackname . $inc; } } ### for ### prefilter user input if (function_exists('my_cforms_filter')) { my_cforms_filter($no); } ### assemble text & html email $r = cforms2_format_email($track, $no); $formdata = $r['text']; $htmlformdata = $r['html']; ### ### record: ### $subID = $isTAF == '2' && $track['send2author'] != '1' ? 'noid' : cforms2_write_tracking_record($no, $field_email); ### ### allow the user to use form data for other apps ### $trackf['id'] = $no; $trackf['data'] = $track; if (function_exists('my_cforms_action')) { try { my_cforms_action($trackf); } catch (Exception $exc) { echo $segments[0] . '*$#y' . $exc->getMessage() . '|---'; die; } } $isAjaxWPcomment = substr($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'], 0, 1) === '2'; ### Catch WP-Comment function | if send2author just continue if ($isAjaxWPcomment !== false && (!isset($track['send2author']) || $track['send2author'] == '0')) { require_once plugin_dir_path(__FILE__) . 'lib_WPcomment.php'; ### Catch WP-Comment function: error if (!$WPsuccess) { echo $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1) . $WPresp . '|---'; die; } } ### Catch WP-Comment function ### multiple recipients? and to whom is the email sent? to_one = picked recip. if ($isAjaxWPcomment !== false && $track['send2author'] == '1') { $to = $wpdb->get_results($wpdb->prepare("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = %d AND U.ID=P.post_author", $Ajaxpid)); $to = $replyto = $to[0]->user_email != '' ? $to[0]->user_email : $replyto; } else { if (!($to_one != -1 && $to != '')) { $to = $replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_email'])); } } ### from $frommail = cforms2_check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track); ### T-A-F override? if ($isTAF == '1' && $taf_youremail && $taf_friendsemail) { $replyto = "\"{$taf_yourname}\" <{$taf_youremail}>"; } ### logic: dynamic admin email address if (function_exists('my_cforms_logic')) { $to = my_cforms_logic($trackf, $to, 'adminTO'); } ### use trackf! ### either use configured subject or user determined $vsubject = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_subject']); if (function_exists('my_cforms_logic')) { $vsubject = my_cforms_logic($trackf, $vsubject, 'adminEmailSUBJ'); } $vsubject = cforms2_check_default_vars($vsubject, $no); $vsubject = cforms2_check_cust_vars($vsubject, $track); ### prep message text, replace variables $message = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header']); if (function_exists('my_cforms_logic')) { $message = my_cforms_logic($trackf, $message, 'adminEmailTXT'); } $message = cforms2_check_default_vars($message, $no); $message = cforms2_check_cust_vars($message, $track); ### actual user message $htmlmessage = ''; if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 2, 1) == '1') { $htmlmessage = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header_html']); if (function_exists('my_cforms_logic')) { $htmlmessage = my_cforms_logic($trackf, $htmlmessage, 'adminEmailHTML'); } $htmlmessage = cforms2_check_default_vars($htmlmessage, $no); $htmlmessage = cforms2_check_cust_vars($htmlmessage, $track, true); } ### custom user ReplyTo handling if (function_exists('my_cforms_logic')) { $userReplyTo = my_cforms_logic($trackf, $field_email, 'ReplyTo'); } else { $userReplyTo = $field_email; } $mail = new cforms2_mail($no, $frommail, $to, $userReplyTo, true); $mail->subj = $vsubject; ### HTML email if ($mail->html_show) { $mail->is_html(true); $mail->body = $cformsSettings['global']['cforms_style_doctype'] . $mail->eol . "<html xmlns=\"http://www.w3.org/1999/xhtml\">" . $mail->eol . "<head><title></title></head>" . $mail->eol . "<body {$cformsSettings['global']['cforms_style']['body']}>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol; $mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } else { $mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } if ($cformsSettings['form' . $no]['cforms' . $no . '_emailoff'] == '1' || $WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] != '21') { $sentadmin = 1; } else { $sentadmin = $mail->send(); } if ($sentadmin == 1) { ### send copy or notification? if ($cformsSettings['form' . $no]['cforms' . $no . '_confirm'] == '1' && $field_email != '' || $ccme && $trackf[data][$ccme] != '') { $frommail = cforms2_check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track); ### actual user message $cmsg = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg']); if (function_exists('my_cforms_logic')) { $cmsg = my_cforms_logic($trackf, $cmsg, 'autoConfTXT'); } $cmsg = cforms2_check_default_vars($cmsg, $no); $cmsg = cforms2_check_cust_vars($cmsg, $track); ### HTML text $cmsghtml = ''; if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 3, 