Exemplo n.º 1
0
 /**
  * Checks the reCAPTCHA answer
  *
  * @param   string   $value  The value to check
  * @return  boolean          True if valid false otherwise
  */
 public function isValid($value)
 {
     $params = array('secret' => $this->_secretKey, 'response' => isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : '', 'remoteip' => iphorm_get_user_ip());
     $qs = http_build_query($params);
     $response = wp_remote_get('https://www.google.com/recaptcha/api/siteverify?' . $qs);
     $response = wp_remote_retrieve_body($response);
     $response = iphorm_json_decode($response, true);
     if (!is_array($response) || !isset($response['success'])) {
         $this->addMessage($this->_messageTemplates['error']);
         return false;
     }
     if (!$response['success']) {
         if (isset($response['error-codes']) && is_array($response['error-codes']) && count($response['error-codes'])) {
             foreach ($response['error-codes'] as $error) {
                 if (array_key_exists($error, $this->_messageTemplates)) {
                     $message = $this->_messageTemplates[$error];
                 } else {
                     $message = $this->_messageTemplates['invalid-input-response'];
                 }
                 $this->addMessage($message);
                 return false;
             }
         } else {
             $this->addMessage($this->_messageTemplates['error']);
             return false;
         }
     }
     return true;
 }
Exemplo n.º 2
0
/**
 * Process the form and returns the response
 *
 * @return string
 */
function iphorm_process_form()
{
    $ajax = isset($_POST['iphorm_ajax']) && $_POST['iphorm_ajax'] == 1;
    $swfu = isset($_POST['iphorm_swfu']) && $_POST['iphorm_swfu'] == 1;
    if (isset($_POST['iphorm_id']) && isset($_POST['iphorm_uid']) && ($form = iphorm_get_form($_POST['iphorm_id'], $_POST['iphorm_uid'])) instanceof iPhorm && $form->getActive()) {
        // Strip slashes from the submitted data (WP adds them automatically)
        $_POST = stripslashes_deep($_POST);
        // Pre-process action hooks
        do_action('iphorm_pre_process', $form);
        do_action('iphorm_pre_process_' . $form->getId(), $form);
        $response = '';
        // If we have files uploaded via SWFUpload, merge them into $_FILES
        if ($swfu && isset($_SESSION['iphorm-' . $form->getUniqId()])) {
            $_FILES = array_merge($_FILES, $_SESSION['iphorm-' . $form->getUniqId()]);
        }
        // Set the form element values
        $form->setValues($_POST);
        // Calculate which elements are hidden by conditional logic and which groups are empty
        $form->calculateElementStatus();
        // Pre-validate action hooks
        do_action('iphorm_pre_validate', $form);
        do_action('iphorm_pre_validate_' . $form->getId(), $form);
        if ($form->isValid()) {
            // Post-validate action hooks
            do_action('iphorm_post_validate', $form);
            do_action('iphorm_post_validate_' . $form->getId(), $form);
            // Process any uploads first
            $attachments = array();
            $elements = $form->getElements();
            foreach ($elements as $element) {
                if ($element instanceof iPhorm_Element_File) {
                    $elementName = $element->getName();
                    if (array_key_exists($elementName, $_FILES) && is_array($_FILES[$elementName])) {
                        $file = $_FILES[$elementName];
                        if (is_array($file['error'])) {
                            // Process multiple upload field
                            foreach ($file['error'] as $key => $error) {
                                if ($error === UPLOAD_ERR_OK) {
                                    $pathInfo = pathinfo($file['name'][$key]);
                                    $extension = isset($pathInfo['extension']) ? $pathInfo['extension'] : '';
                                    $filenameFilter = new iPhorm_Filter_Filename();
                                    $filename = strlen($extension) ? str_replace(".{$extension}", '', $pathInfo['basename']) : $pathInfo['basename'];
                                    $filename = $filenameFilter->filter($filename);
                                    $filename = apply_filters('iphorm_filename_' . $element->getName(), $filename, $element, $form);
                                    if (strlen($extension)) {
                                        $filename = strlen($filename) ? "{$filename}.{$extension}" : "upload.{$extension}";
                                    } else {
                                        $filename = strlen($filename) ? $filename : 'upload';
