/**
* Renders a field.
*
* @param Field $field A field.
*
* @return string (X)HTML
*/
protected function renderField(Field $field)
{
$name = 'advfrm-' . $field->getName();
$o = '<tr><td class="label">' . XH_hsc($field->getLabel()) . '</td><td class="field">';
if (isset($_POST[$name])) {
if (is_array($_POST[$name])) {
foreach ($_POST[$name] as $val) {
$o .= '<div>' . XH_hsc(stsl($val)) . '</div>';
}
} else {
$o .= $this->nl2br(XH_hsc(stsl($_POST[$name])));
}
} elseif (isset($_FILES[$name])) {
$o .= stsl($_FILES[$name]['name']);
}
$o .= '</td></tr>' . PHP_EOL;
return $o;
}
/**
* Sends the mail and returns whether that was successful.
*
* @param string $id A form ID.
* @param bool $confirmation Whether to send the confirmation mail.
*
* @return bool
*
* @global array The paths of system files and folders.
* @global string The current language.
* @global array The configuration of the plugins.
* @global array The localization of the plugins.
* @global string The (X)HTML fragment that contains error messages.
*/
function Advancedform_mail($id, $confirmation)
{
global $pth, $sl, $plugin_cf, $plugin_tx, $e;
include_once $pth['folder']['plugins'] . 'advancedform/phpmailer/class.phpmailer.php';
$pcf = $plugin_cf['advancedform'];
$ptx = $plugin_tx['advancedform'];
$forms = Advancedform_db();
$form = $forms[$id];
$type = strtolower($pcf['mail_type']);
$from = '';
$from_name = '';
foreach ($form['fields'] as $field) {
if ($field['type'] == 'from_name') {
$from_name = stsl($_POST['advfrm-' . $field['field']]);
} elseif ($field['type'] == 'from') {
$from = stsl($_POST['advfrm-' . $field['field']]);
}
}
if ($confirmation && empty($from)) {
$e .= '<li>' . $ptx['error_missing_sender'] . '</li>' . PHP_EOL;
return false;
}
$mail = new PHPMailer();
$mail->LE = $pcf['mail_line_ending_*nix'] ? "\n" : "\r\n";
$mail->set('CharSet', 'UTF-8');
$mail->SetLanguage($sl, $pth['folder']['plugins'] . 'advancedform/phpmailer/language/');
$mail->set('WordWrap', 72);
if ($confirmation) {
$mail->set('From', $form['to']);
$mail->set('FromName', $form['to_name']);
$mail->AddAddress($from, $from_name);
} else {
$mail->set('From', $from);
$mail->set('FromName', $from_name);
$mail->AddAddress($form['to'], $form['to_name']);
foreach (explode(';', $form['cc']) as $cc) {
if (trim($cc) != '') {
$mail->AddCC($cc);
}
}
foreach (explode(';', $form['bcc']) as $bcc) {
if (trim($bcc) != '') {
$mail->AddBCC($bcc);
}
}
}
if ($confirmation) {
$mail->set('Subject', sprintf($ptx['mail_subject_confirmation'], $form['title'], $_SERVER['SERVER_NAME']));
} else {
$mail->set('Subject', sprintf($ptx['mail_subject'], $form['title'], $_SERVER['SERVER_NAME'], $_SERVER['REMOTE_ADDR']));
}
$mail->IsHtml($type != 'text');
if ($type == 'text') {
$mail->set('Body', Advancedform_mailBody($id, !$confirmation, false));
} else {
$body = Advancedform_mailBody($id, !$confirmation, true);
$mail->MsgHTML($body);
$mail->set('AltBody', Advancedform_mailBody($id, !$confirmation, false));
}
if (!$confirmation) {
foreach ($form['fields'] as $field) {
if ($field['type'] == 'file') {
$name = 'advfrm-' . $field['field'];
$mail->AddAttachment($_FILES[$name]['tmp_name'], stsl($_FILES[$name]['name']));
}
}
}
if (function_exists('advfrm_custom_mail')) {
if (advfrm_custom_mail($id, $mail, $confirmation) === false) {
return true;
}
}
$ok = $mail->Send();
if (!$confirmation) {
if (!$ok) {
$message = !empty($mail->ErrorInfo) ? Advancedform_hsc($mail->ErrorInfo) : $ptx['error_mail'];
$e .= '<li>' . $message . '</li>' . PHP_EOL;
}
if (function_exists('XH_logMessage')) {
$type = $ok ? 'info' : 'error';
$message = $ok ? $ptx['log_success'] : $ptx['log_error'];
$message = sprintf($message, $from);
XH_logMessage($type, 'Advancedform', $id, $message);
}
}
return $ok;
}
/**
* Returns the posted fields, as e.g. needed for advfrm_custom_thanks_page().
