Esempio n. 1
0
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/language.php';
require 'includes/view-functions.php';
require 'includes/users-functions.php';
$dbh = mf_connect_db();
/***************************************************************************************************************/
/* 1. Get new field parameters 																	   			   */
/***************************************************************************************************************/
$element_type = strtolower(trim($_POST['element_type']));
$form_id = (int) $_POST['form_id'];
$element_position = (int) $_POST['position'];
//the position of the element within the preview page
$element_properties_input = mf_sanitize($_POST['field_properties']);
//when a field being created by dragging the button to the form preview page, a temporary id is being assigned to to field
//the id being sent here need to be sent back, so that the javascript could replace it with the actual field markup
$holder_id = strtolower(trim($_POST['holder_id']));
// A new field can be created from few actions
// Dragging from the sidebar -- drag_new
// Clicking the button -- click_new
// Duplicate an existing field -- duplicate
// Changing a field type -- change_type (NOT YET implemented)
$action = strtolower(trim($_POST['action']));
//check permission, is the user allowed to access this page?
if (empty($_SESSION['mf_user_privileges']['priv_administer'])) {
    $user_perms = mf_get_user_permissions($dbh, $form_id, $_SESSION['mf_user_id']);
    //this page need edit_form permission
    if (empty($user_perms['edit_form'])) {
        die("You don't have permission to edit this form.");
 $user_input['priv_new_forms'] = (int) $_POST['au_priv_new_forms'];
 $user_input['priv_new_themes'] = (int) $_POST['au_priv_new_themes'];
 $user_input['priv_administer'] = (int) $_POST['au_priv_administer'];
 //if the user has administer privileges, make sure to get all other privileges as well
 if (!empty($user_input['priv_administer'])) {
     $user_input['priv_new_forms'] = 1;
     $user_input['priv_new_themes'] = 1;
 }
 foreach ($form_list_array as $value) {
     $form_id = $value['form_id'];
     $user_input['perm_editform_' . $form_id] = (int) $_POST['perm_editform_' . $form_id];
     $user_input['perm_editentries_' . $form_id] = (int) $_POST['perm_editentries_' . $form_id];
     $user_input['perm_viewentries_' . $form_id] = (int) $_POST['perm_viewentries_' . $form_id];
 }
 //clean the inputs
 $user_input = mf_sanitize($user_input);
 //validate inputs
 $error_messages = array();
 //validate email
 if (empty($user_input['user_bulk_data'])) {
     $error_messages['user_bulk_data'] = 'This field is required. Please enter users data.';
 } else {
     //parse data into array for easier processing
     $temp_data = explode("\n", $user_input['user_bulk_data']);
     array_walk($temp_data, 'mf_trim_value');
     $i = 0;
     foreach ($temp_data as $row_data) {
         if (empty($row_data)) {
             continue;
         }
         $columns = array();
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/users-functions.php';
$dbh = mf_connect_db();
if (empty($_POST['form_id'])) {
    die("Error! You can't open this file directly");
}
$form_id = (int) trim($_POST['form_id']);
$field_rule_properties = mf_sanitize($_POST['field_rule_properties']);
$field_rule_conditions = mf_sanitize($_POST['field_rule_conditions']);
$page_rule_properties = mf_sanitize($_POST['page_rule_properties']);
$page_rule_conditions = mf_sanitize($_POST['page_rule_conditions']);
$logic_statuses = mf_sanitize($_POST['logic_status']);
//check permission, is the user allowed to access this page?
if (empty($_SESSION['mf_user_privileges']['priv_administer'])) {
    $user_perms = mf_get_user_permissions($dbh, $form_id, $_SESSION['mf_user_id']);
    //this page need edit_form permission
    if (empty($user_perms['edit_form'])) {
        die("Access Denied. You don't have permission to edit this form.");
    }
}
$logic_field_enable = (int) $logic_statuses['logic_field_enable'];
$logic_page_enable = (int) $logic_statuses['logic_page_enable'];
/** Field Logic **/
//save field_rule_properties into ap_field_logic_elements table
$query = "delete from " . MF_TABLE_PREFIX . "field_logic_elements where form_id=?";
$params = array($form_id);
mf_do_query($query, $params, $dbh);
Esempio n. 4
0
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/common-validator.php';
require 'includes/filter-functions.php';
$dbh = mf_connect_db();
$mf_settings = mf_get_settings($dbh);
//sleep(2); //temporary for localhost testing
$element_properties_array = mf_sanitize($_POST['ep']);
$form_id = (int) $_POST['form_id'];
$form_properties = mf_sanitize($_POST['fp']);
$last_pagebreak_properties = mf_sanitize($_POST['lp']);
parse_str($_POST['el_pos']);
$element_positions = $el_pos;
//contain the positions of the elements
unset($el_pos);
/***************************************************************************************************************/
/* 1. Process form properties																			   	   */
/***************************************************************************************************************/
if ($form_properties['active'] == 2) {
    $is_new_form = true;
} else {
    $is_new_form = false;
}
foreach ($form_properties as $key => $value) {
    if ($key == 'schedule_start_hour' || $key == 'schedule_end_hour') {
        $exploded = array();
Esempio n. 5
0
/********************************************************************************
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
$form_id = (int) trim($_POST['form_id']);
$column_preferences = mf_sanitize($_POST['col_pref']);
if (empty($form_id)) {
    die("This file can't be opened directly.");
}
$dbh = mf_connect_db();
//first delete all previous preferences
$query = "delete from `" . MF_TABLE_PREFIX . "column_preferences` where form_id=?";
$params = array($form_id);
mf_do_query($query, $params, $dbh);
//save the new preference
$query = "insert into `" . MF_TABLE_PREFIX . "column_preferences`(form_id,element_name,position) values(?,?,?)";
$position = 1;
if (!empty($column_preferences)) {
    foreach ($column_preferences as $data) {
        $column_name = $data['name'];
        $params = array($form_id, $column_name, $position);
Esempio n. 6
0
                //delete previous file from the listfile if any
                $current_listfile_array = array();
                $current_listfile_array = file($listfile_name, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
                if (file_exists($current_listfile_array[1])) {
                    unlink($current_listfile_array[1]);
                }
                $listfile_content = '<?php' . "\n" . $destination_file . "\n" . "?>";
            }
        }
        // Write the contents to the file
        file_put_contents($listfile_name, $listfile_content, LOCK_EX);
        $upload_success = true;
    } else {
        $upload_success = false;
        $error_message = "Unable to move file!";
    }
}
$response_data = new stdClass();
if ($upload_success) {
    $response_data->status = "ok";
    $response_data->message = mf_sanitize($_FILES['Filedata']['name']);
} else {
    $response_data->status = "error";
    $response_data->message = $error_message;
}
$response_json = json_encode($response_data);
echo $response_json;
//we need to use output buffering to be able capturing error messages
$output = ob_get_contents();
ob_end_clean();
echo $output;
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/entry-functions.php';
require 'includes/users-functions.php';
$form_id = (int) trim($_POST['form_id']);
$selected_entries = mf_sanitize($_POST['selected_entries']);
$delete_all = (int) $_POST['delete_all'];
$origin = trim($_POST['origin']);
$user_id = (int) $_SESSION['mf_user_id'];
if (empty($form_id)) {
    die("This file can't be opened directly.");
}
$dbh = mf_connect_db();
$mf_settings = mf_get_settings($dbh);
//check permission, is the user allowed to access this page?
if (empty($_SESSION['mf_user_privileges']['priv_administer'])) {
    $user_perms = mf_get_user_permissions($dbh, $form_id, $_SESSION['mf_user_id']);
    //this page need edit_entries permission
    if (empty($user_perms['edit_entries'])) {
        die("Access Denied. You don't have permission to edit this entry.");
    }
/********************************************************************************
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
$_POST = mf_sanitize($_POST);
$default_date = trim($_POST['default_date']);
$input_format = trim($_POST['date_format']);
$response_data = new stdClass();
$slash_pos = strpos($default_date, '/');
if ($input_format == 'europe_date' && !empty($slash_pos)) {
    //if the input format is europe date (dd/mm/yyyy) and the input is ##/##/#### we need to convert the input into mm/dd/yyyy format
    //since the strtotime function only accept mm/dd/yyyy
    $exploded = explode('/', $default_date);
    $default_date = $exploded[1] . '/' . $exploded[0] . '/' . $exploded[2];
}
$timestamp = strtotime($default_date);
if ($timestamp !== false && $timestamp != -1) {
    $response_data->status = "ok";
    $response_data->default_date = date('d-m-Y', $timestamp);
} else {
/********************************************************************************
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
$filter_properties_array = mf_sanitize($_POST['filter_prop']);
$filter_type = mf_sanitize($_POST['filter_type']);
if (empty($filter_type) || empty($filter_properties_array)) {
    die("This file can't be opened directly.");
}
//we only need to save the filter into session variable
$_SESSION['filter_users'] = array();
$i = 0;
foreach ($filter_properties_array as $data) {
    $_SESSION['filter_users'][$i]['element_name'] = $data['element_name'];
    $_SESSION['filter_users'][$i]['filter_condition'] = $data['condition'];
    $_SESSION['filter_users'][$i]['filter_keyword'] = $data['keyword'];
    $i++;
}
$_SESSION['filter_users_type'] = $filter_type;
$response_data = new stdClass();
$response_data->status = "ok";
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/users-functions.php';
$dbh = mf_connect_db();
if (empty($_POST['payment_properties'])) {
    die("Error! You can't open this file directly");
}
$payment_properties = mf_sanitize($_POST['payment_properties']);
$field_prices = mf_sanitize($_POST['field_prices']);
$form_id = (int) $payment_properties['form_id'];
unset($payment_properties['form_id']);
//check permission, is the user allowed to access this page?
if (empty($_SESSION['mf_user_privileges']['priv_administer'])) {
    $user_perms = mf_get_user_permissions($dbh, $form_id, $_SESSION['mf_user_id']);
    //this page need edit_form permission
    if (empty($user_perms['edit_form'])) {
        die("Access Denied. You don't have permission to edit this form.");
    }
}
//save payment properties into ap_forms table
foreach ($payment_properties as $key => $value) {
    $form_input['payment_' . $key] = $value;
}
mf_ap_forms_update($form_id, $form_input, $dbh);
Esempio n. 11
0
<?php

/********************************************************************************
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'lib/password-hash.php';
$dbh = mf_connect_db();
$input = mf_sanitize($_POST);
if (empty($input['np'])) {
    die("Error! You can't open this file directly");
} else {
    $new_password_plain = $input['np'];
}
$hasher = new PasswordHash(8, FALSE);
$new_password_hash = $hasher->HashPassword($new_password_plain);
$settings['admin_password'] = $new_password_hash;
mf_ap_settings_update($settings, $dbh);
$_SESSION['MF_SUCCESS'] = 'Your new password has been saved.';
echo '{"status" : "ok"}';
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/users-functions.php';
$action = trim($_POST['action']);
$selected_users = mf_sanitize($_POST['selected_users']);
$select_all = (int) $_POST['delete_all'];
$no_session_msg = (int) $_POST['no_session_msg'];
$origin = trim($_POST['origin']);
if (empty($action)) {
    die("This file can't be opened directly.");
} else {
    if ($action == 'delete') {
        $new_user_status = 0;
    } else {
        if ($action == 'suspend') {
            $new_user_status = 2;
        } else {
            if ($action == 'unsuspend') {
                $new_user_status = 1;
            } else {
Esempio n. 13
0
function mf_display_address($element)
{
    $country = mf_get_country_list();
    $state_list[0]['label'] = 'Alabama';
    $state_list[1]['label'] = 'Alaska';
    $state_list[2]['label'] = 'Arizona';
    $state_list[3]['label'] = 'Arkansas';
    $state_list[4]['label'] = 'California';
    $state_list[5]['label'] = 'Colorado';
    $state_list[6]['label'] = 'Connecticut';
    $state_list[7]['label'] = 'Delaware';
    $state_list[8]['label'] = 'District of Columbia';
    $state_list[9]['label'] = 'Florida';
    $state_list[10]['label'] = 'Georgia';
    $state_list[11]['label'] = 'Hawaii';
    $state_list[12]['label'] = 'Idaho';
    $state_list[13]['label'] = 'Illinois';
    $state_list[14]['label'] = 'Indiana';
    $state_list[15]['label'] = 'Iowa';
    $state_list[16]['label'] = 'Kansas';
    $state_list[17]['label'] = 'Kentucky';
    $state_list[18]['label'] = 'Louisiana';
    $state_list[19]['label'] = 'Maine';
    $state_list[20]['label'] = 'Maryland';
    $state_list[21]['label'] = 'Massachusetts';
    $state_list[22]['label'] = 'Michigan';
    $state_list[23]['label'] = 'Minnesota';
    $state_list[24]['label'] = 'Mississippi';
    $state_list[25]['label'] = 'Missouri';
    $state_list[26]['label'] = 'Montana';
    $state_list[27]['label'] = 'Nebraska';
    $state_list[28]['label'] = 'Nevada';
    $state_list[29]['label'] = 'New Hampshire';
    $state_list[30]['label'] = 'New Jersey';
    $state_list[31]['label'] = 'New Mexico';
    $state_list[32]['label'] = 'New York';
    $state_list[33]['label'] = 'North Carolina';
    $state_list[34]['label'] = 'North Dakota';
    $state_list[35]['label'] = 'Ohio';
    $state_list[36]['label'] = 'Oklahoma';
    $state_list[37]['label'] = 'Oregon';
    $state_list[38]['label'] = 'Pennsylvania';
    $state_list[39]['label'] = 'Rhode Island';
    $state_list[40]['label'] = 'South Carolina';
    $state_list[41]['label'] = 'South Dakota';
    $state_list[42]['label'] = 'Tennessee';
    $state_list[43]['label'] = 'Texas';
    $state_list[44]['label'] = 'Utah';
    $state_list[45]['label'] = 'Vermont';
    $state_list[46]['label'] = 'Virginia';
    $state_list[47]['label'] = 'Washington';
    $state_list[48]['label'] = 'West Virginia';
    $state_list[49]['label'] = 'Wisconsin';
    $state_list[50]['label'] = 'Wyoming';
    $state_list[0]['value'] = 'Alabama';
    $state_list[1]['value'] = 'Alaska';
    $state_list[2]['value'] = 'Arizona';
    $state_list[3]['value'] = 'Arkansas';
    $state_list[4]['value'] = 'California';
    $state_list[5]['value'] = 'Colorado';
    $state_list[6]['value'] = 'Connecticut';
    $state_list[7]['value'] = 'Delaware';
    $state_list[8]['value'] = 'District of Columbia';
    $state_list[9]['value'] = 'Florida';
    $state_list[10]['value'] = 'Georgia';
    $state_list[11]['value'] = 'Hawaii';
    $state_list[12]['value'] = 'Idaho';
    $state_list[13]['value'] = 'Illinois';
    $state_list[14]['value'] = 'Indiana';
    $state_list[15]['value'] = 'Iowa';
    $state_list[16]['value'] = 'Kansas';
    $state_list[17]['value'] = 'Kentucky';
    $state_list[18]['value'] = 'Louisiana';
    $state_list[19]['value'] = 'Maine';
    $state_list[20]['value'] = 'Maryland';
    $state_list[21]['value'] = 'Massachusetts';
    $state_list[22]['value'] = 'Michigan';
    $state_list[23]['value'] = 'Minnesota';
    $state_list[24]['value'] = 'Mississippi';
    $state_list[25]['value'] = 'Missouri';
    $state_list[26]['value'] = 'Montana';
    $state_list[27]['value'] = 'Nebraska';
    $state_list[28]['value'] = 'Nevada';
    $state_list[29]['value'] = 'New Hampshire';
    $state_list[30]['value'] = 'New Jersey';
    $state_list[31]['value'] = 'New Mexico';
    $state_list[32]['value'] = 'New York';
    $state_list[33]['value'] = 'North Carolina';
    $state_list[34]['value'] = 'North Dakota';
    $state_list[35]['value'] = 'Ohio';
    $state_list[36]['value'] = 'Oklahoma';
    $state_list[37]['value'] = 'Oregon';
    $state_list[38]['value'] = 'Pennsylvania';
    $state_list[39]['value'] = 'Rhode Island';
    $state_list[40]['value'] = 'South Carolina';
    $state_list[41]['value'] = 'South Dakota';
    $state_list[42]['value'] = 'Tennessee';
    $state_list[43]['value'] = 'Texas';
    $state_list[44]['value'] = 'Utah';
    $state_list[45]['value'] = 'Vermont';
    $state_list[46]['value'] = 'Virginia';
    $state_list[47]['value'] = 'Washington';
    $state_list[48]['value'] = 'West Virginia';
    $state_list[49]['value'] = 'Wisconsin';
    $state_list[50]['value'] = 'Wyoming';
    global $mf_lang;
    $li_class = '';
    $error_message = '';
    $span_required = '';
    $guidelines = '';
    $el_class = array();
    $el_class[] = 'address';
    if (!empty($element->is_private)) {
        $el_class[] = 'private';
    }
    if (!empty($element->css_class)) {
        $el_class[] = trim($element->css_class);
    }
    if (!empty($element->is_error)) {
        $el_class[] = 'error';
        if ($element->error_message != 'error_no_display') {
            $error_message = "<p class=\"error\">{$element->error_message}</p>";
        }
    }
    //check for required
    if ($element->is_required) {
        $span_required = "<span id=\"required_{$element->id}\" class=\"required\">*</span>";
    }
    //check for guidelines
    if (!empty($element->guidelines)) {
        $guidelines = "<p class=\"guidelines\" id=\"guide_{$element->id}\"><small>{$element->guidelines}</small></p>";
    }
    if (!empty($element->default_value)) {
        $default_value_6 = $element->default_value;
    }
    //check for GET parameter to populate default value
    if (isset($_GET['element_' . $element->id . '_1'])) {
        $default_value_1 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_1']), ENT_QUOTES);
    }
    if (isset($_GET['element_' . $element->id . '_2'])) {
        $default_value_2 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_2']), ENT_QUOTES);
    }
    if (isset($_GET['element_' . $element->id . '_3'])) {
        $default_value_3 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_3']), ENT_QUOTES);
    }
    if (isset($_GET['element_' . $element->id . '_4'])) {
        $default_value_4 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_4']), ENT_QUOTES);
    }
    if (isset($_GET['element_' . $element->id . '_5'])) {
        $default_value_5 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_5']), ENT_QUOTES);
    }
    if (isset($_GET['element_' . $element->id . '_6'])) {
        $default_value_6 = htmlspecialchars(mf_sanitize($_GET['element_' . $element->id . '_6']), ENT_QUOTES);
    }
    //check for populated values, if exist override the default value
    if (!empty($element->populated_value['element_' . $element->id . '_1']['default_value']) || !empty($element->populated_value['element_' . $element->id . '_2']['default_value']) || !empty($element->populated_value['element_' . $element->id . '_3']['default_value']) || !empty($element->populated_value['element_' . $element->id . '_4']['default_value']) || !empty($element->populated_value['element_' . $element->id . '_5']['default_value']) || !empty($element->populated_value['element_' . $element->id . '_6']['default_value'])) {
        $default_value_1 = '';
        $default_value_2 = '';
        $default_value_3 = '';
        $default_value_4 = '';
        $default_value_5 = '';
        $default_value_1 = $element->populated_value['element_' . $element->id . '_1']['default_value'];
        $default_value_2 = $element->populated_value['element_' . $element->id . '_2']['default_value'];
        $default_value_3 = $element->populated_value['element_' . $element->id . '_3']['default_value'];
        $default_value_4 = $element->populated_value['element_' . $element->id . '_4']['default_value'];
        $default_value_5 = $element->populated_value['element_' . $element->id . '_5']['default_value'];
        $default_value_6 = $element->populated_value['element_' . $element->id . '_6']['default_value'];
    }
    //create country markup, if no default value, provide a blank option
    if (!empty($element->address_us_only)) {
        $default_value_6 = 'United States';
    }
    if (empty($default_value_6)) {
        $country_markup = '<option value="" selected="selected"></option>' . "\n";
    } else {
        $country_markup = '';
    }
    foreach ($country as $data) {
        if (!empty($data['value']) && $data['value'] == $default_value_6) {
            $selected = 'selected="selected"';
        } else {
            $selected = '';
        }
        $country_markup .= "<option value=\"{$data['value']}\" {$selected}>{$data['label']}</option>\n";
    }
    //if this address field is restricted to US only
    if (empty($element->is_design_mode) && !empty($element->address_us_only)) {
        $country_markup = '<option selected="selected" value="United States">United States</option>';
    }
    //decide which state markup being used
    if (empty($element->address_us_only)) {
        //display simple input for the state
        $state_markup = "<input id=\"element_{$element->id}_4\" name=\"element_{$element->id}_4\" class=\"element text large\"  value=\"{$default_value_4}\" type=\"text\" />";
    } else {
        //display us state dropdown
        $state_markup = "<select class=\"element select large\" id=\"element_{$element->id}_4\" name=\"element_{$element->id}_4\">";
        $state_markup .= '<option value="" selected="selected">Select a State</option>' . "\n";
        foreach ($state_list as $data) {
            if ($data['value'] == $default_value_4) {
                $selected = 'selected="selected"';
            } else {
                $selected = '';
            }
            $state_markup .= "<option value=\"{$data['value']}\" {$selected}>{$data['label']}</option>\n";
        }
        $state_markup .= "</select>";
    }
    //set the 'address line 2' visibility, based on selected option
    if (!empty($element->address_hideline2)) {
