}
### assemble text & html email
if ($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_form'] && !$cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_email'] && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next'] == -1 && is_array($_SESSION['cforms'])) {
$track = allTracks($_SESSION['cforms']);
$ongoingSession = '0';
}
### debug
db('$track = ' . print_r($track, 1));
$r = formatEmail($track, $no);
$formdata = $r['text'];
$htmlformdata = $r['html'];
###
### FIRST into the database is required!
###
global $subID;
$subID = $isTAF == '2' && !$send2author ? 'noid' : write_tracking_record($no, $field_email);
###
### allow the user to use form data for other apps
###
$trackf['id'] = $no;
$trackf['data'] = $track;
if (function_exists('my_cforms_action')) {
my_cforms_action($trackf);
}
###
### set reply-to & watch out for T-A-F
###
$replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_email']));
### WP comment form > email to author
if ($isTAF == '2' && $track['send2author'] == '1') {
$to = $wpdb->get_results("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = " . $_POST['comment_post_ID' . $no] . " AND U.ID=P.post_author");
function cforms_submitcomment($content)
{
global $cformsSettings, $wpdb, $subID, $smtpsettings, $track, $trackf, $Ajaxpid, $AjaxURL, $wp_locale, $abspath;
$WPsuccess = false;
### WP Comment flag
$isAjaxWPcomment = strpos($content, '***');
### WP comment feature
$content = explode('***', $content);
$content = $content[0];
$content = explode('+++', $content);
### Added special fields
if (count($content) > 3) {
$commentparent = $content[1];
$Ajaxpid = $content[2];
$AjaxURL = $content[3];
} else {
$Ajaxpid = $content[1];
$AjaxURL = $content[2];
}
$segments = explode('$#$', $content[0]);
$params = array();
$sep = strpos(__FILE__, '/') === false ? '\\' : '/';
$WPpluggable = $abspath . 'wp-includes' . $sep . 'pluggable.php';
if (file_exists($WPpluggable)) {
require_once $WPpluggable;
}
$CFfunctionsC = dirname(dirname(__FILE__)) . $cformsSettings['global']['cforms_IIS'] . 'cforms-custom' . $cformsSettings['global']['cforms_IIS'] . 'my-functions.php';
$CFfunctions = dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . 'my-functions.php';
if (file_exists($CFfunctionsC)) {
include_once $CFfunctionsC;
} else {
if (file_exists($CFfunctions)) {
include_once $CFfunctions;
}
}
if (function_exists('wp_get_current_user')) {
$user = wp_get_current_user();
}
for ($i = 1; $i <= sizeof($segments); $i++) {
$params['field_' . $i] = $segments[$i];
}
### fix reference to first form
if ($segments[0] == '1') {
$params['id'] = $no = '';
} else {
$params['id'] = $no = $segments[0];
}
### TAF flag
$isTAF = substr($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'], 0, 1);
### user filter ?
if (function_exists('my_cforms_ajax_filter')) {
$params = my_cforms_ajax_filter($params);
}
### init variables
$track = array();
$trackinstance = array();
$to_one = -1;
$ccme = false;
$field_email = '';
$off = 0;
$fieldsetnr = 1;
$taf_youremail = false;
$taf_friendsemail = false;
### form limit reached
if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && get_cforms_submission_left($no) == 0 || !cf_check_time($no)) {
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1);
return $pre . preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt'])) . $hide;
}
### for comment luv
get_currentuserinfo();
global $user_level;
### Subscribe-To-Comments
$isSubscribed == '';
if (class_exists('sg_subscribe')) {
global $sg_subscribe;
sg_subscribe_start();
$isSubscribed = $sg_subscribe->current_viewer_subscription_status();
}
$captchaopt = $cformsSettings['global']['cforms_captcha_def'];
for ($i = 1; $i <= sizeof($params) - 2; $i++) {
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
while (in_array($field_stat[1], array('fieldsetstart', 'fieldsetend', 'textonly', 'captcha', 'verification'))) {
if ($field_stat[1] == 'captcha' && !(is_user_logged_in() && !$captchaopt['fo'] == '1')) {
break;
}
if ($field_stat[1] == 'verification' && !(is_user_logged_in() && !$captchaopt['foqa'] == '1')) {
break;
}
if ($field_stat[1] == 'fieldsetstart') {
$track['$$$' . ((int) $i + (int) $off)] = 'Fieldset' . $fieldsetnr;
$track['Fieldset' . $fieldsetnr++] = $field_stat[0];
} elseif ($field_stat[1] == 'fieldsetend') {
$track['FieldsetEnd' . $fieldsetnr++] = '--';