                                    }
                                    $fullPath = $file['tmp_name'][$key];
                                    $value = array('text' => $filename);
                                    if ($element->getSaveToServer()) {
                                        $result = iphorm_save_uploaded_file($fullPath, $filename, $element, $form->getId());
                                        if ($result !== false) {
                                            $fullPath = $result['fullPath'];
                                            $filename = $result['filename'];
                                            $value = array('url' => iphorm_get_wp_uploads_url() . '/' . $result['path'] . $filename, 'text' => $filename, 'fullPath' => $fullPath);
                                        }
                                    }
                                    if ($element->getAddAsAttachment()) {
                                        $attachments[] = array('fullPath' => $fullPath, 'type' => $file['type'][$key], 'filename' => $filename);
                                    }
                                    $element->addFile($value);
                                }
                            }
                        } else {
                            // Process single upload field
                            if ($file['error'] === UPLOAD_ERR_OK) {
                                $pathInfo = pathinfo($file['name']);
                                $extension = isset($pathInfo['extension']) ? $pathInfo['extension'] : '';
                                $filenameFilter = new iPhorm_Filter_Filename();
                                $filename = strlen($extension) ? str_replace(".{$extension}", '', $pathInfo['basename']) : $pathInfo['basename'];
                                $filename = $filenameFilter->filter($filename);
                                $filename = apply_filters('iphorm_filename_' . $element->getName(), $filename, $element, $form);
                                if (strlen($extension)) {
                                    $filename = strlen($filename) ? "{$filename}.{$extension}" : "upload.{$extension}";
                                } else {
                                    $filename = strlen($filename) ? $filename : 'upload';
                                }
                                $fullPath = $file['tmp_name'];
                                $value = array('text' => $filename);
                                if ($element->getSaveToServer()) {
                                    $result = iphorm_save_uploaded_file($fullPath, $filename, $element, $form->getId());
                                    if (is_array($result)) {
                                        $fullPath = $result['fullPath'];
                                        $filename = $result['filename'];
                                        $value = array('url' => iphorm_get_wp_uploads_url() . '/' . $result['path'] . $filename, 'text' => $filename, 'fullPath' => $fullPath);
                                    }
                                }
                                if ($element->getAddAsAttachment()) {
                                    $attachments[] = array('fullPath' => $fullPath, 'type' => $file['type'], 'filename' => $filename);
                                }
                                $element->addFile($value);
                            }
                        }
                    }
                    // end in $_FILES
                }
                // end instanceof file
            }
            // end foreach element
            // Save the entry to the database
            if ($form->getSaveToDatabase()) {
                global $wpdb;
                $currentUser = wp_get_current_user();
                $entry = array('form_id' => $form->getId(), 'date_added' => gmdate('Y-m-d H:i:s'), 'ip' => mb_substr(iphorm_get_user_ip(), 0, 32), 'form_url' => isset($_POST['form_url']) ? mb_substr($_POST['form_url'], 0, 512) : '', 'referring_url' => isset($_POST['referring_url']) ? mb_substr($_POST['referring_url'], 0, 512) : '', 'post_id' => isset($_POST['post_id']) ? mb_substr($_POST['post_id'], 0, 32) : '', 'post_title' => isset($_POST['post_title']) ? mb_substr($_POST['post_title'], 0, 128) : '', 'user_display_name' => mb_substr(iphorm_get_current_userinfo('display_name'), 0, 128), 'user_email' => mb_substr(iphorm_get_current_userinfo('user_email'), 0, 128), 'user_login' => mb_substr(iphorm_get_current_userinfo('user_login'), 0, 128));
                $wpdb->insert(iphorm_get_form_entries_table_name(), $entry);
                $entryId = $wpdb->insert_id;
                $form->setEntryId($entryId);