        $address_line2_style = 'style="display: none"';
    } else {
        $address_line2_style = '';
    }
    //build the li class
    if (!empty($el_class)) {
        foreach ($el_class as $value) {
            $li_class .= $value . ' ';
        }
        $li_class = 'class="' . rtrim($li_class) . '"';
    }
    $element_markup = <<<EOT
\t\t<li id="li_{$element->id}" {$li_class}>
\t\t<label class="description">{$element->title} {$span_required}</label>
\t\t
\t\t<div>
\t\t\t<span id="li_{$element->id}_span_1">
\t\t\t\t<input id="element_{$element->id}_1" name="element_{$element->id}_1" class="element text large" value="{$default_value_1}" type="text" />
\t\t\t\t<label for="element_{$element->id}_1">{$mf_lang['address_street']}</label>
\t\t\t</span>
\t\t
\t\t\t<span id="li_{$element->id}_span_2" {$address_line2_style}>
\t\t\t\t<input id="element_{$element->id}_2" name="element_{$element->id}_2" class="element text large" value="{$default_value_2}" type="text" />
\t\t\t\t<label for="element_{$element->id}_2">{$mf_lang['address_street2']}</label>
\t\t\t</span>
\t\t
\t\t\t<span id="li_{$element->id}_span_3" class="left state_list">
\t\t\t\t<input id="element_{$element->id}_3" name="element_{$element->id}_3" class="element text large" value="{$default_value_3}" type="text" />
\t\t\t\t<label for="element_{$element->id}_3">{$mf_lang['address_city']}</label>
\t\t\t</span>
\t\t
\t\t\t<span id="li_{$element->id}_span_4" class="right state_list">
\t\t\t\t{$state_markup}
\t\t\t\t<label for="element_{$element->id}_4">{$mf_lang['address_state']}</label>
\t\t\t</span>
\t\t
\t\t\t<span id="li_{$element->id}_span_5" class="left">
\t\t\t\t<input id="element_{$element->id}_5" name="element_{$element->id}_5" class="element text large" maxlength="15" value="{$default_value_5}" type="text" />
\t\t\t\t<label for="element_{$element->id}_5">{$mf_lang['address_zip']}</label>
\t\t\t</span>
\t\t\t
\t\t\t<span id="li_{$element->id}_span_6" class="right">
\t\t\t\t<select class="element select large" id="element_{$element->id}_6" name="element_{$element->id}_6"> 
\t\t\t\t{$country_markup}\t
\t\t\t\t</select>
\t\t\t<label for="element_{$element->id}_6">{$mf_lang['address_country']}</label>
\t\t    </span>
\t    </div>{$guidelines} {$error_message}
\t\t</li>
EOT;
    return $element_markup;
}
Esempio n. 14
0
require 'includes/view-functions.php';
require 'includes/post-functions.php';
require 'includes/filter-functions.php';
require 'includes/entry-functions.php';
require 'includes/helper-functions.php';
require 'includes/theme-functions.php';
require 'lib/swift-mailer/swift_required.php';
require 'lib/recaptchalib.php';
require 'lib/php-captcha/php-captcha.inc.php';
require 'lib/text-captcha.php';
require 'hooks/custom_hooks.php';
$dbh = mf_connect_db();
$ssl_suffix = mf_get_ssl_suffix();
if (mf_is_form_submitted()) {
    //if form submitted
    $input_array = mf_sanitize($_POST);
    $submit_result = mf_process_form($dbh, $input_array);
    if (!isset($input_array['password'])) {
        //if normal form submitted
        if ($submit_result['status'] === true) {
            if (!empty($submit_result['form_resume_url'])) {
                //the user saving a form, display success page with the resume URL
                $_SESSION['mf_form_resume_url'][$input_array['form_id']] = $submit_result['form_resume_url'];
                header("Location: http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&done=1");
                exit;
            } else {
                if ($submit_result['logic_page_enable'] === true) {
                    //the page has skip logic enable and a custom destination page has been set
                    $target_page_id = $submit_result['target_page_id'];
                    if (is_numeric($target_page_id)) {
                        header("Location: http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&mf_page={$target_page_id}");
Esempio n. 15
0
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
$dbh = mf_connect_db();
$form_id = (int) $_POST['form_id'];
$tags = mf_sanitize($_POST['tags']);
$action = $_POST['action'];
if (empty($form_id) || empty($tags) || empty($action)) {
    die('error! missing parameters.');
}
if ($action == 'add') {
    //add a new tag name
    //get existing tags for current form
    $query = "SELECT `form_tags` from " . MF_TABLE_PREFIX . "forms WHERE form_id=?";
    $params = array($form_id);
    $sth = mf_do_query($query, $params, $dbh);
    $row = mf_do_fetch_result($sth);
    if (!empty($row['form_tags'])) {
        $current_tags_array = explode(',', $row['form_tags']);
    }
    //get the new tag names
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/filter-functions.php';
require 'includes/post-functions.php';
require 'lib/stripe/Stripe.php';
$form_id = (int) trim($_POST['form_id']);
$token = trim($_POST['token']);
$payment_record_id = $_SESSION['mf_payment_record_id'][$form_id];
$payment_data = mf_sanitize($_POST['payment_properties']);
$payment_success = false;
$payment_message = '';
if (empty($form_id) || empty($payment_record_id) || empty($token)) {
    $response_data = new stdClass();
    $response_data->status = "error";
    $response_data->message = "Error. Your session has been expired. Please start the form again.";
    $response_json = json_encode($response_data);
    echo $response_json;
    exit;
}
$dbh = mf_connect_db();
//get form properties data
$query = "select \r\n\t\t\t\t\tform_redirect,\r\n\t\t\t\t\tform_review,\r\n\t\t\t\t\tform_page_total,\r\n\t\t\t\t\tpayment_enable_merchant,\r\n\t\t\t\t\tpayment_merchant_type,\r\n\t\t\t\t\tpayment_currency,\r\n\t\t\t\t\tpayment_price_type,\r\n\t\t\t\t\tpayment_price_name,\r\n\t\t\t\t\tpayment_price_amount,\r\n\t\t\t\t\tpayment_ask_billing,\r\n\t\t\t\t\tpayment_ask_shipping,\r\n\t\t\t\t\tpayment_stripe_live_secret_key,\r\n\t\t\t\t\tpayment_stripe_test_secret_key,\r\n\t\t\t\t\tpayment_stripe_enable_test_mode,\r\n\t\t\t\t\tpayment_enable_recurring,\r\n\t\t\t\t\tpayment_recurring_cycle,\r\n\t\t\t\t\tpayment_recurring_unit,\r\n\t\t\t\t\tpayment_enable_trial,\r\n\t\t\t\t\tpayment_trial_period,\r\n\t\t\t\t\tpayment_trial_unit,\r\n\t\t\t\t\tpayment_trial_amount,\r\n\t\t\t\t\tpayment_delay_notifications\r\n\t\t\t\tfrom \r\n\t\t\t\t    " . MF_TABLE_PREFIX . "forms \r\n\t\t\t   where \r\n\t\t\t\t    form_id=?";
$params = array($form_id);
$sth = mf_do_query($query, $params, $dbh);
Esempio n. 17
0
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
$dbh = mf_connect_db();
$form_id = (int) $_POST['form_id'];
$row_position = (int) $_POST['position'];
//the position of the new row within matrix table
$matrix_parent_id = (int) $_POST['matrix_parent_id'];
$allow_multiselect = (int) $_POST['allow_multiselect'];
$row_holder_id = trim($_POST['row_holder_id']);
$prop_holder_id = trim($_POST['prop_holder_id']);
$total_column = (int) $_POST['total_column'];
$rows_titles = mf_sanitize($_POST['rows_titles']);
//if this array exist, then bulk insert rows is happening
$column_data = mf_sanitize($_POST['column_data']);
//adding a new matrix row is basically the same as adding a new checkbox/radio button field
//the only difference is that the field type is 'matrix' and it has parent id
if (!empty($rows_titles)) {
    $is_multi_rows = true;
} else {
    $is_multi_rows = false;
}
//get element id for this new element
$query = "select ifnull(max(`element_id`),0) + 1 as new_element_id from " . MF_TABLE_PREFIX . "form_elements where form_id = ?";
$params = array($form_id);
$sth = mf_do_query($query, $params, $dbh);
$row = mf_do_fetch_result($sth);
$element_id = $row['new_element_id'];
//set default field properties
$element_properties['matrix_parent_id'] = $matrix_parent_id;
Esempio n. 18
0
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/entry-functions.php';
$form_id = (int) trim($_GET['id']);
$dbh = mf_connect_db();
$mf_settings = mf_get_settings($dbh);
//handle form submission if there is any
if (!empty($_POST['form_id'])) {
    $form_id = (int) $_POST['form_id'];
    $notification_settings = mf_sanitize($_POST);
    array_walk($notification_settings, 'mf_trim_value');
    //save settings for 'Send Notification Emails to My Inbox' section
    $form_input['esl_enable'] = (int) $notification_settings['esl_enable'];
    if (empty($notification_settings['esl_email_address'])) {
        $form_input['esl_enable'] = 0;
    }
    $form_input['form_email'] = $notification_settings['esl_email_address'];
    if ($notification_settings['esl_from_name'] == 'custom') {
        $form_input['esl_from_name'] = $notification_settings['esl_from_name_custom'];
    } else {
        $form_input['esl_from_name'] = $notification_settings['esl_from_name'];
    }
    if ($notification_settings['esl_from_email_address'] == 'custom') {
        $form_input['esl_from_email_address'] = $notification_settings['esl_from_email_address_custom'];
    } else {
Esempio n. 19
0
/********************************************************************************
 MachForm
  
 Copyright 2007-2012 Appnitro Software. This code cannot be redistributed without
 permission from http://www.appnitro.com/
 
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
$dbh = mf_connect_db();
$element_properties_array = mf_sanitize($_POST['fp']);
$form_id = (int) $_POST['form_id'];
$response_data = new stdClass();
$updated_element_id = '';
//loop through each element properties
if (!empty($element_properties_array)) {
    foreach ($element_properties_array as $element_properties) {
        unset($element_properties['is_db_live']);
        unset($element_properties['last_option_id']);
        //this property exist for choices field type
        unset($element_properties['page_total']);
        //this property exist for page break field type
        $element_options = array();
        $element_options = $element_properties['options'];
        unset($element_properties['options']);
        /***************************************************************************************************************/
Esempio n. 20
0
function display_machform($config)
{
    $form_id = $config['form_id'];
    $show_border = $config['show_border'];
    $machform_path = $config['base_path'];
    $machform_data_path = dirname(__FILE__) . '/';
    if ($show_border === true) {
        $integration_method = '';
    } else {
        $integration_method = 'php';
    }
    //start session if there isn't any
    if (session_id() == "") {
        @session_start();
    }
    $dbh = mf_connect_db();
    if (mf_is_form_submitted()) {
        //if form submitted
        $input_array = mf_sanitize($_POST);
        $input_array['machform_data_path'] = $machform_data_path;
        $input_array['machform_base_path'] = $machform_path;
        $submit_result = mf_process_form($dbh, $input_array);
        if (!isset($input_array['password'])) {
            //if normal form submitted
            if ($submit_result['status'] === true) {
                if (!empty($submit_result['form_resume_url'])) {
                    //the user saving a form, display success page with the resume URL
                    $_SESSION['mf_form_resume_url'][$input_array['form_id']] = $submit_result['form_resume_url'];
                    $ssl_suffix = mf_get_ssl_suffix();
                    echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&done=1'</script>";
                    exit;
                } else {
                    if (!empty($submit_result['review_id'])) {
                        //redirect to review page
                        $ssl_suffix = mf_get_ssl_suffix();
                        if (!empty($submit_result['origin_page_number'])) {
                            $page_num_params = '&mf_page_from=' . $submit_result['origin_page_number'];
                        }
                        $_SESSION['review_id'] = $submit_result['review_id'];
                        if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                            echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_review=1{$page_num_params}'</script>";
                        } else {
                            echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_review=1{$page_num_params}'</script>";
                        }
                        exit;
                    } else {
                        if (!empty($submit_result['next_page_number'])) {
                            //redirect to the next page number
                            $_SESSION['mf_form_access'][$input_array['form_id']][$submit_result['next_page_number']] = true;
                            $ssl_suffix = mf_get_ssl_suffix();
                            echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&mf_page={$submit_result['next_page_number']}'</script>";
                            exit;
                        } else {
                            //otherwise display success message or redirect to the custom redirect URL
                            if (empty($submit_result['form_redirect'])) {
                                $ssl_suffix = mf_get_ssl_suffix();
                                echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&done=1'</script>";
                                exit;
                            } else {
                                echo "<script type=\"text/javascript\">top.location = '{$submit_result['form_redirect']}'</script>";
                                exit;
                            }
                        }
                    }
                }
            } else {
                if ($submit_result['status'] === false) {
                    //there are errors, display the form again with the errors
                    $old_values = $submit_result['old_values'];
                    $custom_error = @$submit_result['custom_error'];
                    $error_elements = $submit_result['error_elements'];
                    $form_params = array();
                    $form_params['page_number'] = $input_array['page_number'];
                    $form_params['populated_values'] = $old_values;
                    $form_params['error_elements'] = $error_elements;
                    $form_params['custom_error'] = $custom_error;
                    $form_params['integration_method'] = $integration_method;
                    $form_params['machform_path'] = $machform_path;
                    $form_params['machform_data_path'] = $machform_data_path;
                    $markup = mf_display_form($dbh, $input_array['form_id'], $form_params);
                }
            }
        } else {
            //if password form submitted
            if ($submit_result['status'] === true) {
                //on success, display the form
                $form_params = array();
                $form_params['integration_method'] = $integration_method;
                $form_params['machform_path'] = $machform_path;
                $form_params['machform_data_path'] = $machform_data_path;
                $markup = mf_display_form($dbh, $input_array['form_id'], $form_params);
            } else {
                $custom_error = $submit_result['custom_error'];
                //error, display the pasword form again
                $form_params = array();
                $form_params['custom_error'] = $custom_error;
                $form_params['integration_method'] = $integration_method;
                $form_params['machform_path'] = $machform_path;
                $form_params['machform_data_path'] = $machform_data_path;
                $markup = mf_display_form($dbh, $input_array['form_id'], $form_params);
            }
        }
    } else {
        if (!empty($_POST['review_submit']) || !empty($_POST['review_submit_x'])) {
            //if form review being submitted
            //commit data from review table to actual table
            $record_id = $_SESSION['review_id'];
            $form_params = array();
            $form_params['machform_path'] = $machform_path;
            $form_params['machform_data_path'] = $machform_data_path;
            $commit_result = mf_commit_form_review($dbh, $form_id, $record_id, $form_params);
            unset($_SESSION['review_id']);
            if (empty($commit_result['form_redirect'])) {
                $ssl_suffix = mf_get_ssl_suffix();
                echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$form_id}&done=1'</script>";
                exit;
            } else {
                echo "<script type=\"text/javascript\">top.location = '{$commit_result['form_redirect']}'</script>";
                exit;
            }
        } elseif (!empty($_POST['review_back']) || !empty($_POST['review_back_x'])) {
            //go back to form
            $origin_page_num = (int) $_POST['mf_page_from'];
            $ssl_suffix = mf_get_ssl_suffix();
            echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$form_id}&mf_page={$origin_page_num}'</script>";
            exit;
        } elseif (!empty($_GET['show_review'])) {
            //show review page
            if (empty($_SESSION['review_id'])) {
                die("Your session has been expired. Please start again.");
            } else {
                $record_id = $_SESSION['review_id'];
            }
            $from_page_num = (int) $_GET['mf_page_from'];
            if (empty($from_page_num)) {
                $form_page_num = 1;
            }
            $form_params = array();
            $form_params['integration_method'] = $integration_method;
            $form_params['machform_path'] = $machform_path;
            $form_params['machform_data_path'] = $machform_data_path;
            $markup = mf_display_form_review($dbh, $form_id, $record_id, $from_page_num, $form_params);
        } else {
            $form_id = $form_id;
            $page_number = (int) trim($_GET['mf_page']);
            $page_number = mf_verify_page_access($form_id, $page_number);
            $resume_key = trim($_GET['mf_resume']);
            if (!empty($resume_key)) {
                $_SESSION['mf_form_resume_key'][$form_id] = $resume_key;
            }
            if (!empty($_GET['done']) && (!empty($_SESSION['mf_form_completed'][$form_id]) || !empty($_SESSION['mf_form_resume_url'][$form_id]))) {
                $form_params = array();
                $form_params['integration_method'] = $integration_method;
                $form_params['machform_path'] = $machform_path;
                $markup = mf_display_success($dbh, $form_id, $form_params);
            } else {
                $form_params = array();
                $form_params['page_number'] = $page_number;
                $form_params['integration_method'] = $integration_method;
                $form_params['machform_path'] = $machform_path;
                $form_params['machform_data_path'] = $machform_data_path;
                $markup = mf_display_form($dbh, $form_id, $form_params);
            }
        }
    }
    echo $markup;
}
Esempio n. 21
0
 More info at: http://www.appnitro.com/
 ********************************************************************************/
require 'includes/init.php';
require 'config.php';
require 'includes/db-core.php';
require 'includes/helper-functions.php';
require 'includes/check-session.php';
require 'includes/filter-functions.php';
require 'includes/theme-functions.php';
$dbh = mf_connect_db();
$mf_settings = mf_get_settings($dbh);
//sleep(3); //temporary for localhost testing
if (empty($_POST['tp'])) {
    die("Error! You can't open this file directly");
}
$theme_properties = mf_sanitize($_POST['tp']);
$theme_id = (int) $theme_properties['theme_id'];
unset($theme_properties['theme_id']);
if (empty($theme_id)) {
    $is_new_theme = true;
} else {
    $is_new_theme = false;
}
//If this is new theme, insert new record into the table
if ($is_new_theme) {
    $theme_properties['status'] = 1;
    //dynamically create the field list and field values, based on the input given
    $params = array();
    foreach ($theme_properties as $key => $value) {
        $field_list .= "`{$key}`,";
        $field_values .= ":{$key},";
Esempio n. 22
0
function mf_process_form($dbh, $input)
{
    global $mf_lang;
    $form_id = (int) trim($input['form_id']);
    $edit_id = (int) trim($input['edit_id']);
    if (empty($input['page_number'])) {
        $page_number = 1;
    } else {
        $page_number = (int) $input['page_number'];
    }
    $is_committed = false;
    $mf_settings = mf_get_settings($dbh);
    //this function handle password submission and general form submission
    //check for password requirement
    $query = "select \r\n\t\t\t\t\t\tform_password,\r\n\t\t\t\t\t\tform_language,\r\n\t\t\t\t\t\tform_review,\r\n\t\t\t\t\t\tform_page_total,\r\n\t\t\t\t\t\tlogic_field_enable,\r\n\t\t\t\t\t\tlogic_page_enable \r\n\t\t\t\t\tfrom \r\n\t\t\t\t\t\t`" . MF_TABLE_PREFIX . "forms` where form_id=?";
    $params = array($form_id);
    $sth = mf_do_query($query, $params, $dbh);
    $row = mf_do_fetch_result($sth);
    $form_review = $row['form_review'];
    $form_page_total = (int) $row['form_page_total'];
    $logic_field_enable = (int) $row['logic_field_enable'];
    $logic_page_enable = (int) $row['logic_page_enable'];
    if (!empty($row['form_password'])) {
        $require_password = true;
    } else {
        $require_password = false;
    }
    if (!empty($row['form_language'])) {
        mf_set_language($row['form_language']);
    }
    //if this form require password and no session has been set
    if ($require_password && (empty($_SESSION['user_authenticated']) || $_SESSION['user_authenticated'] != $form_id)) {
        $query = "select count(form_id) valid_password from `" . MF_TABLE_PREFIX . "forms` where form_id=? and form_password=?";
        $params = array($form_id, $input['password']);
        $sth = mf_do_query($query, $params, $dbh);
        $row = mf_do_fetch_result($sth);
        if (!empty($row['valid_password'])) {
            $process_result['status'] = true;
            $_SESSION['user_authenticated'] = $form_id;
        } else {
            $process_result['status'] = false;
            $process_result['custom_error'] = $mf_lang['form_pass_invalid'];
        }
        return $process_result;
    }
    $delay_notifications = false;
    $form_properties = array();