}
### get next in line...
$off++;
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
if ($field_stat[1] == '') {
break 2;
}
### all fields searched, break both while & for
}
### filter all redundant WP comment fields if user is logged in
while (in_array($field_stat[1], array('cauthor', 'email', 'url')) && $user->ID) {
$temp = explode('|', $field_stat[0], 3);
### get field name
$temp = explode('#', $temp[0], 2);
switch ($field_stat[1]) {
case 'cauthor':
$track['cauthor'] = $track[$temp[0]] = $user->display_name;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
case 'email':
$track['email'] = $track[$temp[0]] = $field_email = $user->user_email;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
case 'url':
$track['url'] = $track[$temp[0]] = $user->user_url;
$track['$$$' . ((int) $i + (int) $off)] = $temp[0];
break;
}
$off++;
$field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]);
if ($field_stat[1] == '') {
break 2;
}
### all fields searched, break both while & for
}
$field_name = $field_stat[0];
$field_type = $field_stat[1];
### remove [id: ] first
if (strpos($field_name, '[id:') !== false) {
$idPartA = strpos($field_name, '[id:');
$idPartB = strpos($field_name, ']', $idPartA);
$customTrackingID = substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4);
$field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1);
} else {
$customTrackingID = '';
}
### dissect field
$obj = explode('|', $field_name, 3);
### strip out default value
$field_name = $obj[0];
### special WP comment fields
if (in_array($field_stat[1], array('luv', 'subscribe', 'cauthor', 'email', 'url', 'comment', 'send2author'))) {
$temp = explode('#', $field_name, 2);
if ($temp[0] == '') {
$field_name = $field_stat[1];
} else {
$field_name = $temp[0];
}
### keep copy of values
$track[$field_stat[1]] = stripslashes($params['field_' . $i]);
if ($field_stat[1] == 'email') {
$field_email = $params['field_' . $i];
}
}
### special Tell-A-Friend fields
if ($taf_friendsemail == '' && $field_type == 'friendsemail' && $field_stat[3] == '1') {
$field_email = $taf_friendsemail = $params['field_' . $i];
}
if ($taf_youremail == '' && $field_type == 'youremail' && $field_stat[3] == '1') {
$taf_youremail = $params['field_' . $i];
}
if ($field_type == 'friendsname') {
$taf_friendsname = $params['field_' . $i];
}
if ($field_type == 'yourname') {
$taf_yourname = $params['field_' . $i];
}
### lets find an email field ("Is Email") and that's not empty!
if ($field_email == '' && $field_stat[3] == '1') {
$field_email = $params['field_' . $i];
}
### special case: select & radio
if ($field_type == "multiselectbox" || $field_type == "selectbox" || $field_type == "radiobuttons" || $field_type == "checkboxgroup") {
$field_name = explode('#', $field_name);
$field_name = $field_name[0];
}
### special case: check box
if ($field_type == "checkbox" || $field_type == "ccbox") {
$field_name = explode('#', $field_name);
$field_name = $field_name[1] == '' ? $field_name[0] : $field_name[1];
$field_name = explode('|', $field_name);
$field_name = $field_name[0];
### if ccbox & checked
if ($field_type == "ccbox" && $params['field_' . $i] != "-") {
$ccme = 'field_' . $i;
}
}
if ($field_type == "emailtobox") {
### special case where the value needs to bet get from the DB!
$to_one = $params['field_' . $i];
$field_name = explode('#', $field_stat[0]);
### can't use field_name, since '|' check earlier
$tmp = explode('|', $field_name[$to_one + 1]);
### remove possible |set:true
$value = $tmp[0];
### values start from 0 or after!
$to = $replyto = stripslashes($tmp[1]);
$field_name = $field_name[0];
} else {
if (strtoupper(get_option('blog_charset')) != 'UTF-8' && function_exists('mb_convert_encoding')) {
$value = mb_convert_encoding(utf8_decode(stripslashes($params['field_' . $i])), get_option('blog_charset'));
} else {
$value = stripslashes($params['field_' . $i]);
}
}
### only if hidden!
if ($field_type == 'hidden') {
$value = rawurldecode($value);
}
### Q&A verification
if ($field_type == "verification") {
$field_name = __('Q&A', 'cforms');
}
### determine tracked field name
$inc = '';
$trackname = trim($field_name);
if (array_key_exists($trackname, $track)) {
if ($trackinstance[$trackname] == '') {
$trackinstance[$trackname] = 2;
}
$inc = '___' . $trackinstance[$trackname]++;
}
$track['$$$' . (int) ($i + $off)] = $trackname . $inc;
$track[$trackname . $inc] = $value;
if ($customTrackingID != '') {
$track['$$$' . $customTrackingID] = $trackname . $inc;
}
}
### for
### assemble text & html email
$r = formatEmail($track, $no);
$formdata = $r['text'];
$htmlformdata = $r['html'];
###
### record:
###
$subID = $isTAF == '2' && $track['send2author'] != '1' ? 'noid' : write_tracking_record($no, $field_email);
###
### allow the user to use form data for other apps
###
$trackf['id'] = $no;
$trackf['data'] = $track;
if (function_exists('my_cforms_action')) {
my_cforms_action($trackf);
}
### Catch WP-Comment function | if send2author just continue
if ($isAjaxWPcomment !== false && $track['send2author'] == '0') {
require_once dirname(__FILE__) . '/lib_WPcomment.php';
### Catch WP-Comment function: error
if (!$WPsuccess) {
return $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1) . $WPresp . '|---';