                $entryDataTableName = iphorm_get_form_entry_data_table_name();
                foreach ($elements as $element) {
                    if ($element->getSaveToDatabase() && !$element->isConditionallyHidden()) {
                        $entryData = array('entry_id' => $entryId, 'element_id' => $element->getId(), 'value' => $element->getValueHtml());
                        $wpdb->insert($entryDataTableName, $entryData);
                    }
                }
            }
            // Check if we need to send any emails
            if ($form->getSendNotification() || $form->getSendAutoreply()) {
                // Get a new PHP mailer instance
                $mailer = iphorm_new_phpmailer($form);
                // Create an email address validator, we'll need to use it later
                $emailValidator = new iPhorm_Validator_Email();
                // Check if we should send the notification email
                if ($form->getSendNotification() && count($form->getRecipients())) {
                    // Set the from address
                    $notificationFromInfo = $form->getNotificationFromInfo();
                    $mailer->From = $notificationFromInfo['email'];
                    $mailer->FromName = $notificationFromInfo['name'];
                    // Set the BCC
                    if (count($bcc = $form->getBcc())) {
                        foreach ($bcc as $bccEmail) {
                            $mailer->AddBCC($bccEmail);
                        }
                    }
                    // Set the Reply-To header
                    if (($replyToElement = $form->getNotificationReplyToElement()) instanceof iPhorm_Element_Email && $emailValidator->isValid($replyToEmail = $replyToElement->getValue())) {
                        $mailer->AddReplyTo($replyToEmail);
                    }
                    // Set the subject
                    $mailer->Subject = $form->replacePlaceholderValues($form->getSubject());
                    // Check for conditional recipient rules
                    if (count($form->getConditionalRecipients())) {
                        $recipients = array();
                        foreach ($form->getConditionalRecipients() as $rule) {
                            if (isset($rule['element'], $rule['value'], $rule['operator'], $rule['recipient']) && ($rElement = $form->getElementById($rule['element'])) instanceof iPhorm_Element_Multi) {
                                if ($rule['operator'] == 'eq') {
                                    if ($rElement->getValue() == $rule['value']) {
                                        $recipients[] = $rule['recipient'];
                                    }
                                } else {
                                    if ($rElement->getValue() != $rule['value']) {
                                        $recipients[] = $rule['recipient'];
                                    }
                                }
                            }
                        }
                        if (count($recipients)) {
                            foreach ($recipients as $recipient) {
                                $mailer->AddAddress($form->replacePlaceholderValues($recipient));
                            }
                        } else {
                            // No conditional recipient rules were matched, use default recipients
                            foreach ($form->getRecipients() as $recipient) {
                                $mailer->AddAddress($form->replacePlaceholderValues($recipient));
                            }
                        }
                    } else {
                        // Set the recipients
                        foreach ($form->getRecipients() as $recipient) {
                            $mailer->AddAddress($form->replacePlaceholderValues($recipient));
                        }
                    }
                    // Set the message content
                    $emailHTML = '';
                    $emailPlain = '';
                    if ($form->getCustomiseEmailContent()) {
                        if ($form->getNotificationFormat() == 'html') {
                            $emailHTML = $form->getNotificationEmailContent();
                        } else {
                            $emailPlain = $form->getNotificationEmailContent();
                        }
                        // Replace any placeholder values
                        $emailHTML = $form->replacePlaceholderValues($emailHTML, 'html', '<br />');
                        $emailPlain = $form->replacePlaceholderValues($emailPlain, 'plain', iphorm_get_email_newline());
                    } else {