    $form_properties = mf_get_form_properties($dbh, $form_id, array('payment_enable_merchant', 'payment_delay_notifications', 'payment_merchant_type'));
    //at this moment, delay notification only available for stripe
    if ($form_properties['payment_enable_merchant'] == 1 && !empty($form_properties['payment_delay_notifications']) && in_array($form_properties['payment_merchant_type'], array('stripe'))) {
        $delay_notifications = true;
    }
    $element_child_lookup['address'] = 5;
    $element_child_lookup['simple_name'] = 1;
    $element_child_lookup['simple_name_wmiddle'] = 2;
    $element_child_lookup['name'] = 3;
    $element_child_lookup['name_wmiddle'] = 4;
    $element_child_lookup['phone'] = 2;
    $element_child_lookup['date'] = 2;
    $element_child_lookup['europe_date'] = 2;
    $element_child_lookup['time'] = 3;
    $element_child_lookup['money'] = 1;
    //this applies to dollar,euro and pound. yen don't have child
    $element_child_lookup['checkbox'] = 1;
    //this is just a dumb value
    $element_child_lookup['matrix'] = 1;
    //this is just a dumb value
    //never trust user input, get a list of input fields based on info stored on table
    //element has real child -> address, simple_name, name, simple_name_wmiddle, name_wmiddle
    //element has virtual child -> phone, date, europe_date, time, money
    $is_edit_page = false;
    if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) {
        //if this is edit_entry page, process all elements on all pages at once
        $page_number_clause = '';
        $params = array($form_id);
        $is_edit_page = true;
    } else {
        $page_number_clause = 'and element_page_number =?';
        $params = array($form_id, $page_number);
    }
    $query = "SELECT \r\n\t\t\t\t\t\telement_id,\r\n       \t\t\t\t\telement_title,\r\n       \t\t\t\t\telement_is_required,\r\n       \t\t\t\t\telement_is_unique,\r\n       \t\t\t\t\telement_is_private,\r\n       \t\t\t\t\telement_type, \r\n       \t\t\t\t\telement_constraint,\r\n       \t\t\t\t\telement_total_child,\r\n       \t\t\t\t\telement_file_enable_multi_upload,\r\n       \t\t\t\t\telement_file_max_selection,\r\n       \t\t\t\t\telement_file_enable_type_limit,\r\n       \t\t\t\t\telement_file_block_or_allow,\r\n       \t\t\t\t\telement_file_type_list,\r\n       \t\t\t\t\telement_range_max,\r\n       \t\t\t\t\telement_range_min,\r\n       \t\t\t\t\telement_range_limit_by,\r\n       \t\t\t\t\telement_choice_has_other,\r\n       \t\t\t\t\telement_time_showsecond,\r\n       \t\t\t\t\telement_time_24hour,\r\n       \t\t\t\t\telement_matrix_parent_id,\r\n       \t\t\t\t\telement_matrix_allow_multiselect,\r\n       \t\t\t\t\telement_date_enable_range,\r\n       \t\t\t\t\telement_date_range_min,\r\n       \t\t\t\t\telement_date_range_max,\r\n       \t\t\t\t\telement_date_past_future,\r\n       \t\t\t\t\telement_date_disable_past_future,\r\n       \t\t\t\t\telement_date_enable_selection_limit,\r\n\t\t\t\t\t\telement_date_selection_max,\r\n\t\t\t\t\t\telement_date_disable_weekend,\r\n\t\t\t\t\t\telement_date_disable_specific,\r\n\t\t\t\t\t\telement_date_disabled_list\r\n\t\t\t\t\tFROM \r\n\t\t\t\t\t\t" . MF_TABLE_PREFIX . "form_elements \r\n\t\t\t\t   WHERE \r\n\t\t\t\t   \t\tform_id=? and element_status = '1' {$page_number_clause} and element_type <> 'page_break' and element_type <> 'section'\r\n\t\t\t\tORDER BY \r\n\t\t\t\t\t\telement_id asc";
    $sth = mf_do_query($query, $params, $dbh);
    $element_to_get = array();
    $private_elements = array();
    //admin-only fields
    $matrix_childs_array = array();
    while ($row = mf_do_fetch_result($sth)) {
        if ($row['element_type'] == 'section') {
            continue;
        }
        //store element info
        $element_info[$row['element_id']]['title'] = $row['element_title'];
        $element_info[$row['element_id']]['type'] = $row['element_type'];
        $element_info[$row['element_id']]['is_required'] = $row['element_is_required'];
        $element_info[$row['element_id']]['is_unique'] = $row['element_is_unique'];
        $element_info[$row['element_id']]['is_private'] = $row['element_is_private'];
        $element_info[$row['element_id']]['constraint'] = $row['element_constraint'];
        $element_info[$row['element_id']]['file_enable_multi_upload'] = $row['element_file_enable_multi_upload'];
        $element_info[$row['element_id']]['file_max_selection'] = $row['element_file_max_selection'];
        $element_info[$row['element_id']]['file_enable_type_limit'] = $row['element_file_enable_type_limit'];
        $element_info[$row['element_id']]['file_block_or_allow'] = $row['element_file_block_or_allow'];
        $element_info[$row['element_id']]['file_type_list'] = $row['element_file_type_list'];
        $element_info[$row['element_id']]['range_min'] = $row['element_range_min'];
        $element_info[$row['element_id']]['range_max'] = $row['element_range_max'];
        $element_info[$row['element_id']]['range_limit_by'] = $row['element_range_limit_by'];
        $element_info[$row['element_id']]['choice_has_other'] = $row['element_choice_has_other'];
        $element_info[$row['element_id']]['time_showsecond'] = (int) $row['element_time_showsecond'];
        $element_info[$row['element_id']]['time_24hour'] = (int) $row['element_time_24hour'];
        $element_info[$row['element_id']]['matrix_parent_id'] = (int) $row['element_matrix_parent_id'];
        $element_info[$row['element_id']]['matrix_allow_multiselect'] = (int) $row['element_matrix_allow_multiselect'];
        $element_info[$row['element_id']]['date_enable_range'] = (int) $row['element_date_enable_range'];
        $element_info[$row['element_id']]['date_range_max'] = $row['element_date_range_max'];
        $element_info[$row['element_id']]['date_range_min'] = $row['element_date_range_min'];
        $element_info[$row['element_id']]['date_past_future'] = $row['element_date_past_future'];
        $element_info[$row['element_id']]['date_disable_past_future'] = (int) $row['element_date_disable_past_future'];
        $element_info[$row['element_id']]['date_enable_selection_limit'] = (int) $row['element_date_enable_selection_limit'];
        $element_info[$row['element_id']]['date_selection_max'] = (int) $row['element_date_selection_max'];
        $element_info[$row['element_id']]['date_disable_weekend'] = (int) $row['element_date_disable_weekend'];
        $element_info[$row['element_id']]['date_disable_specific'] = (int) $row['element_date_disable_specific'];
        $element_info[$row['element_id']]['date_disabled_list'] = $row['element_date_disabled_list'];
        //get element form name, complete with the childs
        if (empty($element_child_lookup[$row['element_type']]) || $row['element_constraint'] == 'yen') {
            //elements with no child
            $element_to_get[] = 'element_' . $row['element_id'];
        } else {
            //elements with child
            if ($row['element_type'] == 'checkbox' || $row['element_type'] == 'matrix' && !empty($row['element_matrix_allow_multiselect'])) {
                //for checkbox, get childs elements from ap_element_options table
                $sub_query = "select \r\n\t\t\t\t\t\t\t\t\t\toption_id \r\n\t\t\t\t\t\t\t\t\tfrom \r\n\t\t\t\t\t\t\t\t\t\t" . MF_TABLE_PREFIX . "element_options \r\n\t\t\t\t\t\t\t\t   where \r\n\t\t\t\t\t\t\t\t   \t\tform_id=? and element_id=? and live=1 \r\n\t\t\t\t\t\t\t\torder by \r\n\t\t\t\t\t\t\t\t\t\t`position` asc";
                $params = array($form_id, $row['element_id']);
                $sub_sth = mf_do_query($sub_query, $params, $dbh);
                while ($sub_row = mf_do_fetch_result($sub_sth)) {
                    $element_to_get[] = "element_{$row['element_id']}_{$sub_row['option_id']}";
                    $checkbox_childs[$row['element_id']][] = $sub_row['option_id'];
                    //store the child into array for further reference
                }
                //if this is the parent of the matrix (checkbox matrix only), get the child as well
                if ($row['element_type'] == 'matrix' && !empty($row['element_matrix_allow_multiselect'])) {
                    $temp_matrix_child_element_id_array = explode(',', trim($row['element_constraint']));
                    foreach ($temp_matrix_child_element_id_array as $mc_element_id) {
                        $sub_query = "select \r\n\t\t\t\t\t\t\t\t\t\t\toption_id \r\n\t\t\t\t\t\t\t\t\t\tfrom \r\n\t\t\t\t\t\t\t\t\t\t\t" . MF_TABLE_PREFIX . "element_options \r\n\t\t\t\t\t\t\t\t\t   where \r\n\t\t\t\t\t\t\t\t\t   \t\tform_id=? and element_id=? and live=1 \r\n\t\t\t\t\t\t\t\t\torder by \r\n\t\t\t\t\t\t\t\t\t\t\t`position` asc";
                        $params = array($form_id, $mc_element_id);
                        $sub_sth = mf_do_query($sub_query, $params, $dbh);
                        while ($sub_row = mf_do_fetch_result($sub_sth)) {
                            $element_to_get[] = "element_{$mc_element_id}_{$sub_row['option_id']}";
                            $checkbox_childs[$mc_element_id][] = $sub_row['option_id'];
                            //store the child into array for further reference
                        }
                    }
                }
            } else {
                if ($row['element_type'] == 'matrix' && empty($row['element_matrix_allow_multiselect'])) {
                    //radio button matrix, each row doesn't have childs
                    $element_to_get[] = 'element_' . $row['element_id'];
                } else {
                    $max = $element_child_lookup[$row['element_type']] + 1;
                    for ($j = 1; $j <= $max; $j++) {
                        $element_to_get[] = "element_{$row['element_id']}_{$j}";
                    }
                }
            }
        }
        //if the back button pressed after review page, or this is multipage form, we need to store the file info
        if (!empty($_SESSION['review_id']) && !empty($form_review) || $form_page_total > 1 || $is_edit_page === true) {
            if ($row['element_type'] == 'file') {
                $existing_file_id[] = $row['element_id'];
            }
        }
        //if this is matrix field, particularly the child rows, we need to store the id into temporary array
        //we need to loop through it later, to set the "required" property based on the matrix parent value
        if ($row['element_type'] == 'matrix' && !empty($row['element_matrix_parent_id'])) {
            $matrix_childs_array[$row['element_id']] = $row['element_matrix_parent_id'];
        }
        //extra security measure for file upload
        //even though the user disabled 'file type limit', we need to enforce it here and block dangerous files
        if ($row['element_type'] == 'file') {
            //if the 'Limit File Upload Type' disabled by user, enable it here and check for dangerous files
            if (empty($row['element_file_enable_type_limit'])) {
                $element_info[$row['element_id']]['file_enable_type_limit'] = 1;
                $element_info[$row['element_id']]['file_block_or_allow'] = 'b';
                //block
                $element_info[$row['element_id']]['file_type_list'] = 'php,php3,php4,php5,phtml,exe,pl,cgi,html,htm,js';
            } else {
                //if the limit being enabled but the list type is empty
                if (empty($element_info[$row['element_id']]['file_type_list'])) {
                    $element_info[$row['element_id']]['file_block_or_allow'] = 'b';
                    //block
                    $element_info[$row['element_id']]['file_type_list'] = 'php,php3,php4,php5,phtml,exe,pl,cgi,html,htm,js';
                } else {
                    //if the list is not empty, and it set to block files, make sure to add dangerous file types into the list
                    if ($element_info[$row['element_id']]['file_block_or_allow'] == 'b') {
                        $element_info[$row['element_id']]['file_type_list'] .= ',php,php3,php4,php5,phtml,exe,pl,cgi,html,htm,js';
                    }
                }
            }
        }
    }
    //loop through each matrix childs array
    //if the parent matrix has required=1, the child need to be set the same
    //if the parent matrix allow multi select, the child need to be set the same
    if (!empty($matrix_childs_array)) {
        foreach ($matrix_childs_array as $matrix_child_element_id => $matrix_parent_element_id) {
            if (!empty($element_info[$matrix_parent_element_id]['is_required'])) {
                $element_info[$matrix_child_element_id]['is_required'] = 1;
            }
            if (!empty($element_info[$matrix_parent_element_id]['matrix_allow_multiselect'])) {
                $element_info[$matrix_child_element_id]['matrix_allow_multiselect'] = 1;
            }
        }
    }
    if (!empty($existing_file_id)) {
        $existing_file_id_list = '';
        foreach ($existing_file_id as $value) {
            $existing_file_id_list .= 'element_' . $value . ',';
        }
        $existing_file_id_list = rtrim($existing_file_id_list, ',');
        if (!empty($_SESSION['review_id'])) {
            $current_session_id = $_SESSION['review_id'];
            $query = "select {$existing_file_id_list} from " . MF_TABLE_PREFIX . "form_{$form_id}_review where `id`=?";
        } else {
            if ($is_edit_page === true) {
                //if this is edit_entry.php page
                $current_session_id = $edit_id;
                $query = "select {$existing_file_id_list} from " . MF_TABLE_PREFIX . "form_{$form_id} where `id`=?";
            } else {
                $current_session_id = session_id();
                $query = "select {$existing_file_id_list} from " . MF_TABLE_PREFIX . "form_{$form_id}_review where `session_id`=?";
            }
        }
        $params = array($current_session_id);
        $sth = mf_do_query($query, $params, $dbh);
        $row = mf_do_fetch_result($sth);
        foreach ($existing_file_id as $value) {
            if (!empty($row['element_' . $value])) {
                $element_info[$value]['existing_file'] = $row['element_' . $value];
            }
        }
    }
    //pick user input
    $user_input = array();
    foreach ($element_to_get as $element_name) {
        $user_input[$element_name] = @$input[$element_name];
    }
    //if conditional logic for field is being enabled, and this is not edit entry page
    //we need to check the status of all elements which has "required" property
    //the "required" status might be disabled, depend on the condition
    if (!empty($logic_field_enable) && $is_edit_page === false) {
        $required_elements_status = array();
        $required_elements_status = mf_get_required_elements_status($dbh, $form_id, $page_number, $input);
        if (!empty($required_elements_status)) {
            foreach ($required_elements_status as $element_id => $required_status) {
                $element_info[$element_id]['is_required'] = $required_status;
            }
        }
    } else {
        if (!empty($logic_field_enable) && $is_edit_page === true) {
            //if this edit entry page and has logic enabled, disable all "required" fields
            foreach ($element_info as $element_id => $value) {
                $element_info[$element_id]['is_required'] = 0;
            }
        }
    }
    $error_elements = array();
    $table_data = array();
    //validate input based on rules specified for each field
    foreach ($user_input as $element_name => $element_data) {
        //get element_id from element_name
        $exploded = array();
        $exploded = explode('_', $element_name);
        $element_id = $exploded[1];
        $rules = array();
        $target_input = array();
        $element_type = $element_info[$element_id]['type'];
        //if this is private fields and not logged-in as admin, bypass operation below, just supply the default value if any
        if ($element_info[$element_id]['is_private'] == 1 && empty($_SESSION['mf_logged_in'])) {
            if (!empty($element_info[$element_id]['default_value'])) {
                $table_data['element_' . $element_id] = $element_info[$element_id]['default_value'];
            }
            continue;
        }
        //if this is matrix field, we need to convert the field type into radio button or checkbox
        if ('matrix' == $element_type) {
            $is_matrix_field = true;
            if (!empty($element_info[$element_id]['matrix_allow_multiselect'])) {
                $element_type = 'checkbox';
            } else {
                $element_type = 'radio';
            }
        } else {
            $is_matrix_field = false;
        }
        if ('text' == $element_type) {
            //Single Line Text
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
            }
            if ($element_info[$element_id]['is_unique']) {
                $rules[$element_name]['unique'] = $form_id . '#' . $element_name;
                $target_input['dbh'] = $dbh;
                //we need to pass the $dbh for this 'unique' rule
            }
            if (!empty($user_input[$element_name]) || is_numeric($user_input[$element_name])) {
                if (!empty($element_info[$element_id]['range_max']) && !empty($element_info[$element_id]['range_min'])) {
                    $rules[$element_name]['range_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min'] . '#' . $element_info[$element_id]['range_max'];
                } else {
                    if (!empty($element_info[$element_id]['range_max'])) {
                        $rules[$element_name]['max_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_max'];
                    } else {
                        if (!empty($element_info[$element_id]['range_min'])) {
                            $rules[$element_name]['min_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min'];
                        }
                    }
                }
            }
            $target_input[$element_name] = $element_data;
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($element_data);
            //prepare data for table column
            $table_data[$element_name] = $element_data;
        } elseif ('textarea' == $element_type) {
            //Paragraph
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
            }
            if ($element_info[$element_id]['is_unique']) {
                $rules[$element_name]['unique'] = $form_id . '#' . $element_name;
                $target_input['dbh'] = $dbh;
                //we need to pass the $dbh for this 'unique' rule
            }
            if (!empty($user_input[$element_name]) || is_numeric($user_input[$element_name])) {
                if (!empty($element_info[$element_id]['range_max']) && !empty($element_info[$element_id]['range_min'])) {
                    $rules[$element_name]['range_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min'] . '#' . $element_info[$element_id]['range_max'];
                } else {
                    if (!empty($element_info[$element_id]['range_max'])) {
                        $rules[$element_name]['max_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_max'];
                    } else {
                        if (!empty($element_info[$element_id]['range_min'])) {
                            $rules[$element_name]['min_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min'];
                        }
                    }
                }
            }
            $target_input[$element_name] = $element_data;
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($element_data);
            //prepare data for table column
            $table_data[$element_name] = $element_data;
        } elseif ('signature' == $element_type) {
            //Signature
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
            }
            $target_input[$element_name] = $element_data;
            if ($target_input[$element_name] == '[]') {
                //this is considered as empty signature
                $target_input[$element_name] = '';
            }
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($element_data, ENT_NOQUOTES);
            //prepare data for table column
            $table_data[$element_name] = $element_data;
        } elseif ('radio' == $element_type) {
            //Multiple Choice
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
            }
            //if this field has 'other' label
            if (!empty($element_info[$element_id]['choice_has_other'])) {
                if (empty($element_data) && !empty($input[$element_name . '_other'])) {
                    $element_data = $input[$element_name . '_other'];
                    //save old data into array, for form redisplay in case errors occured
                    $form_data[$element_name . '_other']['default_value'] = $element_data;
                    $table_data[$element_name . '_other'] = $element_data;
                    //make sure to set the main element value to 0
                    $form_data[$element_name]['default_value'] = 0;
                    $table_data[$element_name] = 0;
                }
            }
            $target_input[$element_name] = $element_data;
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                if ($is_matrix_field && !empty($matrix_childs_array[$element_id])) {
                    $error_elements[$matrix_childs_array[$element_id]] = $validation_result;
                } else {
                    $error_elements[$element_id] = $validation_result;
                }
            }
            //save old data into array, for form redisplay in case errors occured
            if (empty($form_data[$element_name . '_other']['default_value'])) {
                $form_data[$element_name]['default_value'] = $element_data;
            }
            //prepare data for table column
            if (empty($table_data[$element_name . '_other'])) {
                $table_data[$element_name] = $element_data;
            }
        } elseif ('number' == $element_type) {
            //Number
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
            }
            if ($element_info[$element_id]['is_unique']) {