1) == '1') { $cmsghtml = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg_html']); if (function_exists('my_cforms_logic')) { $cmsghtml = my_cforms_logic($trackf, $cmsghtml, 'autoConfHTML'); } $cmsghtml = cforms2_check_default_vars($cmsghtml, $no); $cmsghtml = cforms2_check_cust_vars($cmsghtml, $track, true); } ### subject $subject2 = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_csubject']); if (function_exists('my_cforms_logic')) { $subject2 = my_cforms_logic($trackf, $subject2, 'autoConfSUBJ'); } $subject2 = cforms2_check_default_vars($subject2, $no); $subject2 = cforms2_check_cust_vars($subject2, $track); ### different cc & ac subjects? $s = explode('$#$', $subject2); $s[1] = $s[1] != '' ? $s[1] : $s[0]; ### email tracking via 3rd party? ### if in Tell-A-Friend Mode, then overwrite header stuff... if ($taf_youremail && $taf_friendsemail && $isTAF == '1') { $field_email = "\"{$taf_friendsname}\" <{$taf_friendsemail}>"; } else { $field_email = $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] != '' ? $field_email . $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] : $field_email; } $mail = new cforms2_mail($no, $frommail, $field_email, $replyto); ### auto conf attachment? $a = $cformsSettings['form' . $no]['cforms' . $no . '_cattachment'][0]; $a = substr($a, 0, 1) == '/' ? $a : plugin_dir_path(__FILE__) . $a; if ($a != '' && file_exists($a)) { $mail->add_file($a); ### optional name } ### CC or auto conf? if ($ccme && $trackf[data][$ccme] != '') { $mail->subj = $s[1]; if ($mail->html_show) { // 3.2.2012 changed from html_show_ac > admin email setting dictates this! $mail->is_html(true); $mail->body = $cformsSettings['global']['cforms_style_doctype'] . $mail->eol . "<html xmlns=\"http://www.w3.org/1999/xhtml\">" . $mail->eol . "<head><title></title></head>" . $mail->eol . "<body {$cformsSettings['global']['cforms_style']['body']}>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol; $mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } else { $mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } $sent = $mail->send(); } else { $mail->subj = $s[0]; if ($mail->html_show_ac) { $mail->is_html(true); $mail->body = $cformsSettings['global']['cforms_style_doctype'] . $mail->eol . "<html xmlns=\"http://www.w3.org/1999/xhtml\">" . $mail->eol . "<head><title></title></head>" . $mail->eol . "<body {$cformsSettings['global']['cforms_style']['body']}>" . $cmsghtml . "</body></html>" . $mail->eol; $mail->body_alt = $cmsg; } else { $mail->body = $cmsg; } $sent = $mail->send(); } if ($sent != '1') { $err = __('Error occurred while sending the auto confirmation message: ', 'cforms') . '<br />' . $mail->err; $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1); echo $pre . $err . '|!!!'; die; } } ### cc ### return success msg $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1); ### WP-Comment: override if ($WPsuccess) { $successMsg = $WPresp; } else { $successMsg = cforms2_check_default_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success']), $no); $successMsg = str_replace($mail->eol, '<br />', $successMsg); } $successMsg = cforms2_check_cust_vars($successMsg, $track); ### logic: possibly change usermessage if (function_exists('my_cforms_logic')) { $successMsg = my_cforms_logic($trackf, $successMsg, 'successMessage'); } $opt = ''; ### hide? if ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] || cforms2_get_submission_left($no) == 0) { $opt .= '|~~~'; } ### redirect to a different page on suceess? if ($cformsSettings['form' . $no]['cforms' . $no . '_redirect']) { if (function_exists('my_cforms_logic')) { $red = my_cforms_logic($trackf, $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'], 'redirection'); if ($red != '') { $opt .= '|>>>' . $red; } ### use trackf! } else { $opt .= '|>>>' . $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page']; } } echo $pre . $successMsg . $opt; } else { ### no admin mail sent! ### return error msg $err = __('Error occurred while sending the message: ', 'cforms') . '<br />' . $mail->err; $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1); echo $pre . $err . '|!!!'; } die; }