}
}
### Catch WP-Comment function
### multiple recipients? and to whom is the email sent? to_one = picked recip.
if ($isAjaxWPcomment !== false && $track['send2author'] == '1') {
$to = $wpdb->get_results("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = {$Ajaxpid} AND U.ID=P.post_author");
$to = $replyto = $to[0]->user_email != '' ? $to[0]->user_email : $replyto;
} else {
if (!($to_one != -1 && $to != '')) {
$to = $replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_email']));
}
}
### from
$frommail = check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track, $no);
### T-A-F override?
if ($isTAF == '1' && $taf_youremail && $taf_friendsemail) {
$replyto = "\"{$taf_yourname}\" <{$taf_youremail}>";
}
### logic: dynamic admin email address
if (function_exists('my_cforms_logic')) {
$to = my_cforms_logic($trackf, $to, 'adminTO');
}
### use trackf!
### either use configured subject or user determined
$vsubject = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_subject']);
$vsubject = check_default_vars($vsubject, $no);
$vsubject = check_cust_vars($vsubject, $track, $no);
### prep message text, replace variables
$message = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header']);
if (function_exists('my_cforms_logic')) {
$message = my_cforms_logic($trackf, $message, 'adminEmailTXT');
}
$message = check_default_vars($message, $no);
$message = check_cust_vars($message, $track, $no);
### actual user message
$htmlmessage = '';
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 2, 1) == '1') {
$htmlmessage = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header_html']);
if (function_exists('my_cforms_logic')) {
$htmlmessage = my_cforms_logic($trackf, $htmlmessage, 'adminEmailHTML');
}
$htmlmessage = check_default_vars($htmlmessage, $no);
$htmlmessage = check_cust_vars($htmlmessage, $track, $no);
}
$mail = new cf_mail($no, $frommail, $to, $field_email, true);
$mail->subj = $vsubject;
$mail->char_set = 'utf-8';
### HTML email
if ($mail->html_show) {
$mail->is_html(true);
$mail->body = "<html>" . $mail->eol . "<body>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol;
$mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
} else {
$mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
}
### SMTP server or native PHP mail() ?
if ($cformsSettings['form' . $no]['cforms' . $no . '_emailoff'] == '1' || $WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] != '21') {
$sentadmin = 1;
} else {
if ($smtpsettings[0] == '1') {
$sentadmin = cforms_phpmailer($no, $frommail, $field_email, $to, $vsubject, $message, $formdata, $htmlmessage, $htmlformdata);
} else {
$sentadmin = $mail->send();
}
}
if ($sentadmin == 1) {
### send copy or notification?
if ($cformsSettings['form' . $no]['cforms' . $no . '_confirm'] == '1' && $field_email != '' || $ccme && $trackf[$ccme] != '-') {
$frommail = check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track, $no);
### actual user message
$cmsg = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg']);
if (function_exists('my_cforms_logic')) {
$cmsg = my_cforms_logic($trackf, $cmsg, 'autoConfTXT');
}
$cmsg = check_default_vars($cmsg, $no);
$cmsg = check_cust_vars($cmsg, $track, $no);
### HTML text
$cmsghtml = '';
if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 3, 1) == '1') {
$cmsghtml = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg_html']);
if (function_exists('my_cforms_logic')) {
$cmsghtml = my_cforms_logic($trackf, $cmsghtml, 'autoConfHTML');
}
$cmsghtml = check_default_vars($cmsghtml, $no);
$cmsghtml = check_cust_vars($cmsghtml, $track, $no);
}
### subject
$subject2 = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_csubject']);
$subject2 = check_default_vars($subject2, $no);
$subject2 = check_cust_vars($subject2, $track, $no);
### different cc & ac subjects?
$s = explode('$#$', $subject2);
$s[1] = $s[1] != '' ? $s[1] : $s[0];
### email tracking via 3rd party?
### if in Tell-A-Friend Mode, then overwrite header stuff...
if ($taf_youremail && $taf_friendsemail && $isTAF == '1') {
$field_email = "\"{$taf_friendsname}\" <{$taf_friendsemail}>";
} else {
$field_email = $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] != '' ? $field_email . $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] : $field_email;
}
$mail = new cf_mail($no, $frommail, $field_email, $replyto);