                $rules[$element_name]['unique'] = $form_id . '#' . $element_name;
                $target_input['dbh'] = $dbh;
                //we need to pass the $dbh for this 'unique' rule
            }
            //check for numeric if not empty
            if (!empty($user_input[$element_name])) {
                $rules[$element_name]['numeric'] = true;
            }
            if ((!empty($user_input[$element_name]) || is_numeric($user_input[$element_name])) && $element_info[$element_id]['range_limit_by'] == 'd') {
                if (!empty($element_info[$element_id]['range_max']) && !empty($element_info[$element_id]['range_min'])) {
                    $rules[$element_name]['range_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min'] . '#' . $element_info[$element_id]['range_max'];
                } else {
                    if (!empty($element_info[$element_id]['range_max'])) {
                        $rules[$element_name]['max_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_max'];
                    } else {
                        if (!empty($element_info[$element_id]['range_min'])) {
                            $rules[$element_name]['min_length'] = $element_info[$element_id]['range_limit_by'] . '#' . $element_info[$element_id]['range_min'];
                        }
                    }
                }
            } else {
                if ((!empty($user_input[$element_name]) || is_numeric($user_input[$element_name])) && $element_info[$element_id]['range_limit_by'] == 'v') {
                    if (!empty($element_info[$element_id]['range_max']) && !empty($element_info[$element_id]['range_min'])) {
                        $rules[$element_name]['range_value'] = $element_info[$element_id]['range_min'] . '#' . $element_info[$element_id]['range_max'];
                    } else {
                        if (!empty($element_info[$element_id]['range_max'])) {
                            $rules[$element_name]['max_value'] = $element_info[$element_id]['range_max'];
                        } else {
                            if (!empty($element_info[$element_id]['range_min'])) {
                                $rules[$element_name]['min_value'] = $element_info[$element_id]['range_min'];
                            }
                        }
                    }
                }
            }
            $target_input[$element_name] = $element_data;
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($element_data);
            //prepare data for table column
            $table_data[$element_name] = $element_data;
            //if the user removed the number, set the value to null
            if ($table_data[$element_name] == "") {
                $table_data[$element_name] = null;
            }
        } elseif ('url' == $element_type) {
            //Website
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
            }
            if ($element_info[$element_id]['is_unique']) {
                $rules[$element_name]['unique'] = $form_id . '#' . $element_name;
                $target_input['dbh'] = $dbh;
                //we need to pass the $dbh for this 'unique' rule
            }
            $rules[$element_name]['website'] = true;
            if ($element_data == 'http://') {
                $element_data = '';
            }
            $target_input[$element_name] = $element_data;
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($element_data);
            //prepare data for table column
            $table_data[$element_name] = $element_data;
        } elseif ('email' == $element_type) {
            //Email
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
            }
            if ($element_info[$element_id]['is_unique']) {
                $rules[$element_name]['unique'] = $form_id . '#' . $element_name;
                $target_input['dbh'] = $dbh;
                //we need to pass the $dbh for this 'unique' rule
            }
            $rules[$element_name]['email'] = true;
            $target_input[$element_name] = $element_data;
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($element_data);
            //prepare data for table column
            $table_data[$element_name] = $element_data;
        } elseif ('simple_name' == $element_type) {
            //Simple Name
            if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) {
                continue;
            }
            //compound element, grab the other element, 2 elements total
            $element_name_2 = substr($element_name, 0, -1) . '2';
            $processed_elements[] = $element_name_2;
            //put this element into array so that it won't be processed on next loop
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
                $rules[$element_name_2]['required'] = true;
            }
            $target_input[$element_name] = $user_input[$element_name];
            $target_input[$element_name_2] = $user_input[$element_name_2];
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
            $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]);
            //prepare data for table column
            $table_data[$element_name] = $user_input[$element_name];
            $table_data[$element_name_2] = $user_input[$element_name_2];
        } elseif ('simple_name_wmiddle' == $element_type) {
            //Simple Name with Middle
            if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) {
                continue;
            }
            //compound element, grab the other elements, 3 elements total
            $element_name_2 = substr($element_name, 0, -1) . '2';
            $element_name_3 = substr($element_name, 0, -1) . '3';
            $processed_elements[] = $element_name_2;
            //put this element into array so that it won't be processed on next loop
            $processed_elements[] = $element_name_3;
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
                $rules[$element_name_3]['required'] = true;
            }
            $target_input[$element_name] = $user_input[$element_name];
            $target_input[$element_name_3] = $user_input[$element_name_3];
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
            $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]);
            $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]);
            //prepare data for table column
            $table_data[$element_name] = $user_input[$element_name];
            $table_data[$element_name_2] = $user_input[$element_name_2];
            $table_data[$element_name_3] = $user_input[$element_name_3];
        } elseif ('name' == $element_type) {
            //Name -  Extended
            if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) {
                continue;
            }
            //compound element, grab the other element, 4 elements total
            //only element no 2&3 matters (first and last name)
            $element_name_2 = substr($element_name, 0, -1) . '2';
            $element_name_3 = substr($element_name, 0, -1) . '3';
            $element_name_4 = substr($element_name, 0, -1) . '4';
            $processed_elements[] = $element_name_2;
            //put this element into array so that it won't be processed next
            $processed_elements[] = $element_name_3;
            $processed_elements[] = $element_name_4;
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name_2]['required'] = true;
                $rules[$element_name_3]['required'] = true;
            }
            $target_input[$element_name_2] = $user_input[$element_name_2];
            $target_input[$element_name_3] = $user_input[$element_name_3];
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
            $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]);
            $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]);
            $form_data[$element_name_4]['default_value'] = htmlspecialchars($user_input[$element_name_4]);
            //prepare data for table column
            $table_data[$element_name] = $user_input[$element_name];
            $table_data[$element_name_2] = $user_input[$element_name_2];
            $table_data[$element_name_3] = $user_input[$element_name_3];
            $table_data[$element_name_4] = $user_input[$element_name_4];
        } elseif ('name_wmiddle' == $element_type) {
            //Name -  Extended, with Middle
            if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) {
                continue;
            }
            //compound element, grab the other element, 5 elements total
            //only element no 2,3,4 matters (first, middle, last name)
            $element_name_2 = substr($element_name, 0, -1) . '2';
            $element_name_3 = substr($element_name, 0, -1) . '3';
            $element_name_4 = substr($element_name, 0, -1) . '4';
            $element_name_5 = substr($element_name, 0, -1) . '5';
            $processed_elements[] = $element_name_2;
            //put this element into array so that it won't be processed next
            $processed_elements[] = $element_name_3;
            $processed_elements[] = $element_name_4;
            $processed_elements[] = $element_name_5;
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name_2]['required'] = true;
                $rules[$element_name_4]['required'] = true;
            }
            $target_input[$element_name_2] = $user_input[$element_name_2];
            $target_input[$element_name_4] = $user_input[$element_name_4];
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
            $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]);
            $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]);
            $form_data[$element_name_4]['default_value'] = htmlspecialchars($user_input[$element_name_4]);
            $form_data[$element_name_5]['default_value'] = htmlspecialchars($user_input[$element_name_5]);
            //prepare data for table column
            $table_data[$element_name] = $user_input[$element_name];
            $table_data[$element_name_2] = $user_input[$element_name_2];
            $table_data[$element_name_3] = $user_input[$element_name_3];
            $table_data[$element_name_4] = $user_input[$element_name_4];
            $table_data[$element_name_5] = $user_input[$element_name_5];
        } elseif ('time' == $element_type) {
            //Time
            if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) {
                continue;
            }
            //compound element, grab the other element, 4 elements total
            $element_name_2 = substr($element_name, 0, -1) . '2';
            $element_name_3 = substr($element_name, 0, -1) . '3';
            $element_name_4 = substr($element_name, 0, -1) . '4';
            $processed_elements[] = $element_name_2;
            //put this element into array so that it won't be processed next
            $processed_elements[] = $element_name_3;
            $processed_elements[] = $element_name_4;
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name_2]['required'] = true;
                $rules[$element_name_3]['required'] = true;
                if (empty($element_info[$element_id]['time_24hour'])) {
                    $rules[$element_name_4]['required'] = true;
                }
            }
            //check time validity if any of the compound field entered
            $time_entry_exist = false;
            if (!empty($user_input[$element_name]) || !empty($user_input[$element_name_2]) || !empty($user_input[$element_name_3])) {
                $rules['element_time']['time'] = true;
                $time_entry_exist = true;
            }
            //for backward compatibility with machform v2 and beyond
            if ($element_info[$element_id]['constraint'] == 'show_seconds') {
                $element_info[$element_id]['time_showsecond'] = 1;
            }
            if ($time_entry_exist && empty($element_info[$element_id]['time_showsecond'])) {
                $user_input[$element_name_3] = '00';
            }
            if ($element_info[$element_id]['is_unique']) {
                $rules['element_time_no_meridiem']['unique'] = $form_id . '#' . substr($element_name, 0, -2);
                //to check uniquenes we need to use 24 hours HH:MM:SS format
                $target_input['dbh'] = $dbh;
                //we need to pass the $dbh for this 'unique' rule
            }
            $target_input[$element_name_2] = $user_input[$element_name_2];
            $target_input[$element_name_3] = $user_input[$element_name_3];
            $target_input[$element_name_4] = $user_input[$element_name_4];
            if ($time_entry_exist) {
                $target_input['element_time'] = trim($user_input[$element_name] . ':' . $user_input[$element_name_2] . ':' . $user_input[$element_name_3] . ' ' . $user_input[$element_name_4]);
                $target_input['element_time_no_meridiem'] = @date("G:i:s", strtotime($target_input['element_time']));
            }
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
            $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]);
            $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]);
            $form_data[$element_name_4]['default_value'] = htmlspecialchars($user_input[$element_name_4]);
            //prepare data for table column
            $table_data[substr($element_name, 0, -2)] = @$target_input['element_time_no_meridiem'];
        } elseif ('address' == $element_type) {
            //Address
            if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) {
                continue;
            }
            //compound element, grab the other element, 6 elements total, element #2 (address line 2) is optional
            $element_name_2 = substr($element_name, 0, -1) . '2';
            $element_name_3 = substr($element_name, 0, -1) . '3';
            $element_name_4 = substr($element_name, 0, -1) . '4';
            $element_name_5 = substr($element_name, 0, -1) . '5';
            $element_name_6 = substr($element_name, 0, -1) . '6';
            $processed_elements[] = $element_name_2;
            //put this element into array so that it won't be processed next
            $processed_elements[] = $element_name_3;
            $processed_elements[] = $element_name_4;
            $processed_elements[] = $element_name_5;
            $processed_elements[] = $element_name_6;
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
                $rules[$element_name_3]['required'] = true;
                $rules[$element_name_4]['required'] = true;
                $rules[$element_name_5]['required'] = true;
                $rules[$element_name_6]['required'] = true;
            }
            $target_input[$element_name] = $user_input[$element_name];
            $target_input[$element_name_3] = $user_input[$element_name_3];
            $target_input[$element_name_4] = $user_input[$element_name_4];
            $target_input[$element_name_5] = $user_input[$element_name_5];
            $target_input[$element_name_6] = $user_input[$element_name_6];
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
            $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]);
            $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]);
            $form_data[$element_name_4]['default_value'] = htmlspecialchars($user_input[$element_name_4]);
            $form_data[$element_name_5]['default_value'] = htmlspecialchars($user_input[$element_name_5]);
            $form_data[$element_name_6]['default_value'] = htmlspecialchars($user_input[$element_name_6]);
            //prepare data for table column
            $table_data[$element_name] = $user_input[$element_name];
            $table_data[$element_name_2] = $user_input[$element_name_2];
            $table_data[$element_name_3] = $user_input[$element_name_3];
            $table_data[$element_name_4] = $user_input[$element_name_4];
            $table_data[$element_name_5] = $user_input[$element_name_5];
            $table_data[$element_name_6] = $user_input[$element_name_6];
        } elseif ('money' == $element_type) {
            //Price
            if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) {
                continue;
            }
            //compound element, grab the other element, 2 elements total (for currency other than yen)
            if ($element_info[$element_id]['constraint'] != 'yen') {
                //if other than yen
                $base_element_name = substr($element_name, 0, -1);
                $element_name_2 = $base_element_name . '2';
                $processed_elements[] = $element_name_2;
                if ($element_info[$element_id]['is_required']) {
                    $rules[$base_element_name]['required'] = true;
                }
                //check for numeric if not empty
                if (!empty($user_input[$element_name]) || !empty($user_input[$element_name_2])) {
                    $rules[$base_element_name]['numeric'] = true;
                }
                if ($element_info[$element_id]['is_unique']) {
                    $rules[$base_element_name]['unique'] = $form_id . '#' . substr($element_name, 0, -2);
                    $target_input['dbh'] = $dbh;
                    //we need to pass the $dbh for this 'unique' rule
                }
                $target_input[$base_element_name] = $user_input[$element_name] . '.' . $user_input[$element_name_2];
                //join dollar+cent
                if ($target_input[$base_element_name] == '.') {
                    $target_input[$base_element_name] = '';
                }
                //save old data into array, for form redisplay in case errors occured
                $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
                $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]);
                //prepare data for table column
                if (!empty($user_input[$element_name]) || !empty($user_input[$element_name_2]) || $user_input[$element_name] === '0' || $user_input[$element_name_2] === '0') {
                    $table_data[substr($element_name, 0, -2)] = $user_input[$element_name] . '.' . $user_input[$element_name_2];
                }
                //if the user removed the number, set the value to null
                if ($user_input[$element_name] == "" && $user_input[$element_name_2] == "") {
                    $table_data[substr($element_name, 0, -2)] = null;
                }
            } else {
                if ($element_info[$element_id]['is_required']) {
                    $rules[$element_name]['required'] = true;
                }
                //check for numeric if not empty
                if (!empty($user_input[$element_name])) {
                    $rules[$element_name]['numeric'] = true;
                }
                if ($element_info[$element_id]['is_unique']) {
                    $rules[$element_name]['unique'] = $form_id . '#' . $element_name;
                    $target_input['dbh'] = $dbh;
                    //we need to pass the $dbh for this 'unique' rule
                }
                $target_input[$element_name] = $user_input[$element_name];
                //save old data into array, for form redisplay in case errors occured
                $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
                //prepare data for table column
                $table_data[$element_name] = $user_input[$element_name];
                //if the user removed the number, set the value to null
                if ($table_data[$element_name] == "") {
                    $table_data[$element_name] = null;
                }
            }
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
        } elseif ('checkbox' == $element_type) {
            //Checkboxes
            if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) {
                continue;
            }
            $all_child_array = array();
            $all_child_array = $checkbox_childs[$element_id];
            $base_element_name = 'element_' . $element_id . '_';
            if (!empty($element_info[$element_id]['choice_has_other'])) {
                $all_checkbox_value = $input[$base_element_name . 'other'];
                //save old data into array, for form redisplay in case errors occured
                $form_data[$base_element_name . 'other']['default_value'] = $input[$base_element_name . 'other'];
                $table_data[$base_element_name . 'other'] = $input[$base_element_name . 'other'];
            } else {
                $all_checkbox_value = '';
            }
            if ($element_info[$element_id]['is_required']) {
                //checking 'required' for checkboxes is more complex
                //we need to get total child, and join it into one element
                //only one element is required to be checked
                foreach ($all_child_array as $i) {
                    $all_checkbox_value .= $user_input[$base_element_name . $i];
                    $processed_elements[] = $base_element_name . $i;
                    //save old data into array, for form redisplay in case errors occured
                    $form_data[$base_element_name . $i]['default_value'] = $user_input[$base_element_name . $i];
                    //prepare data for table column
                    $table_data[$base_element_name . $i] = $user_input[$base_element_name . $i];
                }
                $rules[$base_element_name]['required'] = true;
                $target_input[$base_element_name] = $all_checkbox_value;
                $validation_result = mf_validate_element($target_input, $rules);
                if ($validation_result !== true) {
                    if ($is_matrix_field && !empty($matrix_childs_array[$element_id])) {
                        $error_elements[$matrix_childs_array[$element_id]] = $validation_result;
                    } else {
                        $error_elements[$element_id] = $validation_result;
                    }
                }
            } else {
                //if not required, we only need to capture all data
                foreach ($all_child_array as $i) {
                    //save old data into array, for form redisplay in case errors occured