*
* @return array
*/
public static function fields()
{
$fields = array();
foreach ($_POST as $key => $val) {
if (strpos($key, 'advfrm-') === 0) {
$fields[substr($key, 7)] = is_array($val) ? implode("¦", array_map('stsl', $val)) : stsl($val);
}
}
return $fields;
}
/**
* Determines the addresses of sender and recipients, and returns whether
* that succeeded.
*
* @return bool
*
* @global array The localization of the plugins.
* @global string The (X)HTML fragment with error messages.
*/
protected function determineAddresses()
{
global $plugin_tx, $e;
$from = '';
$from_name = '';
foreach ($this->form->getFields() as $field) {
$field = Field::make($field);
if ($field->getType() == 'from_name') {
$from_name = stsl($_POST['advfrm-' . $field->getName()]);
} elseif ($field->getType() == 'from') {
$from = stsl($_POST['advfrm-' . $field->getName()]);
}
}
if ($this->isConfirmation && empty($from)) {
$e .= '<li>' . $plugin_tx['advancedform']['error_missing_sender'] . '</li>' . PHP_EOL;
return false;
}
if ($this->isConfirmation) {
$this->mail->set('From', $this->form->getReceiver());
$this->mail->set('FromName', $this->form->getReceiverName());
$this->mail->AddAddress($from, $from_name);
} else {
$this->mail->set('From', $from);
$this->mail->set('FromName', $from_name);
$this->mail->AddAddress($this->form->getReceiver(), $this->form->getReceiverName());
foreach (explode(';', $this->form->getCC()) as $cc) {
if (trim($cc) != '') {
$this->mail->AddCC($cc);
}
}
foreach (explode(';', $this->form->getBCC()) as $bcc) {
if (trim($bcc) != '') {
$this->mail->AddBCC($bcc);
}
}
}
return true;
}
/**
* Returns an article created from G/P parameters.
*
* @return Realblog_Article
*
* @global Realblog_Controller The plugin controller.
*/
protected function getArticleFromParameters()
{
global $_Realblog_controller;
$article = new Realblog_Article();
$article->setId($_Realblog_controller->getPgParameter('realblog_id'));
$article->setDate($_Realblog_controller->stringToTime($_Realblog_controller->getPgParameter('realblog_date')));
$article->setTitle(stsl($_Realblog_controller->getPgParameter('realblog_title')));
$article->setTeaser(stsl($_Realblog_controller->getPgParameter('realblog_headline')));
$article->setBody(stsl($_Realblog_controller->getPgParameter('realblog_story')));
$startDate = $_Realblog_controller->getPgParameter('realblog_startdate');
if (isset($startDate)) {
$article->setPublishingDate($_Realblog_controller->stringToTime($startDate));
} else {
$article->setPublishingDate(0);
}
$endDate = $_Realblog_controller->getPgParameter('realblog_enddate');
if (isset($endDate)) {
$article->setArchivingDate($_Realblog_controller->stringToTime($endDate));
} else {
$article->setArchivingDate(2147483647);
}
$article->setStatus($_Realblog_controller->getPgParameter('realblog_status'));
$article->setFeedable($_Realblog_controller->getPgParameter('realblog_rssfeed'));
$article->setCommentable($_Realblog_controller->getPgParameter('realblog_comments'));
return $article;
}
/**
* Validates a filled in field wrt. custom constraints.
*
* @return string (X)HTML.
*/
protected function validateFilledInFieldCustom()
{
$o = '';
if (function_exists('advfrm_custom_valid_field')) {
$value = $this->field->getType() == 'file' ? $_FILES[$this->name] : stsl($_POST[$this->name]);
$valid = advfrm_custom_valid_field($this->formId, $this->field->getName(), $value);
if ($valid !== true) {
$o .= '<li>' . $valid . '</li>' . PHP_EOL;
Controller::focusField($this->formId, $this->name);
}
}
return $o;
}
/**
* Renders a non select field.
*
* @return string (X)HTML.