### auto conf attachment?
$a = $cformsSettings['form' . $no]['cforms' . $no . '_cattachment'][0];
$a = substr($a, 0, 1) == '/' ? $a : dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . $a;
if ($a != '' && file_exists($a)) {
$n = substr($a, strrpos($a, $cformsSettings['global']['cforms_IIS']) + 1, strlen($a));
$m = getMIME(strtolower(substr($n, strrpos($n, '.') + 1, strlen($n))));
$mail->add_file($a, $n, 'base64', $m);
### optional name
}
$mail->char_set = 'utf-8';
### CC or auto conf?
if ($ccme && $trackf[$ccme] != '-') {
if ($smtpsettings[0] == '1') {
$sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[1], $message, $formdata, $htmlmessage, $htmlformdata, 'ac');
} else {
$mail->subj = $s[1];
if ($mail->html_show_ac) {
$mail->is_html(true);
$mail->body = "<html>" . $mail->eol . "<body>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol;
$mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
} else {
$mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : '');
}
$sent = $mail->send();
}
} else {
if ($smtpsettings[0] == '1') {
$sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[0], $cmsg, '', $cmsghtml, '', 'ac');
} else {
$mail->subj = $s[0];
if ($mail->html_show_ac) {
$mail->is_html(true);
$mail->body = "<html>" . $mail->eol . "<body>" . $cmsghtml . "</body></html>" . $mail->eol;
$mail->body_alt = $cmsg;
} else {
$mail->body = $cmsg;
}
$sent = $mail->send();
}
}
if ($sent != '1') {
$err = __('Error occurred while sending the auto confirmation message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sent : $mail->ErrorInfo;
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1);
return $pre . $err . '|!!!';
}
}
### cc
### return success msg
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1);
$successMsg = check_default_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success']), $no);
$successMsg = check_cust_vars($successMsg, $track, $no);
$successMsg = str_replace($mail->eol, '<br />', $successMsg);
### logic: possibly change usermessage
if (function_exists('my_cforms_logic')) {
$successMsg = my_cforms_logic($trackf, $successMsg, 'successMessage');
}
### WP-Comment: override
if ($WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] == '21') {
$successMsg = $WPresp;
}
$opt = '';
### hide?
if ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] || get_cforms_submission_left($no) == 0) {
$opt .= '|~~~';
}
### redirect to a different page on suceess?
if ($cformsSettings['form' . $no]['cforms' . $no . '_redirect']) {
if (function_exists('my_cforms_logic')) {
$red = my_cforms_logic($trackf, $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'], 'redirection');
if ($red != '') {
$opt .= '|>>>' . $red;
}
### use trackf!
} else {
$opt .= '|>>>' . $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'];
}
}
return $pre . $successMsg . $opt;
} else {
### no admin mail sent!
### return error msg
$err = __('Error occurred while sending the message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sentadmin : $mail->ErrorInfo;
$pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1);
return $pre . $err . '|!!!';
}
}
function cforms_submitcomment($content)
{
global $wpdb, $subID, $styles, $smtpsettings, $track, $Ajaxpid, $AjaxURL, $wp_locale;
$isAjaxWPcomment = strpos($content, '***');
// WP comment feature
$content = explode('***', $content);
$content = $content[0];
$content = explode('+++', $content);
// Added special fields
$Ajaxpid = $content[1];
$AjaxURL = $content[2];
$segments = explode('$#$', $content[0]);
$params = array();
$sep = strpos(__FILE__, '/') === false ? '\\' : '/';
$WPpluggable = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), 'wp-content')) . 'wp-includes' . $sep . 'pluggable.php';
if (file_exists($WPpluggable)) {
require_once $WPpluggable;
}
$CFfunctions = dirname(__FILE__) . $sep . 'my-functions.php';
if (file_exists($CFfunctions)) {
include_once $CFfunctions;
}
if (function_exists('wp_get_current_user')) {
$user = wp_get_current_user();
}
for ($i = 1; $i <= sizeof($segments); $i++) {
$params['field_' . $i] = $segments[$i];
}
// fix reference to first form
if ($segments[0] == '1') {
$params['id'] = $no = '';
} else {
$params['id'] = $no = $segments[0];
}
// user filter ?
if (function_exists('my_cforms_ajax_filter')) {
$params = my_cforms_ajax_filter($params);
}
// init variables
$formdata = '';
$htmlformdata = '';
$track = array();
$trackinstance = array();
$to_one = "-1";
$ccme = false;
$field_email = '';
$off = 0;
$fieldsetnr = 1;
$taf_youremail = false;
$taf_friendsemail = false;
// form limit reached
if (get_option('cforms' . $no . '_maxentries') != '' && get_cforms_submission_left($no) == 0) {
$pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 0, 1);
return $pre . preg_replace('|\\r\\n|', '<br />', stripslashes(get_option('cforms' . $no . '_limittxt'))) . $hide;
}
//space for pre formatted text layout
$customspace = (int) (get_option('cforms' . $no . '_space') > 0) ? get_option('cforms' . $no . '_space') : 30;
for ($i = 1; $i <= sizeof($params) - 2; $i++) {
$field_stat = explode('$#$', get_option('cforms' . $no . '_count_field_' . ((int) $i + (int) $off)));
// filter non input fields
while (in_array($field_stat[1], array('fieldsetstart', 'fieldsetend', 'textonly'))) {
if ($field_stat[1] != 'textonly') {
// include and make only fieldsets pretty!