                    $form_data[$base_element_name . $i]['default_value'] = $user_input[$base_element_name . $i];
                    //prepare data for table column
                    $table_data[$base_element_name . $i] = $user_input[$base_element_name . $i];
                }
            }
        } elseif ('select' == $element_type) {
            //Drop Down
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
            }
            $target_input[$element_name] = $element_data;
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = $user_input[$element_name];
            //prepare data for table column
            $table_data[$element_name] = $user_input[$element_name];
        } elseif ('date' == $element_type || 'europe_date' == $element_type) {
            //Date
            if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) {
                continue;
            }
            //compound element, grab the other element, 3 elements total
            $element_name_2 = substr($element_name, 0, -1) . '2';
            $element_name_3 = substr($element_name, 0, -1) . '3';
            $processed_elements[] = $element_name_2;
            //put this element into array so that it won't be processed next
            $processed_elements[] = $element_name_3;
            if (!empty($element_info[$element_id]['is_required'])) {
                $rules[$element_name]['required'] = true;
                $rules[$element_name_2]['required'] = true;
                $rules[$element_name_3]['required'] = true;
            }
            $rules['element_date']['date'] = 'yyyy/mm/dd';
            if (!empty($element_info[$element_id]['is_unique'])) {
                $rules['element_date']['unique'] = $form_id . '#' . substr($element_name, 0, -2);
                $target_input['dbh'] = $dbh;
                //we need to pass the $dbh for this 'unique' rule
            }
            if (!empty($element_info[$element_id]['date_enable_range'])) {
                if (!empty($element_info[$element_id]['date_range_max']) || !empty($element_info[$element_id]['date_range_min'])) {
                    $rules['element_date']['date_range'] = $element_info[$element_id]['date_range_min'] . '#' . $element_info[$element_id]['date_range_max'];
                }
            }
            //disable past/future dates, if enabled. this rule override the date range rule being set above
            if (!empty($element_info[$element_id]['date_disable_past_future'])) {
                $today_date = date('Y-m-d', time());
                if ($element_info[$element_id]['date_past_future'] == 'p') {
                    //disable past dates
                    $rules['element_date']['date_range'] = $today_date . '#0000-00-00';
                } else {
                    if ($element_info[$element_id]['date_past_future'] == 'f') {
                        //disable future dates
                        $rules['element_date']['date_range'] = '0000-00-00#' . $today_date;
                    }
                }
            }
            //check for weekend dates rule
            if (!empty($element_info[$element_id]['date_disable_weekend'])) {
                $rules['element_date']['date_weekend'] = true;
            }
            //get disabled dates (either coming from 'date selection limit' or 'disable specific dates' rules)
            $disabled_dates = array();
            //get disabled dates from 'date selection limit' rule
            if (!empty($element_info[$element_id]['date_enable_selection_limit']) && !empty($element_info[$element_id]['date_selection_max'])) {
                $sub_query = "select \r\n\t\t\t\t\t\t\t\t\t\tselected_date \r\n\t\t\t\t\t\t\t\t\tfrom (\r\n\t\t\t\t\t\t\t\t\t\t\tselect \r\n\t\t\t\t\t\t\t\t\t\t\t\t  date_format(element_{$element_id},'%Y-%c-%e') as selected_date,\r\n\t\t\t\t\t\t\t\t\t\t\t\t  count(element_{$element_id}) as total_selection \r\n\t\t\t\t\t\t\t\t\t\t      from \r\n\t\t\t\t\t\t\t\t\t\t      \t  " . MF_TABLE_PREFIX . "form_{$form_id} \r\n\t\t\t\t\t\t\t\t\t\t     where \r\n\t\t\t\t\t\t\t\t\t\t     \t  status=1 and element_{$element_id} is not null \r\n\t\t\t\t\t\t\t\t\t\t  group by \r\n\t\t\t\t\t\t\t\t\t\t  \t\t  element_{$element_id}\r\n\t\t\t\t\t\t\t\t\t\t ) as A\r\n\t\t\t\t\t\t\t\t   where \r\n\t\t\t\t\t\t\t\t\t\t A.total_selection >= ?";
                $params = array($element_info[$element_id]['date_selection_max']);
                $sub_sth = mf_do_query($sub_query, $params, $dbh);
                while ($sub_row = mf_do_fetch_result($sub_sth)) {
                    $disabled_dates[] = $sub_row['selected_date'];
                }
            }
            //get disabled dates from 'disable specific dates' rules
            if (!empty($element_info[$element_id]['date_disable_specific']) && !empty($element_info[$element_id]['date_disabled_list'])) {
                $exploded = array();
                $exploded = explode(',', $element_info[$element_id]['date_disabled_list']);
                foreach ($exploded as $date_value) {
                    $disabled_dates[] = date('Y-n-j', strtotime(trim($date_value)));
                }
            }
            if (!empty($disabled_dates)) {
                $rules['element_date']['disabled_dates'] = $disabled_dates;
            }
            $target_input[$element_name] = $user_input[$element_name];
            $target_input[$element_name_2] = $user_input[$element_name_2];
            $target_input[$element_name_3] = $user_input[$element_name_3];
            $base_element_name = substr($element_name, 0, -2);
            if ('date' == $element_type) {
                //MM/DD/YYYY
                $target_input['element_date'] = $user_input[$element_name_3] . '-' . $user_input[$element_name] . '-' . $user_input[$element_name_2];
                //prepare data for table column
                $table_data[$base_element_name] = $user_input[$element_name_3] . '-' . $user_input[$element_name] . '-' . $user_input[$element_name_2];
            } else {
                //DD/MM/YYYY
                $target_input['element_date'] = $user_input[$element_name_3] . '-' . $user_input[$element_name_2] . '-' . $user_input[$element_name];
                //prepare data for table column
                $table_data[$base_element_name] = $user_input[$element_name_3] . '-' . $user_input[$element_name_2] . '-' . $user_input[$element_name];
            }
            $test_empty = str_replace('-', '', $target_input['element_date']);
            //if user not submitting any entry, remove the dashes
            if (empty($test_empty)) {
                unset($target_input['element_date']);
                $table_data[$base_element_name] = '';
            }
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
            $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]);
            $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]);
        } elseif ('simple_phone' == $element_type) {
            //Simple Phone
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
            }
            if (!empty($user_input[$element_name])) {
                $rules[$element_name]['simple_phone'] = true;
            }
            if ($element_info[$element_id]['is_unique']) {
                $rules[$element_name]['unique'] = $form_id . '#' . $element_name;
                $target_input['dbh'] = $dbh;
                //we need to pass the $dbh for this 'unique' rule
            }
            $target_input[$element_name] = $user_input[$element_name];
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
            //prepare data for table column
            $table_data[$element_name] = $user_input[$element_name];
        } elseif ('phone' == $element_type) {
            //Phone - US format
            if (!empty($processed_elements) && is_array($processed_elements) && in_array($element_name, $processed_elements)) {
                continue;
            }
            //compound element, grab the other element, 3 elements total
            $element_name_2 = substr($element_name, 0, -1) . '2';
            $element_name_3 = substr($element_name, 0, -1) . '3';
            $processed_elements[] = $element_name_2;
            //put this element into array so that it won't be processed next
            $processed_elements[] = $element_name_3;
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
                $rules[$element_name_2]['required'] = true;
                $rules[$element_name_3]['required'] = true;
            }
            $rules['element_phone']['phone'] = true;
            if ($element_info[$element_id]['is_unique']) {
                $rules['element_phone']['unique'] = $form_id . '#' . substr($element_name, 0, -2);
                $target_input['dbh'] = $dbh;
                //we need to pass the $dbh for this 'unique' rule
            }
            $target_input[$element_name] = $user_input[$element_name];
            $target_input[$element_name_2] = $user_input[$element_name_2];
            $target_input[$element_name_3] = $user_input[$element_name_3];
            $target_input['element_phone'] = $user_input[$element_name] . $user_input[$element_name_2] . $user_input[$element_name_3];
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
            $form_data[$element_name_2]['default_value'] = htmlspecialchars($user_input[$element_name_2]);
            $form_data[$element_name_3]['default_value'] = htmlspecialchars($user_input[$element_name_3]);
            //prepare data for table column
            $table_data[substr($element_name, 0, -2)] = $user_input[$element_name] . $user_input[$element_name_2] . $user_input[$element_name_3];
        } elseif ('email' == $element_type) {
            //Email
            if ($element_info[$element_id]['is_required']) {
                $rules[$element_name]['required'] = true;
            }
            if ($element_info[$element_id]['is_unique']) {
                $rules[$element_name]['unique'] = $form_id . '#' . $element_name;
                $target_input['dbh'] = $dbh;
                //we need to pass the $dbh for this 'unique' rule
            }
            $rules[$element_name]['email'] = true;
            $target_input[$element_name] = $element_data;
            $validation_result = mf_validate_element($target_input, $rules);
            if ($validation_result !== true) {
                $error_elements[$element_id] = $validation_result;
            }
            //save old data into array, for form redisplay in case errors occured
            $form_data[$element_name]['default_value'] = htmlspecialchars($user_input[$element_name]);
            //prepare data for table column
            $table_data[$element_name] = $user_input[$element_name];
        } elseif ('file' == $element_type) {
            //File
            $listfile_name = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/listfile_{$input[$element_name . '_token']}.php";
            if (!file_exists($listfile_name)) {
                $check_filetype = false;
                if ($element_info[$element_id]['is_required']) {
                    $rules[$element_name]['required_file'] = true;
                    $rules[$element_name]['filetype'] = true;
                    $check_filetype = true;
                    //if form review enabled, and user pressed back button after going to review page
                    //or if this is multipage form
                    //disable the required file checking if file already uploaded
                    if (!empty($_SESSION['review_id']) || $form_page_total > 1 || $is_edit_page === true) {
                        if (!empty($element_info[$element_id]['existing_file'])) {
                            unset($rules[$element_name]['required_file']);
                            unset($rules[$element_name]['filetype']);
                            $check_filetype = false;
                        }
                    }
                } else {
                    if ($_FILES[$element_name]['size'] > 0) {
                        $rules[$element_name]['filetype'] = true;
                        $check_filetype = true;
                    }
                }
                if ($check_filetype == true && !empty($element_info[$element_id]['file_enable_type_limit'])) {
                    if ($element_info[$element_id]['file_block_or_allow'] == 'b') {
                        //block file type
                        $target_input['file_block_or_allow'] = 'b';
                    } elseif ($element_info[$element_id]['file_block_or_allow'] == 'a') {
                        $target_input['file_block_or_allow'] = 'a';
                    }
                    $target_input['file_type_list'] = $element_info[$element_id]['file_type_list'];
                }
                $target_input[$element_name] = $element_name;
                //special for file, only need to pass input name
                $validation_result = mf_validate_element($target_input, $rules);
                if ($validation_result !== true) {
                    $error_elements[$element_id] = $validation_result;
                } else {
                    //if validation passed, store uploaded file info into array
                    if ($_FILES[$element_name]['size'] > 0) {
                        $uploaded_files[] = $element_name;
                    }
                }
            } else {
                //if files were uploaded using advance uploader
                //file type validation already done in upload.php, so we don't need to do validation again here
                //store uploaded file list into array
                $current_element_uploaded_files_advance = array();
                $current_element_uploaded_files_advance = file($listfile_name, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
                array_shift($current_element_uploaded_files_advance);
                //remove the first index of the array
                array_pop($current_element_uploaded_files_advance);
                //remove the last index of the array
                $uploaded_files_advance[$element_id]['listfile_name'] = $listfile_name;
                $uploaded_files_advance[$element_id]['listfile_content'] = $current_element_uploaded_files_advance;
                //save old token into array, for form redisplay in case errors occured
                $form_data[$element_name]['file_token'] = $input[$element_name . '_token'];
            }
        }
    }
    //get form redirect info, if any
    //get form properties data
    $query = "select \r\n\t\t\t\t\t\t form_redirect,\r\n\t\t\t\t\t\t form_redirect_enable,\r\n\t\t\t\t\t\t form_email,\r\n\t\t\t\t\t\t form_unique_ip,\r\n\t\t\t\t\t\t form_captcha,\r\n\t\t\t\t\t\t form_captcha_type,\r\n\t\t\t\t\t\t form_review,\r\n\t\t\t\t\t\t form_page_total,\r\n\t\t\t\t\t\t form_resume_enable,\r\n\t\t\t\t\t\t form_name,\r\n\t\t\t\t\t\t esl_enable,\r\n\t\t\t\t\t\t esl_from_name,\r\n\t\t\t\t\t\t esl_from_email_address,\r\n\t\t\t\t\t\t esl_subject,\r\n\t\t\t\t\t\t esl_content,\r\n\t\t\t\t\t\t esl_plain_text,\r\n\t\t\t\t\t\t esr_enable,\r\n\t\t\t\t\t\t esr_email_address,\r\n\t\t\t\t\t\t esr_from_name,\r\n\t\t\t\t\t\t esr_from_email_address,\r\n\t\t\t\t\t\t esr_subject,\r\n\t\t\t\t\t\t esr_content,\r\n\t\t\t\t\t\t esr_plain_text,\r\n\t\t\t\t\t\t payment_enable_merchant,\r\n\t\t\t\t\t\t payment_merchant_type,\r\n\t\t\t\t\t\t ifnull(payment_paypal_email,'') payment_paypal_email,\r\n\t\t\t\t\t\t payment_paypal_language,\r\n\t\t\t\t\t\t payment_currency,\r\n\t\t\t\t\t\t payment_show_total,\r\n\t\t\t\t\t\t payment_total_location,\r\n\t\t\t\t\t\t payment_enable_recurring,\r\n\t\t\t\t\t\t payment_recurring_cycle,\r\n\t\t\t\t\t\t payment_recurring_unit,\r\n\t\t\t\t\t\t payment_price_type,\r\n\t\t\t\t\t\t payment_price_amount,\r\n\t\t\t\t\t\t payment_price_name\r\n\t\t\t\t     from \r\n\t\t\t\t     \t `" . MF_TABLE_PREFIX . "forms` \r\n\t\t\t\t    where \r\n\t\t\t\t    \t form_id=?";
    $params = array($form_id);
    $sth = mf_do_query($query, $params, $dbh);
    $row = mf_do_fetch_result($sth);
    if (!empty($row['form_redirect_enable'])) {
        $form_redirect = $row['form_redirect'];
    }
    $form_unique_ip = $row['form_unique_ip'];
    $form_email = $row['form_email'];
    $form_captcha = $row['form_captcha'];
    $form_captcha_type = $row['form_captcha_type'];
    $form_review = $row['form_review'];
    $form_page_total = $row['form_page_total'];
    $form_name = $row['form_name'];
    $user_ip_address = $_SERVER['REMOTE_ADDR'];
    $esl_enable = $row['esl_enable'];
    $esl_from_name = $row['esl_from_name'];
    $esl_from_email_address = $row['esl_from_email_address'];
    $esl_subject = $row['esl_subject'];
    $esl_content = $row['esl_content'];
    $esl_plain_text = $row['esl_plain_text'];
    $esr_enable = $row['esr_enable'];
    $esr_email_address = $row['esr_email_address'];
    $esr_from_name = $row['esr_from_name'];
    $esr_from_email_address = $row['esr_from_email_address'];
    $esr_subject = $row['esr_subject'];
    $esr_content = $row['esr_content'];
    $esr_plain_text = $row['esr_plain_text'];
    $payment_enable_merchant = (int) $row['payment_enable_merchant'];
    if ($payment_enable_merchant < 1) {
        $payment_enable_merchant = 0;
    }
    $payment_merchant_type = $row['payment_merchant_type'];
    $payment_paypal_email = $row['payment_paypal_email'];
    $payment_paypal_language = $row['payment_paypal_language'];
    $payment_currency = $row['payment_currency'];
    $payment_show_total = (int) $row['payment_show_total'];
    $payment_total_location = $row['payment_total_location'];
    $payment_enable_recurring = (int) $row['payment_enable_recurring'];
    $payment_recurring_cycle = (int) $row['payment_recurring_cycle'];
    $payment_recurring_unit = $row['payment_recurring_unit'];
    $payment_price_type = $row['payment_price_type'];
    $payment_price_amount = (double) $row['payment_price_amount'];
    $payment_price_name = $row['payment_price_name'];
    //if the user is saving a form to resume later, we need to discard all validation errors
    if (!empty($input['generate_resume_url']) && !empty($row['form_resume_enable']) && $form_page_total > 1) {
        $is_saving_form_resume = true;
        $error_elements = array();
    } else {
        $is_saving_form_resume = false;
    }
    $process_result['form_redirect'] = $form_redirect;
    $process_result['old_values'] = $form_data;
    $process_result['error_elements'] = $error_elements;
    //if this is edit_entry page, unique ip address validation should be bypassed
    $check_unique_ip = false;
    if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) {
        $check_unique_ip = false;
    } else {
        if (!empty($form_unique_ip)) {
            $check_unique_ip = true;
        }
    }
    //check for ip address
    if ($check_unique_ip === true) {
        //if ip address checking enabled, compare user ip address with value in db
        $query = "select count(id) total_ip from `" . MF_TABLE_PREFIX . "form_{$form_id}` where ip_address=?";
        $params = array($user_ip_address);
        $sth = mf_do_query($query, $params, $dbh);
        $row = mf_do_fetch_result($sth);
        if (!empty($row['total_ip'])) {
            $process_result['custom_error'] = 'Sorry, but this form is limited to one submission per user.';
        }
    }
    if (!empty($_SESSION['edit_entry']['form_id']) && $_SESSION['edit_entry']['form_id'] === $form_id) {
        //when editing an entry, the captcha shouldn't be checked
        $is_bypass_captcha = true;
    } else {
        if (!empty($_SESSION['captcha_passed'][$form_id]) && $_SESSION['captcha_passed'][$form_id] === true) {
            //if the user already validated the captcha once for that session (e.g. on multi-page form), no need to check it again
            $is_bypass_captcha = true;
        } else {
            $is_bypass_captcha = false;
        }
    }
    //check for captcha if enabled and there is no errors from previous fields
    //on multipage form, captcha should be validated on the last page only
    if (!empty($form_captcha) && empty($error_elements) && $is_bypass_captcha !== true) {
        if ($form_page_total == 1 || $form_page_total == $page_number) {
            if ($form_captcha_type == 'i') {
                //if simple image captcha is being used
                if (!empty($_POST['captcha_response_field'])) {
                    $captcha_response_field = trim($_POST['captcha_response_field']);
                    if (PhpCaptcha::Validate($captcha_response_field) !== true) {
                        $error_elements['element_captcha'] = 'incorrect-captcha-sol';
                        $process_result['error_elements'] = $error_elements;
                    } else {
                        //captcha succesfully validated
                        //set a session variable, so that the user won't need to fill it again, if this is a multi-page form
                        $_SESSION['captcha_passed'][$form_id] = true;
                    }
                } else {
                    //user not entered the words at all
                    $error_elements['element_captcha'] = 'el-required';
                    $process_result['error_elements'] = $error_elements;
                }
            } else {
                if ($form_captcha_type == 't') {
                    //if simple text captcha is being used
                    if (!empty($_POST['captcha_response_field'])) {
                        $captcha_response_field = strtolower(trim($_POST['captcha_response_field']));
                        if ($captcha_response_field != strtolower($_SESSION['MF_TEXT_CAPTCHA_ANSWER'])) {
                            $error_elements['element_captcha'] = 'incorrect-text-captcha-sol';
                            $process_result['error_elements'] = $error_elements;
                        } else {
                            unset($_SESSION['MF_TEXT_CAPTCHA_ANSWER']);
                            //captcha succesfully validated
                            //set a session variable, so that the user won't need to fill it again, if this is a multi-page form
                            $_SESSION['captcha_passed'][$form_id] = true;
