if (isset($cnt_form["fields"]) && is_array($cnt_form["fields"]) && count($cnt_form["fields"])) { $form_counter = 0; $cnt_form['label_wrap'] = explode('|', $cnt_form['label_wrap']); $cnt_form['label_wrap'][0] = !empty($cnt_form['label_wrap'][0]) ? trim($cnt_form['label_wrap'][0]) : ''; $cnt_form['label_wrap'][1] = !empty($cnt_form['label_wrap'][1]) ? trim($cnt_form['label_wrap'][1]) : ''; $form_field_hidden = ''; $cnt_form['regx_pattern'] = array('A-Z' => '/^[A-Z]+$/', 'a-Z' => '/^[a-zA-Z]+$/', 'a-z' => '/^[a-z]+$/', '0-9' => '/^[0-9]+$/', 'PHONE' => '/^[+]?([0-9]*[\\.\\s\\-\\(\\)\\/]|[0-9]+){3,24}$/', 'INT' => '/^[0-9\\-\\+]+$/', 'WORD' => '/^[\\w]+$/', 'LETTER+SPACE' => '/^[a-z _\\-\\:]+$/i'); if (!empty($_POST['cpID' . $crow["acontent_id"]]) && intval($_POST['cpID' . $crow["acontent_id"]]) == $crow["acontent_id"]) { $POST_DO = true; $POST_val = array(); $cache_nosave = true; } else { $POST_DO = false; } // make spam check if ($POST_DO && !checkFormTrackingValue()) { $POST_ERR['spamFormAlert' . time()] = '[span_class:spamFormAlert]Your IP ' . getRemoteIP() . ' is not allowed to send form![/class]'; } foreach ($cnt_form["fields"] as $key => $value) { $form_field = ''; $form_name = html_specialchars($cnt_form["fields"][$key]['name']); $POST_name = $cnt_form["fields"][$key]['name']; switch ($cnt_form["fields"][$key]['type']) { case 'text': /* * Text */ if ($POST_DO && isset($_POST[$POST_name])) { $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); if ($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { $POST_ERR[$key] = $cnt_form["fields"][$key]['error'];
} if (isset($_POST['guestbook_email']) && !empty($guestbook['captcha'])) { include_once PHPWCMS_ROOT . '/include/inc_ext/SPAF_FormValidator.class.php'; // instantiate the object $spaf_obj = new SPAF_FormValidator(); $guestbook['post']['captcha'] = isset($_POST['guestbook_captcha']) ? clean_slweg($_POST['guestbook_captcha']) : ''; if ($spaf_obj->validRequest($guestbook['post']['captcha'])) { // destroy successful code $spaf_obj->destroy(); } else { $guestbook['error']['captcha'] = 'Fill in the correct captcha code. Proof it twice!'; } } if (isset($_POST['guestbook_email']) && !$guestbook['flooding']) { // make global spam check if (!checkFormTrackingValue()) { $guestbook['flooding'] = 1; $guestbook['readform'] = 1; $guestbook['spamalert'] = '<div class="spamFormAlert">Your IP ' . getRemoteIP() . ' is not allowed to send form!</div>'; } } // final guestbook form check and insert into db if (isset($_POST['guestbook_email']) && !$guestbook['flooding']) { // check URL and try to connect - if fails set to '' if ($guestbook['post']['url']) { $guestbook['post']['url'] = preg_replace('/(mailto|http|https):{0,1}/i', '', $guestbook['post']['url']); list($guestbook['post']['url']) = explode('?', $guestbook['post']['url'], 2); $guestbook['post']['url'] = str_replace('//', '', trim($guestbook['post']['url'])); if ($content["guestbook"]["gb_urlcheck"] && @ini_get('allow_url_fopen')) { if ($guestbook['fp'] = @fopen('http://' . $guestbook['post']['url'], 'r')) { @fclose($guestbook['fp']);