//just for email looks
$space = '-';
$n = ($customspace * 2 + 2 - strlen($field_stat[0])) / 2;
$n = $n < 0 ? 0 : $n;
if (strlen($field_stat[0]) < $customspace * 2 - 2) {
$space = str_repeat("-", $n);
}
$formdata .= substr("\n{$space}" . stripslashes($field_stat[0]) . "{$space}", 0, $customspace * 2) . "\n\n";
$htmlformdata .= '<tr><td class=3D"fs-td" colspan=3D"2">' . $field_stat[0] . '</td></tr>';
if ($field_stat[1] == 'fieldsetstart') {
$track['$$$' . ((int) $i + (int) $off)] = 'Fieldset' . $fieldsetnr;
$track['Fieldset' . $fieldsetnr++] = $field_stat[0];
}
}
//get next in line...
$off++;
$field_stat = explode('$#$', get_option('cforms' . $no . '_count_field_' . ((int) $i + (int) $off)));
if ($field_stat[1] == '') {
break 2;
}
// all fields searched, break both while & for
}
// filter all redundant WP comment fields if user is logged in
while (in_array($field_stat[1], array('cauthor', 'email', 'url')) && $user->ID) {
switch ($field_stat[1]) {
case 'cauthor':
$track['cauthor'] = $user->display_name;
$track['$$$' . ((int) $i + (int) $off)] = 'cauthor';
break;
case 'email':
$track['email'] = $field_email = $user->user_email;
$track['$$$' . ((int) $i + (int) $off)] = 'email';
break;
case 'url':
$track['url'] = $user->user_url;
$track['$$$' . ((int) $i + (int) $off)] = 'url';
break;
}
$formdata .= stripslashes($field_stat[1]) . ': ' . $space . $track[$field_stat[1]] . "\n";
$htmlformdata .= '<tr><td class=3D"data-td">' . $field_stat[1] . '</td><td>' . $track[$field_stat[1]] . '</td></tr>';
$off++;
$field_stat = explode('$#$', get_option('cforms' . $no . '_count_field_' . ((int) $i + (int) $off)));
if ($field_stat[1] == '') {
break 2;
}
// all fields searched, break both while & for
}
$field_name = $field_stat[0];
$field_type = $field_stat[1];
### remove [id: ] first
if (strpos($field_name, '[id:') !== false) {
$idPartA = strpos($field_name, '[id:');
$idPartB = strpos($field_name, ']', $idPartA);
$customTrackingID = substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4);
$field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1);
} else {
$customTrackingID = '';
}
// check if fields needs to be cleared
$obj = explode('|', $field_name, 3);
$defaultval = stripslashes($obj[1]);
if ($params['field_' . $i] == $defaultval && $field_stat[4] == '1') {
$params['field_' . $i] = '';
}
// strip out default value
$field_name = $obj[0];
// special WP comment fields
if (in_array($field_stat[1], array('cauthor', 'email', 'url', 'comment', 'send2author'))) {
$field_name = $field_stat[1];
if ($field_stat[1] == 'email') {
$field_email = $params['field_' . $i];
}
}
// special Tell-A-Friend fields
if ($taf_friendsemail == '' && $field_type == 'friendsemail' && $field_stat[3] == '1') {
$field_email = $taf_friendsemail = $params['field_' . $i];
}
if ($taf_youremail == '' && $field_type == 'youremail' && $field_stat[3] == '1') {
$taf_youremail = $params['field_' . $i];
}
if ($field_type == 'friendsname') {
$taf_friendsname = $params['field_' . $i];
}
if ($field_type == 'yourname') {
$taf_yourname = $params['field_' . $i];
}
// lets find an email field ("Is Email") and that's not empty!
if ($field_email == '' && $field_stat[3] == '1') {
$field_email = $params['field_' . $i];
}
// special case: select & radio
if ($field_type == "multiselectbox" || $field_type == "selectbox" || $field_type == "radiobuttons" || $field_type == "checkboxgroup") {
$field_name = explode('#', $field_name);
$field_name = $field_name[0];
}
// special case: check box
if ($field_type == "checkbox" || $field_type == "ccbox") {
$field_name = explode('#', $field_name);
$field_name = $field_name[1] == '' ? $field_name[0] : $field_name[1];
$field_name = explode('|', $field_name);
$field_name = $field_name[0];
// if ccbox & checked
if ($field_type == "ccbox" && $params['field_' . $i] != "-") {
$ccme = true;
}
}
if ($field_type == "emailtobox") {
//special case where the value needs to bet get from the DB!
$field_name = explode('#', $field_stat[0]);
//can't use field_name, since '|' check earlier
$to_one = $params['field_' . $i];
$offset = strpos($field_name[1], '|') === false ? 1 : 2;
// names come usually right after the label
$value = $field_name[(int) $to_one + $offset];
// values start from 0 or after!