                        }
                    } else {
                        //user not entered the words at all
                        $error_elements['element_captcha'] = 'el-text-required';
                        $process_result['error_elements'] = $error_elements;
                    }
                } else {
                    if ($form_captcha_type == 'r') {
                        //otherwise reCaptcha is being used
                        if (!empty($_POST['recaptcha_response_field'])) {
                            $recaptcha_response = recaptcha_check_answer(RECAPTCHA_PRIVATE_KEY, $user_ip_address, $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
                            if ($recaptcha_response !== false) {
                                //if false, then we can't connect to captcha server, bypass captcha checking
                                if ($recaptcha_response->is_valid === false) {
                                    $error_elements['element_captcha'] = $recaptcha_response->error;
                                    $process_result['error_elements'] = $error_elements;
                                } else {
                                    //captcha succesfully validated
                                    //set a session variable, so that the user won't need to fill it again, if this is a multi-page form
                                    $_SESSION['captcha_passed'][$form_id] = true;
                                }
                            }
                        } else {
                            //user not entered the words at all
                            $error_elements['element_captcha'] = 'el-required';
                            $process_result['error_elements'] = $error_elements;
                        }
                    }
                }
            }
        }
    }
    //if the 'previous' button being clicked, we need to discard any validation errors
    if (!empty($input['submit_secondary']) || !empty($input['submit_secondary_x'])) {
        $process_result['error_elements'] = '';
        $process_result['custom_error'] = '';
        $error_elements = array();
    }
    //insert ip address and date created
    $table_data['ip_address'] = $user_ip_address;
    $table_data['date_created'] = date("Y-m-d H:i:s");
    $is_inserted = false;
    //start insert data into table ----------------------
    //dynamically create the field list and field values, based on the input given
    if (!empty($table_data) && empty($error_elements) && empty($process_result['custom_error'])) {
        $has_value = false;
        $field_list = '';
        $field_values = '';
        foreach ($table_data as $key => $value) {
            if ($value == '') {
                //don't insert blank entry
                continue;
            }
            $field_list .= "`{$key}`,";
            $field_values .= ":{$key},";
            $params_table_data[':' . $key] = $value;
            if (!empty($value)) {
                $has_value = true;
            }
        }
        //add session_id to query if 'form review' enabled or this is multipage forms
        if (!empty($form_review) || $form_page_total > 1) {
            //save previously uploaded file list, so users don't need to reupload files
            //get all file uploads elements first
            $session_id = session_id();
            $file_uploads_array = array();
            $query = "SELECT \r\n\t\t\t\t\t\t\t\t\telement_id \r\n\t\t\t\t\t\t\t\tFROM \r\n\t\t\t\t\t\t\t\t\t" . MF_TABLE_PREFIX . "form_elements \r\n\t\t\t\t\t\t\t   WHERE \r\n\t\t\t\t\t\t\t   \t\tform_id=? AND \r\n\t\t\t\t\t\t\t   \t\telement_type='file' AND \r\n\t\t\t\t\t\t\t   \t\telement_is_private=0";
            $params = array($form_id);
            $sth = mf_do_query($query, $params, $dbh);
            while ($row = mf_do_fetch_result($sth)) {
                $file_uploads_array[] = 'element_' . $row['element_id'];
            }
            $file_uploads_column = implode('`,`', $file_uploads_array);
            $file_uploads_column = '`' . $file_uploads_column . '`';
            if (!empty($file_uploads_array)) {
                if (!empty($_SESSION['review_id'])) {
                    //if this is single page form and has review enabled
                    $query = "SELECT {$file_uploads_column} FROM `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where id=?";
                    $params = array($_SESSION['review_id']);
                } elseif ($form_page_total > 1) {
                    //if this is multi page form
                    $query = "SELECT {$file_uploads_column} FROM `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where session_id=?";
                    $params = array($session_id);
                }
                $sth = mf_do_query($query, $params, $dbh);
                $row = mf_do_fetch_result($sth);
                foreach ($file_uploads_array as $element_name) {
                    if (!empty($row[$element_name])) {
                        $uploaded_file_lookup[$element_name] = $row[$element_name];
                    }
                }
            }
            //add session_id to query if 'form review' enabled
            $field_list .= "`session_id`,";
            $field_values .= ":session_id,";
            $params_table_data[':session_id'] = $session_id;
        }
        if ($has_value) {
            //if blank form submitted, dont insert anything
            //start insert query ----------------------------------------
            $field_list = substr($field_list, 0, -1);
            $field_values = substr($field_values, 0, -1);
            if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) {
                //if this is edit_entry page submission, update the table
                $update_values = '';
                $params_update = array();
                unset($table_data['date_created']);
                $table_data['date_updated'] = date("Y-m-d H:i:s");
                foreach ($table_data as $key => $value) {
                    $update_values .= "`{$key}`=:{$key},";
                    $params_update[':' . $key] = $value;
                }
                $params_update[':id'] = $edit_id;
                $update_values = substr($update_values, 0, -1);
                $query = "UPDATE `" . MF_TABLE_PREFIX . "form_{$form_id}` set \r\n\t\t\t\t\t\t\t\t\t\t\t\t{$update_values}\r\n\t\t\t\t\t\t\t\t\t\t  where \r\n\t\t\t\t\t\t\t\t\t  \t  \t\t`id`=:id;";
                mf_do_query($query, $params_update, $dbh);
                $record_insert_id = $edit_id;
            } else {
                //insert to temporary table, if form review is enabled or this is multipage form
                if (!empty($form_review) || $form_page_total > 1) {
                    if ($form_page_total > 1) {
                        //if this is the first page and the first time being submitted, do insert table
                        //otherwise, do update table
                        $do_review_insert = false;
                        if ($input['page_number'] == 1) {
                            $session_id = session_id();
                            $query = "SELECT count(`id`) as total_row from " . MF_TABLE_PREFIX . "form_{$form_id}_review where session_id=?";
                            $params = array($session_id);
                            $sth = mf_do_query($query, $params, $dbh);
                            $row = mf_do_fetch_result($sth);
                            if ($row['total_row'] == 0) {
                                $do_review_insert = true;
                            }
                        }
                        //if this is the first page, do insert
                        if ($do_review_insert) {
                            $query = "INSERT INTO `" . MF_TABLE_PREFIX . "form_{$form_id}_review` ({$field_list}) VALUES ({$field_values});";
                            mf_do_query($query, $params_table_data, $dbh);
                            $record_insert_id = (int) $dbh->lastInsertId();
                        } else {
                            //otherwise, do update
                            //dynamically create the sql update string, based on the input given
                            $update_values = '';
                            $params_update = array();
                            foreach ($table_data as $key => $value) {
                                $update_values .= "`{$key}`=:{$key},";
                                $params_update[':' . $key] = $value;
                            }
                            $update_values = substr($update_values, 0, -1);
                            $params_update[':session_id'] = $session_id;
                            $query = "UPDATE `" . MF_TABLE_PREFIX . "form_{$form_id}_review` set \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$update_values}\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t  where \r\n\t\t\t\t\t\t\t\t\t\t\t\t  \t  \t\tsession_id=:session_id;";
                            mf_do_query($query, $params_update, $dbh);
                            $query = "SELECT `id` from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where session_id=?";
                            $params = array($session_id);
                            $sth = mf_do_query($query, $params, $dbh);
                            $row = mf_do_fetch_result($sth);
                            $record_insert_id = $row['id'];
                            //if this is the last page of the form, check if form review enabled or not
                            //if enabled, simply get the record_insert_id and send it as review_id
                            //otherwise, commit form review
                            if ($input['page_number'] == $form_page_total && (!empty($input['submit_primary']) || !empty($input['submit_primary_x'])) && !$is_saving_form_resume) {
                                if (!empty($form_review)) {
                                    //pass the current page number, so the user could go back from the preview page
                                    $process_result['origin_page_number'] = $input['page_number'];
                                } else {
                                    $query = "SELECT `id` from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where session_id=?";
                                    $params = array($session_id);
                                    $sth = mf_do_query($query, $params, $dbh);
                                    $row = mf_do_fetch_result($sth);
                                    $commit_options = array();
                                    $commit_options['send_notification'] = false;
                                    $commit_result = mf_commit_form_review($dbh, $form_id, $row['id'], $commit_options);
                                    $record_insert_id = $commit_result['record_insert_id'];
                                    $is_committed = true;
                                    $process_result['entry_id'] = $record_insert_id;
                                    $_SESSION['mf_form_completed'][$form_id] = true;
                                }
                            }
                        }
                    } else {
                        $query = "SELECT `id` from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where session_id=?";
                        $params = array($session_id);
                        $sth = mf_do_query($query, $params, $dbh);
                        $row = mf_do_fetch_result($sth);
                        $record_insert_id = $row['id'];
                        if (empty($record_insert_id)) {
                            $query = "INSERT INTO `" . MF_TABLE_PREFIX . "form_{$form_id}_review` ({$field_list}) VALUES ({$field_values});";
                            mf_do_query($query, $params_table_data, $dbh);
                            $record_insert_id = (int) $dbh->lastInsertId();
                        } else {
                            $update_values = '';
                            $params_update = array();
                            foreach ($table_data as $key => $value) {
                                $update_values .= "`{$key}`=:{$key},";
                                $params_update[':' . $key] = $value;
                            }
                            $params_update[':id'] = $record_insert_id;
                            $update_values = substr($update_values, 0, -1);
                            $query = "UPDATE `" . MF_TABLE_PREFIX . "form_{$form_id}_review` set \r\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t{$update_values}\r\n\t\t\t\t\t\t\t\t\t\t\t\t\t  where \r\n\t\t\t\t\t\t\t\t\t\t\t\t  \t  \t\t`id`=:id;";
                            mf_do_query($query, $params_update, $dbh);
                        }
                    }
                } else {
                    $query = "INSERT INTO `" . MF_TABLE_PREFIX . "form_{$form_id}` ({$field_list}) VALUES ({$field_values});";
                    mf_do_query($query, $params_table_data, $dbh);
                    $record_insert_id = (int) $dbh->lastInsertId();
                }
            }
            //end insert query ------------------------------------------
            $is_inserted = true;
        }
    }
    //end insert data into table -------------------------
    //upload the files
    $write_to_permanent_file = false;
    $write_to_temporary_file = false;
    if ($is_inserted) {
        if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) {
            //if this ie edit_entry page, always write to permanent file
            $write_to_permanent_file = true;
        } else {
            if ($form_page_total <= 1) {
                //if this is single page form
                if (empty($form_review)) {
                    //if review disabled, upload the files into permanent filename
                    $write_to_permanent_file = true;
                } else {
                    //if this single form has review enabled
                    $write_to_temporary_file = true;
                }
            } else {
                //if this is multipage form
                if ($input['page_number'] == $form_page_total && (!empty($input['submit_primary']) || !empty($input['submit_primary_x'])) && $is_committed) {
                    $write_to_permanent_file = true;
                } else {
                    $write_to_temporary_file = true;
                }
            }
        }
    }
    if ($write_to_permanent_file === true) {
        //START writing into permanent file ------------------------
        //within one form, it is possible to use a mix of standard file upload field and the advanced/ajax uploader
        //we need to be able processing both at the same time
        //if files were uploaded using standard file upload fields
        if (!empty($uploaded_files)) {
            foreach ($uploaded_files as $element_name) {
                $file_token = md5(uniqid(rand(), true));
                //add random token to uploaded filename, to increase security
                //move file and check for invalid file
                $destination_file = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/{$element_name}_{$file_token}-{$record_insert_id}-{$_FILES[$element_name]['name']}";
                $destination_file = mf_sanitize($destination_file);
                if (move_uploaded_file($_FILES[$element_name]['tmp_name'], $destination_file)) {
                    $query = "update " . MF_TABLE_PREFIX . "form_{$form_id} set {$element_name}=? where id=?";
                    $file_element = "{$element_name}_{$file_token}-{$record_insert_id}-{$_FILES[$element_name]['name']}";
                    $file_element = mf_sanitize($file_element);
                    $params = array($file_element, $record_insert_id);
                    mf_do_query($query, $params, $dbh);
                }
            }
        }
        //if files were uploaded using advance uploader
        if (!empty($uploaded_files_advance)) {
            if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) {
                //if this is edit_entry, we need to get existing file records and merge the data with the new uploaded files
                $uploaded_element_names = array();
                $uploaded_element_ids = array_keys($uploaded_files_advance);
                foreach ($uploaded_element_ids as $element_id) {
                    $uploaded_element_names[] = 'element_' . $element_id;
                }
                $uploaded_element_names_joined = implode(',', $uploaded_element_names);
                $query = "SELECT {$uploaded_element_names_joined} from `" . MF_TABLE_PREFIX . "form_{$form_id}` where `id`=?";
                $params = array($edit_id);
                $sth = mf_do_query($query, $params, $dbh);
                $row = mf_do_fetch_result($sth);
                $existing_files_data = array();
                $multi_upload_info = array();
                foreach ($uploaded_element_names as $element_name) {
                    $existing_files_data[$element_name] = trim($row[$element_name]);
                    $element_name_exploded = explode('_', $element_name);
                    $multi_upload_info[$element_name] = $element_info[$element_name_exploded[1]]['file_enable_multi_upload'];
                }
            }
            //loop through each list
            foreach ($uploaded_files_advance as $element_id => $values) {
                $current_listfile_name = $values['listfile_name'];
                $current_listfile_content = $values['listfile_content'];
                $file_list_array = array();
                foreach ($current_listfile_content as $tmp_filename_path) {
                    $tmp_filename_only = basename($tmp_filename_path);
                    $filename_value = substr($tmp_filename_only, strpos($tmp_filename_only, '-') + 1);
                    $filename_value = str_replace('|', '', str_replace('.tmp', '', $filename_value));
                    $new_file_token = md5(uniqid(rand(), true));
                    //add random token to uploaded filename, to increase security
                    $new_filename = "element_{$element_id}_{$new_file_token}-{$record_insert_id}-{$filename_value}";
                    $destination_filename = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/" . $new_filename;
                    //remove tmp name and change it into permanent name
                    //store all the permanent name into a variable
                    if (file_exists($tmp_filename_path)) {
                        rename($tmp_filename_path, $destination_filename);
                    }
                    $file_list_array[] = $new_filename;
                }
                //delete the listfile for the current element_id
                unlink($current_listfile_name);
                //update the table with the file name list
                if (!empty($edit_id) && $_SESSION['mf_logged_in'] === true) {
                    //if this is edit_entry, we need to get existing file records and merge the data with the new uploaded files
                    //which depends on the multi upload setting for each file upload field
                    //if multi upload enabled, we need to merge the data. otherwise, replace the old data
                    if (!empty($multi_upload_info['element_' . $element_id])) {
                        //if multi upload enabled, merge the data
                        $new_files_array = $file_list_array;
                        if (!empty($existing_files_data['element_' . $element_id])) {
                            $old_files_array = explode('|', $existing_files_data['element_' . $element_id]);
                            $merged_files_array = array_merge($new_files_array, $old_files_array);
                            $merged_files_array = array_unique($merged_files_array);
                        } else {
                            $merged_files_array = $new_files_array;
                        }
                        $file_list_joined[$element_id] = implode('|', $merged_files_array);
                    } else {
                        //replace the old data with the new file
                        $file_list_joined[$element_id] = implode('|', $file_list_array);
                    }
                } else {
                    $file_list_joined[$element_id] = implode('|', $file_list_array);
                }
            }
            //update the table with the file name list
            $update_values = '';
            $params_update = array();
            foreach ($file_list_joined as $element_id => $file_joined) {
                $file_joined = mf_sanitize($file_joined);
                $update_values .= "element_{$element_id}=:element_{$element_id},";
                $params_update[':element_' . $element_id] = $file_joined;
            }
            $update_values = rtrim($update_values, ',');
            $params_update[':id'] = $record_insert_id;
            $query = "update " . MF_TABLE_PREFIX . "form_{$form_id} set {$update_values} where id=:id";
            mf_do_query($query, $params_update, $dbh);
        }
        //END writing into permanent file ------------------------
    } else {
        if ($write_to_temporary_file === true) {
            //START writing into temporary file ------------------------
            //if files were uploaded using standard file upload fields
            if (!empty($uploaded_files)) {
                $record_review_id = session_id();
                foreach ($uploaded_files as $element_name) {
                    $file_token = md5(uniqid(rand(), true));
                    //add random token to uploaded filename, to increase security
                    //move file and check for invalid file
                    $destination_file = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/{$element_name}_{$file_token}-{$record_insert_id}-{$_FILES[$element_name]['name']}.tmp";
                    $destination_file = mf_sanitize($destination_file);
                    if (move_uploaded_file($_FILES[$element_name]['tmp_name'], $destination_file)) {