                        ob_start();
                        include IPHORM_INCLUDES_DIR . '/emails/email-html.php';
                        $emailHTML = ob_get_clean();
                        ob_start();
                        include IPHORM_INCLUDES_DIR . '/emails/email-plain.php';
                        $emailPlain = ob_get_clean();
                    }
                    if (strlen($emailHTML)) {
                        $mailer->MsgHTML($emailHTML);
                        if (strlen($emailPlain)) {
                            $mailer->AltBody = $emailPlain;
                        }
                    } else {
                        $mailer->Body = $emailPlain;
                    }
                    // Attachments
                    foreach ($attachments as $file) {
                        $mailer->AddAttachment($file['fullPath'], $file['filename'], 'base64', $file['type']);
                    }
                    $mailer = apply_filters('iphorm_pre_send_notification_email', $mailer, $form, $attachments);
                    $mailer = apply_filters('iphorm_pre_send_notification_email_' . $form->getId(), $mailer, $form, $attachments);
                    try {
                        // Send the message
                        $mailer->Send();
                    } catch (Exception $e) {
                        if (WP_DEBUG) {
                            throw $e;
                        }
                    }
                }
                // Check if we should send the autoreply email
                if ($form->getSendAutoreply() && ($recipientElement = $form->getAutoreplyRecipientElement()) instanceof iPhorm_Element_Email && strlen($recipientEmailAddress = $recipientElement->getValue()) && $emailValidator->isValid($recipientEmailAddress)) {
                    // Get a new PHP mailer instance
                    $mailer = iphorm_new_phpmailer($form);
                    // Set the subject
                    $mailer->Subject = $form->replacePlaceholderValues($form->getAutoreplySubject());
                    // Set the from name/email
                    $autoreplyFromInfo = $form->getAutoreplyFromInfo();
                    $mailer->From = $autoreplyFromInfo['email'];
                    $mailer->FromName = $autoreplyFromInfo['name'];
                    // Add the recipient address
                    $mailer->AddAddress($recipientEmailAddress);
                    // Build the email content
                    $emailHTML = '';
                    $emailPlain = '';
                    if (strlen($autoreplyEmailContent = $form->getAutoreplyEmailContent())) {
                        if ($form->getAutoreplyFormat() == 'html') {
                            $emailHTML = $form->replacePlaceholderValues($autoreplyEmailContent, 'html', '<br />');
                        } else {
                            $emailPlain = $form->replacePlaceholderValues($autoreplyEmailContent, 'plain', iphorm_get_email_newline());
                        }
                    }
                    if (strlen($emailHTML)) {
                        $mailer->MsgHTML($emailHTML);
                    } else {
                        $mailer->Body = $emailPlain;
                    }
                    $mailer = apply_filters('iphorm_pre_send_autoreply_email', $mailer, $form, $attachments);
                    $mailer = apply_filters('iphorm_pre_send_autoreply_email_' . $form->getId(), $mailer, $form, $attachments);
                    try {
                        // Send the autoreply
                        $mailer->Send();
                    } catch (Exception $e) {
                        if (WP_DEBUG) {
                            throw $e;
                        }
                    }
                }
            }
            // Okay, so now we can save form data to the custom database table if configured
            if (count($fields = $form->getDbFields())) {
                foreach ($fields as $key => $value) {
                    $fields[$key] = $form->replacePlaceholderValues($value);
                }
                if ($form->getUseWpDb()) {
                    global $wpdb;
                    $wpdb->insert($form->getDbTable(), $fields);
                } else {
                    $cwpdb = new wpdb($form->getDbUsername(), $form->getDbPassword(), $form->getDbName(), $form->getDbHost());
                    $cwpdb->insert($form->getDbTable(), $fields);
                }
            }
            // Delete uploaded files and unset file upload info from session
            if (isset($_SESSION['iphorm-' . $form->getUniqId()])) {
                if (is_array($_SESSION['iphorm-' . $form->getUniqId()])) {