$field_name = $field_name[0];
} else {
if (strtoupper(get_option('blog_charset')) != 'UTF-8' && function_exists('mb_convert_encoding')) {
$value = mb_convert_encoding(utf8_decode(stripslashes($params['field_' . $i])), get_option('blog_charset'));
} else {
$value = stripslashes($params['field_' . $i]);
}
}
//only if hidden!
if ($field_type == 'hidden') {
$value = rawurldecode($value);
}
// Q&A verification
if ($field_type == "verification") {
$field_name = __('Q&A', 'cforms');
}
//for db tracking
$inc = '';
$trackname = trim($field_name);
if (array_key_exists($trackname, $track)) {
if ($trackinstance[$trackname] == '') {
$trackinstance[$trackname] = 2;
}
$inc = '___' . $trackinstance[$trackname]++;
}
$track['$$$' . (int) ($i + $off)] = $trackname . $inc;
$track[$trackname . $inc] = $value;
if ($customTrackingID != '') {
$track['$$$' . $customTrackingID] = $trackname . $inc;
}
//for all equal except textareas!
$htmlvalue = str_replace("=", "=3D", $value);
$htmlfield_name = $field_name;
// just for looks: break for textarea
if ($field_type == "textarea" || $field_type == "comment") {
$field_name = "\n" . $field_name;
$htmlvalue = str_replace(array("=", "\n"), array("=3D", "<br />\n"), $value);
$value = "\n" . $value . "\n";
}
// just for looks:rest
$space = '';
if (strlen(stripslashes($field_name)) < $customspace) {
// don't count ->\" sometimes adds more spaces?!?
$space = str_repeat(" ", $customspace - strlen(stripslashes($field_name)));
}
// create formdata block for email
if ($field_stat[1] != 'verification' && $field_stat[1] != 'captcha') {
$formdata .= stripslashes($field_name) . ': ' . $space . $value . "\n";
$htmlformdata .= '<tr><td class=3D"data-td">' . $htmlfield_name . '</td><td>' . $htmlvalue . '</td></tr>';
}
}
// for
// assemble html formdata
$htmlformdata = '<div class=3D"datablock"><table width=3D"100%" cellpadding=3D"2">' . stripslashes($htmlformdata) . '</table></div><span class=3D"cforms">powered by <a href=3D"http://www.deliciousdays.com/cforms-plugin">cformsII</a></span>';
//
// allow the user to use form data for other apps
//
$trackf['id'] = $no;
$trackf['data'] = $track;
if (function_exists('my_cforms_action')) {
my_cforms_action($trackf);
}
// Catch WP-Comment function
if ($isAjaxWPcomment !== false && $track['send2author'] == '0') {
require_once dirname(__FILE__) . '/lib_WPcomment.php';
if ($WPsuccess) {
$hide = '';
// redirect to a different page on suceess?
if (get_option('cforms' . $no . '_redirect') == 1) {
return get_option('cforms' . $no . '_redirect_page');
} else {
if (get_option('cforms' . $no . '_redirect') == 2) {
$hide = '|~~~';
}
}
$pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 0, 1);
return $pre . $WPresp . $hide;
} else {
$pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 1, 1);
return $pre . $WPresp . '|---';
}
}
//
//reply to all email recipients
//
$replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes(get_option('cforms' . $no . '_email')));
// multiple recipients? and to whom is the email sent? to_one = picked recip.
if ($isAjaxWPcomment !== false && $track['send2author'] == '1') {
$to = $wpdb->get_results("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = {$Ajaxpid} AND U.ID=P.post_author");
$to = $replyto = $to[0]->user_email != '' ? $to[0]->user_email : $replyto;
} else {
if ($to_one != "-1") {
$all_to_email = explode(',', $replyto);
$replyto = $to = $all_to_email[$to_one];
} else {
$to = $replyto;
}
}
// T-A-F override?
if ($taf_youremail && $taf_friendsemail && substr(get_option('cforms' . $no . '_tellafriend'), 0, 1) == '1') {
$replyto = "\"{$taf_yourname}\" <{$taf_youremail}>";
}
//
// FIRST write into the cforms tables!
//
$subID = write_tracking_record($no, $field_email);
//
// ready to send email
// email header
//
$html_show = substr(get_option('cforms' . $no . '_formdata'), 2, 1) == '1' ? true : false;
$fmessage = '';
$eol = "\n";
if (($frommail = stripslashes(get_option('cforms' . $no . '_fromemail'))) == '') {
$frommail = '"' . get_option('blogname') . '" <wordpress@' . preg_replace('#^www\\.#', '', strtolower($_SERVER['SERVER_NAME'])) . '>';
}
$headers = "From: " . $frommail . $eol;
$headers .= "Reply-To: " . $field_email . $eol;
if (($tempBcc = stripslashes(get_option('cforms' . $no . '_bcc'))) != "") {
$headers .= "Bcc: " . $tempBcc . $eol;
}
$headers .= "MIME-Version: 1.0" . $eol;
if ($html_show) {
$headers .= "Content-Type: multipart/alternative; boundary=\"----MIME_BOUNDRY_main_message\"";
$fmessage = "This is a multi-part message in MIME format." . $eol;
$fmessage .= "------MIME_BOUNDRY_main_message" . $eol;
$fmessage .= "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"" . $eol;
$fmessage .= "Content-Transfer-Encoding: quoted-printable" . $eol . $eol;
} else {
$headers .= "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"";
}
// prep message text, replace variables
$message = get_option('cforms' . $no . '_header');
$message = check_default_vars($message, $no);
$message = stripslashes(check_cust_vars($message, $track, $no));
// text text
$fmessage .= $message . $eol;
// need to add form data summary or is all in the header anyway?