                        $query = "update " . MF_TABLE_PREFIX . "form_{$form_id}_review set {$element_name}=? where session_id=?";
                        $file_element = "{$element_name}_{$file_token}-{$record_insert_id}-{$_FILES[$element_name]['name']}";
                        $file_element = mf_sanitize($file_element);
                        $params = array($file_element, $record_review_id);
                        mf_do_query($query, $params, $dbh);
                    }
                    if (!empty($uploaded_file_lookup[$element_name])) {
                        unset($uploaded_file_lookup[$element_name]);
                    }
                }
            }
            //if files were uploaded using advance uploader
            if (!empty($uploaded_files_advance)) {
                //loop through each list
                foreach ($uploaded_files_advance as $element_id => $values) {
                    $current_listfile_name = $values['listfile_name'];
                    $current_listfile_content = $values['listfile_content'];
                    $file_list_array = array();
                    foreach ($current_listfile_content as $tmp_filename_path) {
                        $tmp_filename_only = basename($tmp_filename_path);
                        $filename_value = substr($tmp_filename_only, strpos($tmp_filename_only, '-') + 1);
                        $filename_value = str_replace('|', '', str_replace('.tmp', '', $filename_value));
                        $new_file_token = md5(uniqid(rand(), true));
                        //add random token to uploaded filename, to increase security
                        $new_filename = "element_{$element_id}_{$new_file_token}-{$record_insert_id}-{$filename_value}";
                        $destination_filename = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/" . $new_filename . ".tmp";
                        //assign new temporary name, using new token and record id
                        //store all the temporary name into a variable
                        if (file_exists($tmp_filename_path)) {
                            rename($tmp_filename_path, $destination_filename);
                        }
                        $file_list_array[] = $new_filename;
                    }
                    //delete the listfile for the current element_id
                    unlink($current_listfile_name);
                    //update the table with the file name list
                    $file_list_joined[$element_id] = implode('|', $file_list_array);
                }
                //update the table with the file name list
                $update_values = '';
                $params_update = array();
                foreach ($file_list_joined as $element_id => $file_joined) {
                    $file_joined = mf_sanitize($file_joined);
                    $update_values .= "element_{$element_id}=:element_{$element_id},";
                    $params_update[':element_' . $element_id] = $file_joined;
                }
                $update_values = rtrim($update_values, ',');
                $params_update[':id'] = $record_insert_id;
                $query = "update " . MF_TABLE_PREFIX . "form_{$form_id}_review set {$update_values} where id=:id";
                mf_do_query($query, $params_update, $dbh);
            }
            //if the user goes to review page and then go back to the form page or navigate within multipage form, $uploaded_file_lookup will contain the list of the previously submitted files
            //if the multi upload option enabled, make sure to update the previouly uploaded file to the current record during form submit
            //when updating the table, make sure to MERGE existing data within the table and the new one
            //otherwise, if the multi upload is not enabled, we need to delete previous files and don't update the table with the old files data
            if (!empty($uploaded_file_lookup)) {
                //get the existing data within the table
                $uploaded_element_names = array_keys($uploaded_file_lookup);
                $uploaded_element_names_joined = implode(',', $uploaded_element_names);
                $query = "SELECT {$uploaded_element_names_joined} from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where `id`=?";
                $params = array($record_insert_id);
                $sth = mf_do_query($query, $params, $dbh);
                $row = mf_do_fetch_result($sth);
                $existing_files_data = array();
                $multi_upload_info = array();
                foreach ($uploaded_element_names as $element_name) {
                    $existing_files_data[$element_name] = $row[$element_name];
                    $element_name_exploded = explode('_', $element_name);
                    $multi_upload_info[$element_name] = $element_info[$element_name_exploded[1]]['file_enable_multi_upload'];
                }
                //merge the data
                foreach ($uploaded_file_lookup as $element_name => $filename) {
                    $new_files_array = array();
                    $old_files_array = array();
                    $new_files_array = explode('|', $filename);
                    $old_files_array = explode('|', $existing_files_data[$element_name]);
                    if (!empty($multi_upload_info[$element_name])) {
                        //if multi upload enabled, merge the data
                        $merged_files_array = array_merge($new_files_array, $old_files_array);
                        $merged_files_array = array_unique($merged_files_array);
                    } else {
                        //otherwise, just use the new one
                        $merged_files_array = $old_files_array;
                        //delete the old files as well, if the files aren't the same with the new one
                        if ($filename != $existing_files_data[$element_name]) {
                            foreach ($new_files_array as $filename) {
                                $filename = $input['machform_data_path'] . $mf_settings['upload_dir'] . "/form_{$form_id}/files/{$filename}.tmp";
                                if (file_exists($filename)) {
                                    unlink($filename);
                                }
                            }
                        }
                    }
                    $merged_files_joined = implode('|', $merged_files_array);
                    $merged_files_data[$element_name] = $merged_files_joined;
                }
                $update_clause = '';
                foreach ($merged_files_data as $element_name => $filename) {
                    $filename = addslashes(mf_sanitize($filename));
                    $update_clause .= "`{$element_name}`='{$filename}',";
                }
                $update_clause = rtrim($update_clause, ",");
                $query = "UPDATE `" . MF_TABLE_PREFIX . "form_{$form_id}_review` SET {$update_clause} WHERE id=?";
                $params = array($record_insert_id);
                mf_do_query($query, $params, $dbh);
            }
            //END writing into temporary file ------------------------
        }
    }
    //process any rules to skip pages, if this functionality is being enabled
    $process_result['logic_page_enable'] = false;
    if ($is_inserted === true && $is_edit_page === false && $is_saving_form_resume === false && !empty($logic_page_enable)) {
        //if the back button being clicked, don't evaluate the logic conditions
        //simply get the previous page from the array
        if (!empty($input['submit_secondary']) || !empty($input['submit_secondary_x'])) {
            $pages_history = array();
            $pages_history = $_SESSION['mf_pages_history'][$form_id];
            $page_number_array_index = array_search($page_number, $pages_history);
            $previous_page_number = $pages_history[$page_number_array_index - 1];
            $process_result['logic_page_enable'] = true;
            $process_result['target_page_id'] = $previous_page_number;
        } else {
            //submit/continue button being clicked
            //get all the destination pages from ap_page_logic
            //only get pages with larger page number. the skip page logic can't move backward
            $query = "SELECT \r\n\t\t\t\t\t\t\t\tpage_id,\r\n\t\t\t\t\t\t\t\trule_all_any \r\n\t\t\t\t\t\t\tFROM \r\n\t\t\t\t\t\t\t\t" . MF_TABLE_PREFIX . "page_logic \r\n\t\t\t\t\t\t   WHERE \r\n\t\t\t\t\t\t\t\tform_id = ? and (page_id > ? or page_id in('payment','review','success'))  \r\n\t\t\t\t\t\tORDER BY \r\n\t\t\t\t\t\t\t\tpage_id asc";
            $params = array($form_id, $page_number);
            $sth = mf_do_query($query, $params, $dbh);
            $page_logic_array = array();
            $i = 0;
            while ($row = mf_do_fetch_result($sth)) {
                $page_logic_array[$i]['page_id'] = $row['page_id'];
                $page_logic_array[$i]['rule_all_any'] = $row['rule_all_any'];
                $i++;
            }
            //evaluate the condition for each destination page
            //once a condition results true, break the loop and send the result
            if (!empty($page_logic_array)) {
                foreach ($page_logic_array as $value) {
                    $target_page_id = $value['page_id'];
                    $rule_all_any = $value['rule_all_any'];
                    $current_page_conditions_status = array();
                    $query = "SELECT \r\n\t\t\t\t\t\t\t\t\t\telement_name,\r\n\t\t\t\t\t\t\t\t\t\trule_condition,\r\n\t\t\t\t\t\t\t\t\t\trule_keyword \r\n\t\t\t\t\t\t\t\t\tFROM \r\n\t\t\t\t\t\t\t\t\t\t" . MF_TABLE_PREFIX . "page_logic_conditions \r\n\t\t\t\t\t\t\t\t   WHERE \r\n\t\t\t\t\t\t\t\t   \t\tform_id = ? AND target_page_id = ?";
                    $params = array($form_id, $target_page_id);
                    $sth = mf_do_query($query, $params, $dbh);
                    while ($row = mf_do_fetch_result($sth)) {
                        $condition_params = array();
                        $condition_params['form_id'] = $form_id;
                        $condition_params['element_name'] = $row['element_name'];
                        $condition_params['rule_condition'] = $row['rule_condition'];
                        $condition_params['rule_keyword'] = $row['rule_keyword'];
                        $current_page_conditions_status[] = mf_get_condition_status_from_table($dbh, $condition_params);
                    }
                    if ($rule_all_any == 'all') {
                        if (in_array(false, $current_page_conditions_status)) {
                            $all_conditions_status = false;
                        } else {
                            $all_conditions_status = true;
                        }
                    } else {
                        if ($rule_all_any == 'any') {
                            if (in_array(true, $current_page_conditions_status)) {
                                $all_conditions_status = true;
                            } else {
                                $all_conditions_status = false;
                            }
                        }
                    }
                    if ($all_conditions_status === true) {
                        //all conditions for this target page has been met, break the loop and send it to $process_result
                        $process_result['logic_page_enable'] = true;
                        $process_result['target_page_id'] = $target_page_id;
                        //allow access to the next destination page
                        if (is_numeric($target_page_id)) {
                            $_SESSION['mf_form_access'][$form_id][$target_page_id] = true;
                        } else {
                            if ($target_page_id == 'review') {
                                $process_result['review_id'] = $record_insert_id;
                                $process_result['origin_page_number'] = $input['page_number'];
                            } else {
                                if ($target_page_id == 'payment' || $target_page_id == 'success') {
                                    //if the destination is payment page or success page, we need to commit the data first
                                    $commit_options = array();
                                    if ($delay_notifications) {
                                        $commit_options['send_notification'] = false;
                                    }
                                    $session_id = session_id();
                                    $query = "SELECT `id` from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` where session_id=?";
                                    $params = array($session_id);
                                    $sth = mf_do_query($query, $params, $dbh);
                                    $row = mf_do_fetch_result($sth);
                                    $commit_result = mf_commit_form_review($dbh, $form_id, $row['id'], $commit_options);
                                    $process_result['entry_id'] = $commit_result['record_insert_id'];
                                    if ($target_page_id == 'success') {
                                        $_SESSION['mf_form_completed'][$form_id] = true;
                                        $bypass_merchant_redirect_url = true;
                                    }
                                }
                            }
                        }
                        break;
                    }
                }
                //end foreach page_logic_array
            }
        }
    }
    //start sending notification email to admin ------------------------------------------
    if ($is_inserted && !empty($esl_enable) && !empty($form_email) && empty($form_review) && $form_page_total == 1 && empty($edit_id) && $delay_notifications === false || $is_inserted && !empty($esl_enable) && !empty($form_email) && $is_committed && empty($edit_id) && $delay_notifications === false) {
        //get parameters for the email
        //from name
        if (!empty($esl_from_name)) {
            if (is_numeric($esl_from_name)) {
                $admin_email_param['from_name'] = '{element_' . $esl_from_name . '}';
            } else {
                $admin_email_param['from_name'] = $esl_from_name;
            }
        } else {
            $admin_email_param['from_name'] = 'MachForm';
        }
        //from email address
        if (!empty($esl_from_email_address)) {
            if (is_numeric($esl_from_email_address)) {
                $admin_email_param['from_email'] = '{element_' . $esl_from_email_address . '}';
            } else {
                $admin_email_param['from_email'] = $esl_from_email_address;
            }
        } else {
            $domain = str_replace('www.', '', $_SERVER['SERVER_NAME']);
            $admin_email_param['from_email'] = "no-reply@{$domain}";
        }
        //subject
        if (!empty($esl_subject)) {
            $admin_email_param['subject'] = $esl_subject;
        } else {
            $admin_email_param['subject'] = '{form_name} [#{entry_no}]';
        }
        //content
        if (!empty($esl_content)) {
            $admin_email_param['content'] = $esl_content;
        } else {
            $admin_email_param['content'] = '{entry_data}';
        }
        $admin_email_param['as_plain_text'] = $esl_plain_text;
        $admin_email_param['target_is_admin'] = true;
        $admin_email_param['machform_base_path'] = $input['machform_base_path'];
        $admin_email_param['check_hook_file'] = true;
        mf_send_notification($dbh, $form_id, $record_insert_id, $form_email, $admin_email_param);
    }
    //end emailing notifications to admin ----------------------------------------------
    //start sending notification email to user ------------------------------------------
    if ($is_inserted && !empty($esr_enable) && !empty($esr_email_address) && empty($form_review) && $form_page_total == 1 && empty($edit_id) && $delay_notifications === false || $is_inserted && !empty($esr_enable) && !empty($esr_email_address) && $is_committed && empty($edit_id) && $delay_notifications === false) {
        //get parameters for the email
        //to email
        if (is_numeric($esr_email_address)) {
            $esr_email_address = '{element_' . $esr_email_address . '}';
        }
        //from name
        if (!empty($esr_from_name)) {
            if (is_numeric($esr_from_name)) {
                $user_email_param['from_name'] = '{element_' . $esr_from_name . '}';
            } else {
                $user_email_param['from_name'] = $esr_from_name;
            }
        } else {
            $user_email_param['from_name'] = 'MachForm';
        }
        //from email address
        if (!empty($esr_from_email_address)) {
            if (is_numeric($esr_from_email_address)) {
                $user_email_param['from_email'] = '{element_' . $esr_from_email_address . '}';
            } else {
                $user_email_param['from_email'] = $esr_from_email_address;
            }
        } else {
            $domain = str_replace('www.', '', $_SERVER['SERVER_NAME']);
            $user_email_param['from_email'] = "no-reply@{$domain}";
        }
        //subject
        if (!empty($esr_subject)) {
            $user_email_param['subject'] = $esr_subject;
        } else {
            $user_email_param['subject'] = '{form_name} - Receipt';
        }
        //content
        if (!empty($esr_content)) {
            $user_email_param['content'] = $esr_content;
        } else {
            $user_email_param['content'] = '{entry_data}';
        }
        $user_email_param['as_plain_text'] = $esr_plain_text;
        $user_email_param['target_is_admin'] = false;
        $user_email_param['machform_base_path'] = $input['machform_base_path'];
        mf_send_notification($dbh, $form_id, $record_insert_id, $esr_email_address, $user_email_param);
    }
    //end emailing notifications to user ---------------------------------------------
    //if there is no error message or elements, send true as status
    if (empty($error_elements) && empty($process_result['custom_error'])) {
        $process_result['status'] = true;
        if ($form_page_total > 1) {
            //if this is multipage form
            $_SESSION['mf_form_loaded'][$form_id][$page_number] = true;
            if ($is_saving_form_resume) {
                //if the user is saving his progress instead of submitting the form
                //copy the record from review table into main form table and set the status to incomplete (status=2)
                //also generate resume url
                $has_invalid_resume_email = false;
                //validate the email address first, if the user entered invalid email address, display error message
                if (!empty($input['element_resume_email'])) {
                    $regex = '/^[A-z0-9][\\w.-]*@[A-z0-9][\\w\\-\\.]+\\.[A-z0-9]{2,6}$/';
                    $resume_email = trim($input['element_resume_email']);
                    $preg_result = preg_match($regex, $resume_email);
                    if (empty($preg_result)) {
                        $has_invalid_resume_email = true;
                        $error_elements['element_resume_email'] = $mf_lang['val_email'];
                        $process_result['status'] = false;
                        $process_result['error_elements'] = $error_elements;
                        $process_result['old_values']['element_resume_email'] = $input['element_resume_email'];
                    }
                }
                if (!$has_invalid_resume_email) {
                    //get all column name except session_id and id
                    $query = "SELECT * FROM `" . MF_TABLE_PREFIX . "form_{$form_id}_review` WHERE session_id=?";
                    $params = array($session_id);
                    $sth = mf_do_query($query, $params, $dbh);
                    $row = mf_do_fetch_result($sth);
                    $columns = array();
                    foreach ($row as $column_name => $column_data) {
                        if ($column_name != 'id' && $column_name != 'session_id') {
                            $columns[] = $column_name;
                        }
                    }
                    $columns_joined = implode("`,`", $columns);
                    $columns_joined = '`' . $columns_joined . '`';
                    //if there is no resume key, generate new one
                    if (empty($row['resume_key'])) {
                        $form_resume_key = substr(strtolower(md5(uniqid(rand(), true))), 0, 10);
                    } else {
                        $form_resume_key = $row['resume_key'];
                    }
                    //delete previous entry on ap_form_x table
                    $query = "DELETE from `" . MF_TABLE_PREFIX . "form_{$form_id}` WHERE resume_key=? and status=2";
                    $params = array($form_resume_key);
                    mf_do_query($query, $params, $dbh);
                    //copy from ap_form_x_review to ap_form_x
                    $query = "INSERT INTO `" . MF_TABLE_PREFIX . "form_{$form_id}`({$columns_joined}) SELECT {$columns_joined} from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` WHERE session_id=?";
                    $params = array($session_id);
                    mf_do_query($query, $params, $dbh);
                    $new_record_id = (int) $dbh->lastInsertId();
                    $query = "UPDATE `" . MF_TABLE_PREFIX . "form_{$form_id}` set `status`=2,resume_key='{$form_resume_key}' where `id`=?";
                    $params = array($new_record_id);
                    mf_do_query($query, $params, $dbh);
                    //delete from ap_form_x_review table
                    $query = "DELETE from `" . MF_TABLE_PREFIX . "form_{$form_id}_review` WHERE session_id=?";
                    $params = array($session_id);
                    mf_do_query($query, $params, $dbh);
                    //pass form resume key
                    $process_result['form_resume_key'] = $form_resume_key;
                    //pass form resume url