function getCSVTAB($format = 'csv') { global $fnames, $wpdb, $count, $temp, $where, $in_list, $sortBy, $sortOrder, $cformsSettings, $charset; $results = $wpdb->get_results("SELECT ip, id, sub_date, form_id, field_name,field_val FROM {$wpdb->cformsdata},{$wpdb->cformssubmissions} WHERE sub_id=id {$where} {$in_list} ORDER BY {$sortBy} {$sortOrder}, f_id ASC"); /* mysql_connect(DB_HOST,DB_USER,DB_PASSWORD); @mysql_select_db(DB_NAME) or die( "Unable to select database"); $sql = "SELECT ip, id, sub_date, form_id, field_name,field_val FROM {$wpdb->cformsdata},{$wpdb->cformssubmissions} WHERE sub_id=id $where $in_list ORDER BY $sortBy $sortOrder, f_id ASC"; $r = mysql_query($sql); */ $br = "\n"; $buffer = array(); $body = ''; $sub_id = ''; $format = $format == "csv" ? "," : "\t"; $ipTab = $_GET['addip'] == 'true' ? $format : ''; $head = $_GET['header'] == 'true' ? $format . $format . $ipTab : ''; $last_n = ''; foreach ($results as $key => $entry) { ### while( $entry = mysql_fetch_array($r) ){ if ($entry->field_name == 'page' || strpos($entry->field_name, 'Fieldset') !== false) { continue; } $next_n = $entry->form_id == '' ? '1' : $entry->form_id; if ($sub_id != $entry->id) { ### new record starts if ($buffer[body] != '') { if ($_GET['header'] == 'true' && $buffer[last_n] != $buffer[last2_n]) { fwrite($temp, $buffer[head] . $br . $buffer[body] . $br); } else { fwrite($temp, $buffer[body] . $br); } } $buffer[body] = $body; ### save 1 line $buffer[head] = $head; ### save 1 line $buffer[last2_n] = $buffer[last_n]; $buffer[last_n] = $last_n; $body = '"' . __('Form', 'cforms') . ': ' . encData($fnames[$next_n]) . '"' . $format . '"' . encData($entry->sub_date) . '"' . $format . ($_GET['addip'] == 'true' ? $entry->ip . $format : ''); $head = $_GET['header'] == 'true' ? $format . $format . $ipTab : ''; $last_n = $next_n; $sub_id = $entry->id; } $url = ''; $urlTab = ''; if ($_GET['addurl'] == 'true' && strpos($entry->field_name, '[*')) { preg_match('/.*\\[\\*(.*)\\]$/i', $entry->field_name, $t); $no = $t[1] == '' ? $entry->form_id : ($t[1] == 1 ? '' : $t[1]); $urlTab = $format; $entry->field_name = substr($entry->field_name, 0, strpos($entry->field_name, '[*')); $t = explode('$#$', stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_upload_dir']))); $fdir = $t[0]; $fdirURL = $t[1]; $subID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->id . '-'; if ($fdirURL == '') { $url = $cformsSettings['global']['cforms_root'] . substr($fdir, strpos($fdir, $cformsSettings['global']['plugindir']) + strlen($cformsSettings['global']['plugindir']), strlen($fdir)); } else { $url = $fdirURL; } $passID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->id; $fileInfoArr = array('name' => strip_tags($entry->field_val), 'path' => $url, 'subID' => $passID); if (function_exists('my_cforms_logic')) { $fileInfoArr = my_cforms_logic($results, $fileInfoArr, 'fileDestinationTrackingPage'); } if (!array_key_exists('modified', $fileInfoArr)) { $fileInfoArr['name'] = $subID . $fileInfoArr['name']; } $url = $fileInfoArr['path'] . '/' . $fileInfoArr['name'] . $format; } $head .= $_GET['header'] == 'true' ? '"' . encData(stripslashes($entry->field_name)) . '"' . $format . $urlTab : ''; $body .= '"' . str_replace('"', '""', encData(stripslashes($entry->field_val))) . '"' . $format . $url; } ### foreach ### clean up buffer if ($buffer[body] != '') { if ($_GET['header'] == 'true' && $buffer[last_n] != $buffer[last2_n]) { fwrite($temp, $buffer[head] . $br . $buffer[body] . $br); } else { fwrite($temp, $buffer[body] . $br); } } ### clean up last body if ($_GET['header'] == 'true' && $buffer[last_n] != $next_n) { fwrite($temp, $head . $br . $body . $br); } else { fwrite($temp, $body . $br); } /* mysql_free_result($r); mysql_close(); */ return; }
// attachments? preg_match('/.*\\[\\*(.*)\\]$/i', $name, $r); $no = $r[1] == '' ? $entry->form_id : ($r[1] == 1 ? '' : $r[1]); $temp = explode('$#$', stripslashes(htmlspecialchars($cformsSettings['form' . $no]['cforms' . $no . '_upload_dir']))); $fileuploaddir = $temp[0]; $fileuploaddirurl = $temp[1]; $subID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->sub_id . '-'; if ($fileuploaddirurl == '') { $fileurl = $cformsSettings['global']['cforms_root'] . substr($fileuploaddir, strpos($fileuploaddir, $cformsSettings['global']['plugindir']) + strlen($cformsSettings['global']['plugindir']), strlen($fileuploaddir)); } else { $fileurl = $fileuploaddirurl; } $passID = $cformsSettings['form' . $no]['cforms' . $no . '_noid'] ? '' : $entry->sub_id; $fileInfoArr = array('name' => strip_tags($val), 'path' => $fileurl, 'subID' => $passID); if (function_exists('my_cforms_logic')) { $fileInfoArr = my_cforms_logic($results, $fileInfoArr, 'fileDestinationTrackingPage'); } if (!array_key_exists('modified', $fileInfoArr)) { $fileInfoArr['name'] = $subID . $fileInfoArr['name']; } $fileurl = $fileInfoArr['path'] . '/' . $fileInfoArr['name'] . $format; echo '<div class="showformfield meta"><div class="L">'; echo substr($name, 0, strpos($name, '[*')); if ($entry->field_val == '') { echo '</div><div class="R">' . __('-', 'cforms') . '</div></div>' . "\n"; } else { echo '</div><div class="R">' . '<a href="' . $fileurl . '">' . str_replace("\n", "<br />", strip_tags($val)) . '</a>' . '</div></div>' . "\n"; } } elseif ($name == 'page') { // special field: page echo '<div class="showformfield meta"><div class="L">';