if (substr(get_option('cforms' . $no . '_formdata'), 0, 1) == '1') {
$fmessage .= $eol . $formdata . $eol;
}
// HTML text
if ($html_show) {
// actual user message
$htmlmessage = get_option('cforms' . $no . '_header_html');
$htmlmessage = check_default_vars($htmlmessage, $no);
$htmlmessage = str_replace(array("=", "\n"), array("=3D", "<br />\n"), stripslashes(check_cust_vars($htmlmessage, $track, $no)));
$fmessage .= "------MIME_BOUNDRY_main_message" . $eol;
$fmessage .= "Content-Type: text/html; charset=\"" . get_option('blog_charset') . "\"" . $eol;
$fmessage .= "Content-Transfer-Encoding: quoted-printable" . $eol . $eol;
$fmessage .= "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">" . $eol;
$fmessage .= "<HTML>" . $eol;
$fmessage .= $styles;
$fmessage .= "<BODY>" . $eol;
$fmessage .= $htmlmessage;
// need to add form data summary or is all in the header anyway?
if (substr(get_option('cforms' . $no . '_formdata'), 1, 1) == '1') {
$fmessage .= $eol . $htmlformdata;
}
$fmessage .= "</BODY></HTML>" . $eol . $eol;
}
//either use configured subject or user determined
$vsubject = get_option('cforms' . $no . '_subject');
$vsubject = check_default_vars($vsubject, $no);
$vsubject = stripslashes(check_cust_vars($vsubject, $track, $no));
// SMTP server or native PHP mail() ?
if ($smtpsettings[0] == '1') {
$sentadmin = cforms_phpmailer($no, $frommail, $field_email, $to, $vsubject, $message, $formdata, $htmlmessage, $htmlformdata);
} else {
$sentadmin = @mail($to, encode_header($vsubject), $fmessage, $headers);
}
if ($sentadmin == 1) {
// send copy or notification?
if (get_option('cforms' . $no . '_confirm') == '1' && $field_email != '' || $ccme) {
if (($frommail = stripslashes(get_option('cforms' . $no . '_fromemail'))) == '') {
$frommail = '"' . get_option('blogname') . '" <wordpress@' . preg_replace('#^www\\.#', '', strtolower($_SERVER['SERVER_NAME'])) . '>';
}
// HTML message part?
$html_show_ac = substr(get_option('cforms' . $no . '_formdata'), 3, 1) == '1' ? true : false;
$automessage = '';
$headers2 = "From: " . $frommail . $eol;
$headers2 .= "Reply-To: " . $replyto . $eol;
if (substr(get_option('cforms' . $no . '_tellafriend'), 0, 1) == '1') {
//TAF: add CC
$headers2 .= "CC: " . $replyto . $eol;
}
$headers2 .= "MIME-Version: 1.0" . $eol;
if ($html_show_ac || $html_show && $ccme) {
$headers2 .= "Content-Type: multipart/alternative; boundary=\"----MIME_BOUNDRY_main_message\"";
$automessage = "This is a multi-part message in MIME format." . $eol;
$automessage .= "------MIME_BOUNDRY_main_message" . $eol;
$automessage .= "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"" . $eol;
$automessage .= "Content-Transfer-Encoding: quoted-printable" . $eol . $eol;
} else {
$headers2 .= "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"";
}
// actual user message
$cmsg = get_option('cforms' . $no . '_cmsg');
$cmsg = check_default_vars($cmsg, $no);
$cmsg = check_cust_vars($cmsg, $track, $no);
// text text
$automessage .= $cmsg . $eol;
// HTML text
if ($html_show_ac) {
// actual user message
$cmsghtml = get_option('cforms' . $no . '_cmsg_html');
$cmsghtml = check_default_vars($cmsghtml, $no);
$cmsghtml = str_replace(array("=", "\n"), array("=3D", "<br />\n"), check_cust_vars($cmsghtml, $track, $no));
$automessage .= "------MIME_BOUNDRY_main_message" . $eol;
$automessage .= "Content-Type: text/html; charset=\"" . get_option('blog_charset') . "\"" . $eol;
$automessage .= "Content-Transfer-Encoding: quoted-printable" . $eol . $eol;
$automessage .= "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">" . $eol;
$automessage .= "<HTML><BODY>" . $eol;
$automessage .= $cmsghtml;
$automessage .= "</BODY></HTML>" . $eol . $eol;
}
// replace variables
$subject2 = get_option('cforms' . $no . '_csubject');
$subject2 = check_default_vars($subject2, $no);
$subject2 = check_cust_vars($subject2, $track, $no);
// different cc & ac subjects?