                    $form_resume_url = $mf_settings['base_url'] . "view.php?id={$form_id}&mf_resume={$form_resume_key}";
                    $process_result['form_resume_url'] = $form_resume_url;
                    if (!empty($resume_email)) {
                        //send the resume link to the provided email
                        mf_send_resume_link($dbh, $form_name, $form_resume_url, $resume_email);
                    }
                }
            } else {
                //get the next page number and send it
                //don't send page number if this is already the last page, unless back button being clicked
                if ($input['page_number'] < $form_page_total) {
                    if (!empty($input['submit_primary']) || !empty($input['submit_primary_x'])) {
                        $process_result['next_page_number'] = $page_number + 1;
                    } elseif (!empty($input['submit_secondary']) || !empty($input['submit_secondary_x'])) {
                        $process_result['next_page_number'] = $page_number - 1;
                    } else {
                        $process_result['next_page_number'] = $page_number + 1;
                    }
                } else {
                    //if this is the last page
                    if (!empty($input['submit_primary']) || !empty($input['submit_primary_x'])) {
                        if (!empty($form_review)) {
                            $process_result['review_id'] = $record_insert_id;
                        }
                    } elseif (!empty($input['submit_secondary']) || !empty($input['submit_secondary_x'])) {
                        $process_result['next_page_number'] = $page_number - 1;
                    } else {
                        if (!empty($form_review)) {
                            $process_result['review_id'] = $record_insert_id;
                        }
                    }
                }
            }
        } else {
            //if this is single page form
            //if 'form review' enabled, send review_id
            if (!empty($form_review)) {
                $process_result['review_id'] = $record_insert_id;
            } else {
                //form submitted successfully, set the session to display success page
                $_SESSION['mf_form_completed'][$form_id] = true;
                $process_result['entry_id'] = $record_insert_id;
            }
        }
    } else {
        $process_result['status'] = false;
    }
    //get payment processor URL, if applicable for this form
    if ($process_result['status'] === true) {
        $merchant_redirect_url = mf_get_merchant_redirect_url($dbh, $form_id, $record_insert_id);
        if (!empty($merchant_redirect_url) && $bypass_merchant_redirect_url !== true) {
            $process_result['form_redirect'] = $merchant_redirect_url;
        }
    }
    return $process_result;
}
Esempio n. 23
0
function display_machform($config)
{
    $form_id = $config['form_id'];
    $show_border = $config['show_border'];
    $machform_path = $config['base_path'];
    $machform_data_path = '';
    if ($show_border === true) {
        $integration_method = '';
    } else {
        $integration_method = 'php';
    }
    //start session if there isn't any
    if (session_id() == "") {
        @session_start();
    }
    $dbh = mf_connect_db();
    if (mf_is_form_submitted()) {
        //if form submitted
        $input_array = mf_sanitize($_POST);
        $input_array['machform_data_path'] = $machform_data_path;
        $input_array['machform_base_path'] = $machform_path;
        $submit_result = mf_process_form($dbh, $input_array);
        if (!isset($input_array['password'])) {
            //if normal form submitted
            if ($submit_result['status'] === true) {
                if (!empty($submit_result['form_resume_url'])) {
                    //the user saving a form, display success page with the resume URL
                    $_SESSION['mf_form_resume_url'][$input_array['form_id']] = $submit_result['form_resume_url'];
                    if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                        echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?done=1'</script>";
                    } else {
                        echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&done=1'</script>";
                    }
                    exit;
                } else {
                    if ($submit_result['logic_page_enable'] === true) {
                        //the page has skip logic enable and a custom destination page has been set
                        $target_page_id = $submit_result['target_page_id'];
                        if (is_numeric($target_page_id)) {
                            if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                                echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?mf_page={$target_page_id}'</script>";
                            } else {
                                echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&mf_page={$target_page_id}'</script>";
                            }
                            exit;
                        } else {
                            if ($target_page_id == 'payment') {
                                //allow access to payment page
                                $_SESSION['mf_form_payment_access'][$input_array['form_id']] = true;
                                $_SESSION['mf_payment_record_id'][$input_array['form_id']] = $submit_result['entry_id'];
                                if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                                    echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_payment=1'</script>";
                                } else {
                                    echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_payment=1'</script>";
                                }
                                exit;
                            } else {
                                if ($target_page_id == 'review') {
                                    if (!empty($submit_result['origin_page_number'])) {
                                        $page_num_params = '&mf_page_from=' . $submit_result['origin_page_number'];
                                    }
                                    $_SESSION['review_id'] = $submit_result['review_id'];
                                    if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                                        echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_review=1{$page_num_params}'</script>";
                                    } else {
                                        echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_review=1{$page_num_params}'</script>";
                                    }
                                    exit;
                                } else {
                                    if ($target_page_id == 'success') {
                                        //redirect to success page
                                        if (empty($submit_result['form_redirect'])) {
                                            if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                                                echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?done=1'</script>";
                                            } else {
                                                echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&done=1'</script>";
                                            }
                                            exit;
                                        } else {
                                            echo "<script type=\"text/javascript\">top.location = '{$submit_result['form_redirect']}'</script>";
                                            exit;
                                        }
                                    }
                                }
                            }
                        }
                    } else {
                        if (!empty($submit_result['review_id'])) {
                            //redirect to review page
                            if (!empty($submit_result['origin_page_number'])) {
                                $page_num_params = '&mf_page_from=' . $submit_result['origin_page_number'];
                            }
                            $_SESSION['review_id'] = $submit_result['review_id'];
                            if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                                echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_review=1{$page_num_params}'</script>";
                            } else {
                                echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_review=1{$page_num_params}'</script>";
                            }
                            exit;
                        } else {
                            $ssl_suffix = mf_get_ssl_suffix();
                            if (!empty($submit_result['next_page_number'])) {
                                //redirect to the next page number
                                $_SESSION['mf_form_access'][$input_array['form_id']][$submit_result['next_page_number']] = true;
                                echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$input_array['form_id']}&mf_page={$submit_result['next_page_number']}'</script>";
                                exit;
                            } else {
                                //otherwise display success message or redirect to the custom redirect URL or payment page
                                if (mf_is_payment_has_value($dbh, $input_array['form_id'], $submit_result['entry_id'])) {
                                    //redirect to credit card payment page, if the merchant is being enabled and the amount is not zero
                                    //allow access to payment page
                                    $_SESSION['mf_form_payment_access'][$input_array['form_id']] = true;
                                    $_SESSION['mf_payment_record_id'][$input_array['form_id']] = $submit_result['entry_id'];
                                    if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                                        echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_payment=1'</script>";
                                    } else {
                                        echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_payment=1'</script>";
                                    }
                                    exit;
                                } else {
                                    if (empty($submit_result['form_redirect'])) {
                                        if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                                            echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?done=1'</script>";
                                        } else {
                                            echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&done=1'</script>";
                                        }
                                        exit;
                                    } else {
                                        echo "<script type=\"text/javascript\">top.location = '{$submit_result['form_redirect']}'</script>";
                                        exit;
                                    }
                                }
                            }
                        }
                    }
                }
            } else {
                if ($submit_result['status'] === false) {
                    //there are errors, display the form again with the errors
                    $old_values = $submit_result['old_values'];
                    $custom_error = @$submit_result['custom_error'];
                    $error_elements = $submit_result['error_elements'];
                    $form_params = array();
                    $form_params['page_number'] = $input_array['page_number'];
                    $form_params['populated_values'] = $old_values;
                    $form_params['error_elements'] = $error_elements;
                    $form_params['custom_error'] = $custom_error;
                    $form_params['integration_method'] = $integration_method;
                    $form_params['machform_path'] = $machform_path;
                    $form_params['machform_data_path'] = $machform_data_path;
                    $markup = mf_display_form($dbh, $input_array['form_id'], $form_params);
                }
            }
        } else {
            //if password form submitted
            if ($submit_result['status'] === true) {
                //on success, display the form
                $form_params = array();
                $form_params['integration_method'] = $integration_method;
                $form_params['machform_path'] = $machform_path;
                $form_params['machform_data_path'] = $machform_data_path;
                $markup = mf_display_form($dbh, $input_array['form_id'], $form_params);
            } else {
                $custom_error = $submit_result['custom_error'];
                //error, display the pasword form again
                $form_params = array();
                $form_params['custom_error'] = $custom_error;
                $form_params['integration_method'] = $integration_method;
                $form_params['machform_path'] = $machform_path;
                $form_params['machform_data_path'] = $machform_data_path;
                $markup = mf_display_form($dbh, $input_array['form_id'], $form_params);
            }
        }
    } else {
        if (!empty($_POST['review_submit']) || !empty($_POST['review_submit_x'])) {
            //if form review being submitted
            //commit data from review table to actual table
            //however, we need to check if this form has payment enabled or not
            //if the form doesn't have any payment enabled, continue with commit and redirect to success page
            $form_properties = mf_get_form_properties($dbh, $form_id, array('payment_enable_merchant', 'payment_delay_notifications', 'payment_merchant_type'));
            $ssl_suffix = mf_get_ssl_suffix();
            $record_id = $_SESSION['review_id'];
            if ($form_properties['payment_enable_merchant'] != 1) {
                $commit_options = array();
                $commit_options['machform_path'] = $machform_path;
                $commit_options['machform_data_path'] = $machform_data_path;
                $commit_result = mf_commit_form_review($dbh, $form_id, $record_id, $commit_options);
                unset($_SESSION['review_id']);
                if (empty($commit_result['form_redirect'])) {
                    if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                        echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?done=1'</script>";
                    } else {
                        echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&done=1'</script>";
                    }
                    exit;
                } else {
                    echo "<script type=\"text/javascript\">top.location = '{$commit_result['form_redirect']}'</script>";
                    exit;
                }
            } else {
                //if the form has payment enabled, continue commit and redirect to payment page
                $commit_options = array();
                //delay notifications only available on stripe
                if (!empty($form_properties['payment_delay_notifications']) && $form_properties['payment_merchant_type'] == 'stripe') {
                    $commit_options['send_notification'] = false;
                }
                $commit_result = mf_commit_form_review($dbh, $form_id, $record_id, $commit_options);
                unset($_SESSION['review_id']);
                //allow access to payment page
                $_SESSION['mf_form_payment_access'][$form_id] = true;
                $_SESSION['mf_payment_record_id'][$form_id] = $commit_result['record_insert_id'];
                if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                    echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?show_payment=1'</script>";
                } else {
                    echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&show_payment=1'</script>";
                }
                exit;
            }
        } else {
            if (!empty($_POST['review_back']) || !empty($_POST['review_back_x'])) {
                //go back to form from review page
                $origin_page_num = (int) $_POST['mf_page_from'];
                $ssl_suffix = mf_get_ssl_suffix();
                echo "<script type=\"text/javascript\">top.location = 'http{$ssl_suffix}://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id={$form_id}&mf_page={$origin_page_num}'</script>";
                exit;
            } else {
                if (!empty($_POST['form_id_redirect'])) {
                    //form payment being submitted
                    $paid_form_id = (int) trim($_POST['form_id_redirect']);
                    if ($_SESSION['mf_payment_completed'][$paid_form_id] === true) {
                        //when payment succeeded, $paid_form_id should contain the form id number
                        $form_properties = mf_get_form_properties($dbh, $paid_form_id, array('form_redirect_enable', 'form_redirect', 'form_review', 'form_page_total', 'payment_delay_notifications'));
                        //process any delayed notifications
                        if (!empty($form_properties['payment_delay_notifications'])) {
                            mf_process_delayed_notifications($dbh, $paid_form_id, $_SESSION['mf_payment_record_id'][$paid_form_id]);
                        }
                        //redirect to the default success page or the custom redirect URL being set on form properties
                        if (!empty($form_properties['form_redirect_enable']) && !empty($form_properties['form_redirect'])) {
                            echo "<script type=\"text/javascript\">top.location = '{$form_properties['form_redirect']}'</script>";
                            exit;
                        } else {
                            if (strpos($_SERVER['REQUEST_URI'], '?') === false) {
                                echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}?done=1'</script>";
                            } else {
                                echo "<script type=\"text/javascript\">top.location = '{$_SERVER['REQUEST_URI']}&done=1'</script>";
                            }
                            exit;
                        }
                    } else {
                        $markup = 'You are not authorized to access this page.';
                    }
                } else {
                    if (!empty($_GET['show_review'])) {
                        //show review page
                        if (empty($_SESSION['review_id'])) {
                            die("Your session has been expired. Please start again.");
                        } else {
                            $record_id = $_SESSION['review_id'];
                        }
                        $from_page_num = (int) $_GET['mf_page_from'];
                        if (empty($from_page_num)) {
                            $form_page_num = 1;
                        }
                        $form_params = array();
                        $form_params['integration_method'] = $integration_method;
                        $form_params['machform_path'] = $machform_path;
                        $form_params['machform_data_path'] = $machform_data_path;
                        $markup = mf_display_form_review($dbh, $form_id, $record_id, $from_page_num, $form_params);
                    } else {
                        if (!empty($_GET['show_payment'])) {
                            //show payment page
                            $record_id = $_SESSION['mf_payment_record_id'][$form_id];
                            $form_params = array();
                            $form_params['integration_method'] = $integration_method;
                            $form_params['machform_path'] = $machform_path;
                            $form_params['machform_data_path'] = $machform_data_path;
                            $markup = mf_display_form_payment($dbh, $form_id, $record_id, $form_params);
                        } else {
                            $form_id = $form_id;
                            $page_number = (int) trim($_GET['mf_page']);
                            $page_number = mf_verify_page_access($form_id, $page_number);
                            $resume_key = trim($_GET['mf_resume']);
                            if (!empty($resume_key)) {
                                $_SESSION['mf_form_resume_key'][$form_id] = $resume_key;
                            }
                            if (!empty($_GET['done']) && (!empty($_SESSION['mf_form_completed'][$form_id]) || !empty($_SESSION['mf_form_resume_url'][$form_id]))) {
                                $form_params = array();
                                $form_params['integration_method'] = $integration_method;
                                $form_params['machform_path'] = $machform_path;
                                $markup = mf_display_success($dbh, $form_id, $form_params);
                            } else {
                                $form_params = array();
                                $form_params['page_number'] = $page_number;
                                $form_params['integration_method'] = $integration_method;
                                $form_params['machform_path'] = $machform_path;
                                $form_params['machform_data_path'] = $machform_data_path;
                                $markup = mf_display_form($dbh, $form_id, $form_params);
                            }
                        }
                    }
                }
            }
        }
    }
    echo $markup;
}