*/
protected function renderNonSelectField()
{
$o = '';
if (function_exists('advfrm_custom_field_default')) {
$val = advfrm_custom_field_default($this->form, $this->field->getName(), null, isset($_POST['advfrm']));
}
if (!isset($val)) {
$val = isset($_POST[$this->name]) ? stsl($_POST[$this->name]) : $this->field->getDefaultValue();
}
if ($this->field->getType() == 'textarea') {
$cols = $this->field->getColumnCount() ? $this->field->getColumnCount() : 40;
$rows = $this->field->getRowCount() ? $this->field->getRowCount() : 4;
$o .= '<textarea id="' . $this->id . '" name="' . $this->name . '" cols="' . $cols . '" rows="' . $rows . '">' . XH_hsc($val) . '</textarea>';
} elseif ($this->field->getType() == 'output') {
$o .= $val;
} else {
if ($this->field->getType() == 'date') {
$this->initDatePicker();
}
$size = $this->field->getType() == 'hidden' || $this->field->getSize() ? ' size="' . $this->field->getSize() . '"' : '';
$maxlen = in_array($this->field->getType(), array('hidden', 'file')) || !$this->field->getMaxLength() ? '' : ' maxlength="' . $this->field->getMaxLength() . '"';
if ($this->field->getType() == 'file' && $this->field->getMaxLength()) {
$o .= tag('input type="hidden" name="MAX_FILE_SIZE" value="' . $this->field->getMaxLength() . '"');
}
if ($this->field->getType() == 'file') {
$value = '';
$accept = ' accept="' . XH_hsc($this->prefixFileExtensionList($val)) . '"';
} else {
$value = ' value="' . XH_hsc($val) . '"';
$accept = '';
}
$o .= tag('input type="' . $this->getInputElementType() . '" id="' . $this->id . '" name="' . $this->name . '"' . $value . $accept . $size . $maxlen);
}
return $o;
}
/**
* Returns whether the correct captcha code was entered
* after the form containing the captcha was posted.
*
* @return bool
*/
function Advancedform_Captcha_check()
{
$ok = isset($_SESSION['advfrm_captcha'][$_POST['advancedform-captcha_id']]) && stsl($_POST['advancedform-captcha']) == $_SESSION['advfrm_captcha'][$_POST['advancedform-captcha_id']];
unset($_SESSION['advfrm_captcha'][$_POST['advancedform-captcha_id']]);
return $ok;
}
/**
* Saves the modified mail form definition. Returns the the mail form list on
* success, or the mail form editor on failure.
*
* @param string $id A form ID.
*
* @return string (X)HTML.
*
* @global string The (X)HTML fragments containing error messages.
* @global array The localization of the plugins.
* @global object The CSRF protector.
*/
function Advancedform_saveForm($id)
{
global $e, $plugin_tx, $_XH_csrfProtection;
$ptx = $plugin_tx['advancedform'];
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
return Advancedform_formsAdministration();
}
if (isset($_XH_csrfProtection)) {
$_XH_csrfProtection->check();
}
$forms = Advancedform_db();
if (!isset($forms[$id])) {
$e .= '<li><b>' . sprintf($ptx['error_form_missing'], $id) . '</b></li>';
return Advancedform_formsAdministration();
}
unset($forms[$id]);
if (!isset($forms[$_POST['advfrm-name']])) {
$id = $_POST['advfrm-name'];
$ok = true;
} else {
$_POST['advfrm-name'] = $id;
$e .= '<li>' . $ptx['error_form_exists'] . '</li>';
$ok = false;
}
$forms[$id]['captcha'] = false;
$forms[$id]['store'] = false;
foreach ($_POST as $key => $val) {
$keys = explode('-', $key);
if ($keys[0] == 'advfrm') {
if (!is_array($val)) {
if (in_array($keys[1], array('captcha', 'store'))) {
$forms[$id][$keys[1]] = true;
} else {
$forms[$id][$keys[1]] = stsl($val);
}
} else {
foreach ($val as $num => $fieldval) {
$forms[$id]['fields'][$num][$keys[1]] = stsl($fieldval);
}
}
}
}
Advancedform_db($forms);
return $ok ? Advancedform_formsAdministration() : Advancedform_editForm($id);
}
/**
* Returns the comment preview.
*
* @return string (X)HTML.
*
* @global array The paths of system files and folders.
*/
public function commentPreview()
{
global $pth;
$comment = $this->getBbcode()->convert(stsl($_POST['data']));
$templateStylesheet = $pth['file']['stylesheet'];
$forumStylesheet = $pth['folder']['plugins'] . 'forum/css/stylesheet.css';
$bag = compact('comment', 'templateStylesheet', 'forumStylesheet');
return $this->render('preview', $bag);
}
/**
* Renders a field.
*
* @param Field $field A field.
*
* @return string
*/
protected function renderField(Field $field)
{
$name = 'advfrm-' . $field->getName();
$o = $field->getLabel() . PHP_EOL;
if (isset($_POST[$name])) {
if (is_array($_POST[$name])) {
foreach ($_POST[$name] as $val) {
$o .= ' ' . stsl($val) . PHP_EOL;
}
} else {
$o .= ' ' . $this->indent(stsl($_POST[$name])) . PHP_EOL;
}
} elseif (isset($_FILES[$name])) {
$o .= ' ' . stsl($_FILES[$name]['name']) . PHP_EOL;
}
return $o;
}