$t = explode('$#$', $subject2);
$t[1] = $t[1] != '' ? $t[1] : $t[0];
// email tracking via 3rd party?
$field_email = get_option('cforms' . $no . '_tracking') != '' ? $field_email . get_option('cforms' . $no . '_tracking') : $field_email;
// if in Tell-A-Friend Mode, then overwrite header stuff...
if ($taf_youremail && $taf_friendsemail && substr(get_option('cforms' . $no . '_tellafriend'), 0, 1) == '1') {
$field_email = "\"{$taf_friendsname}\" <{$taf_friendsemail}>";
}
if ($ccme) {
if ($smtpsettings[0] == '1') {
$sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, stripslashes($t[1]), $message, $formdata, $htmlmessage, $htmlformdata, 'ac');
} else {
$sent = @mail($field_email, encode_header(stripslashes($t[1])), $fmessage, $headers2);
}
//takes $message!!
} else {
if ($smtpsettings[0] == '1') {
$sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, stripslashes($t[0]), $cmsg, '', $cmsghtml, '', 'ac');
} else {
$sent = @mail($field_email, encode_header(stripslashes($t[0])), stripslashes($automessage), $headers2);
}
}
if ($sent != '1') {
$err = __('Error occurred while sending the auto confirmation message: ', 'cforms') . ($smtpsettings[0] ? " ({$sent})" : '');
$pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 1, 1);
return $pre . $err . '|!!!';
}
}
// cc
$hide = '';
// redirect to a different page on suceess?
if (get_option('cforms' . $no . '_redirect') == 1) {
return get_option('cforms' . $no . '_redirect_page');
} else {
if (get_option('cforms' . $no . '_redirect') == 2 || get_cforms_submission_left($no) == 0) {
$hide = '|~~~';
}
}
// return success msg
$pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 0, 1);
$successMsg = check_default_vars(stripslashes(get_option('cforms' . $no . '_success')), $no);
$successMsg = check_cust_vars($successMsg, $track, $no);
return $pre . preg_replace('|\\r\\n|', '<br />', $successMsg) . $hide;
} else {
// return error msg
$err = __('Error occurred while sending the message: ', 'cforms') . ($smtpsettings[0] ? '<br />' . $sentadmin : '');
$pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 1, 1);
return $pre . $err . '|!!!';
}
}
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$comment_type = '';
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
$comment_id = wp_new_comment($commentdata);
$comment = get_comment($comment_id);
if (!$user->ID) {
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
}
### send a notification if required
if ($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] == '21') {
cforms('', $no);
}
### keep track of custom comment fields
write_tracking_record($no, $comment_author_email, $comment_id);
$location = empty($_POST['redirect_to']) ? get_permalink($_POST['comment_post_ID']) . $cfpre . 'cfemail=posted' . '#cforms' . $no . 'form' : $_POST['redirect_to'];
$location = apply_filters('comment_post_redirect', $location, $comment);
wp_redirect($location);
} else {
$err = '';
foreach (array_keys($_POST) as $postvar) {
$err .= '&' . $postvar . '=' . urlencode($_POST[$postvar]);
}
header("HTTP/1.0 301 Temporary redirect");
header("Location: " . get_permalink($comment_post_ID) . $cfpre . 'cfemail=err' . $err . '#cforms' . $no . 'form');
}
}
### non Ajax
if (strlen(stripslashes($field_name)) < $customspace) {
$space = str_repeat(" ", $customspace - strlen(stripslashes($field_name)));
}
$field_name .= ': ' . $space;
if ($field_stat[1] != 'verification' && $field_stat[1] != 'captcha') {
$formdata .= stripslashes($field_name) . $value . "\n";
$htmlformdata .= '<tr><td class=3D"data-td">' . $htmlfield_name . '</td><td>' . $htmlvalue . '</td></tr>';
}
}
//for all fields
// assemble html formdata
$htmlformdata = '<div class=3D"datablock"><table width=3D"100%" cellpadding=3D"2">' . stripslashes($htmlformdata) . '</table></div><span class=3D"cforms">powered by <a href=3D"http://www.deliciousdays.com/cforms-plugin">cformsII</a></span>';
//
// FIRST into the database is required!
//
$subID = get_option('cforms' . $no . '_tellafriend') == '2' && !$send2author ? 'noid' : write_tracking_record($no, $field_email);
//
// Files uploaded??
//
$filefield = 0;
$temp = explode('$#$', stripslashes(htmlspecialchars(get_option('cforms' . $no . '_upload_dir'))));
$fileuploaddir = $temp[0];
if (isset($_FILES['cf_uploadfile' . $no])) {
foreach ($_FILES['cf_uploadfile' . $no][tmp_name] as $tmpfile) {
//copy attachment to local server dir
if ($tmpfile != '') {
copy($tmpfile, $fileuploaddir . '/' . $subID . '-' . $file['name'][$filefield]);
}
$filefield++;
}
}