                    foreach ($_SESSION['iphorm-' . $form->getUniqId()] as $file) {
                        if (isset($file['tmp_name'])) {
                            if (is_array($file['tmp_name'])) {
                                foreach ($file['tmp_name'] as $multiFile) {
                                    if (is_string($multiFile) && strlen($multiFile) && file_exists($multiFile)) {
                                        unlink($multiFile);
                                    }
                                }
                            } else {
                                if (is_string($file['tmp_name']) && strlen($file['tmp_name']) && file_exists($file['tmp_name'])) {
                                    unlink($file['tmp_name']);
                                }
                            }
                        }
                    }
                }
                unset($_SESSION['iphorm-' . $form->getUniqId()]);
            }
            // Unset CAPTCHA info from session
            if (isset($_SESSION['iphorm-captcha-' . $form->getUniqId()])) {
                unset($_SESSION['iphorm-captcha-' . $form->getUniqId()]);
            }
            // Post-process action hooks
            do_action('iphorm_post_process', $form);
            do_action('iphorm_post_process_' . $form->getId(), $form);
            $result = array('type' => 'success', 'data' => $form->getSuccessMessage());
            if ($form->getSuccessType() == 'redirect') {
                $result['redirect'] = $form->getSuccessRedirectURL();
            }
            if (!$ajax) {
                // Reset the form for non-JavaScript submit
                $successMessage = $form->getSuccessMessage();
                $form->setSubmitted(true);
                $form->reset();
            } else {
                // This counteracts the fact that wrapping the JSON response in a textarea decodes HTML entities
                if (isset($result['redirect'])) {
                    $result['redirect'] = htmlspecialchars($result['redirect'], ENT_NOQUOTES);
                }
                $result['data'] = htmlspecialchars($result['data'], ENT_NOQUOTES);
            }
        } else {
            $result = array('type' => 'error', 'data' => $form->getErrors());
        }
        if ($ajax) {
            $response = '<textarea>' . iphorm_json_encode($result) . '</textarea>';
        } else {
            // Redirect if successful
            if (isset($result['type'], $result['redirect']) && $result['type'] == 'success') {
                return '<meta http-equiv="refresh" content="0;URL=\'' . esc_url($result['redirect']) . '\'">';
            }
            // Displays the form again
            do_action('iphorm_pre_display', $form);
            do_action('iphorm_pre_display_' . $form->getId(), $form);
            ob_start();
            include IPHORM_INCLUDES_DIR . '/form.php';
            $response = ob_get_clean();
        }
        return $response;
    }
}
Exemplo n.º 3
0
 /**
  * Get the form value of a single placeholder
  *
  * Static version (element value placeholders will not be replaced)
  *
  * @param string $matches
  * @return string The the form value
  */
 public static function getPlaceholderValue2($matches)
 {
     $original = $matches[0];
     // Process any exact matches
     switch ($original) {
         case '{ip}':
             return iphorm_get_user_ip();
         case '{post_id}':
             return iphorm_get_current_post_id();
         case '{post_title}':
             return iphorm_get_current_post_title();
         case '{url}':
             return iphorm_get_current_url();
         case '{user_display_name}':
             $currentUser = wp_get_current_user();
             if ($currentUser->ID == 0) {
                 return '';
             } else {
                 return $currentUser->display_name;
             }
         case '{user_email}':
             $currentUser = wp_get_current_user();
             if ($currentUser->ID == 0) {
                 return '';
             } else {
                 return $currentUser->user_email;
             }
         case '{user_login}':
             $currentUser = wp_get_current_user();
             if ($currentUser->ID == 0) {
                 return '';
             } else {
                 return $currentUser->user_login;
             }
         case '{referring_url}':
             return isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
         case '{current_date}':
         case '{submit_date}':
             return date_i18n('l, jS F Y');
         case '{current_time}':
         case '{submit_time}':
             return date_i18n('g:i a');
         case '{admin_email}':
             return get_bloginfo('admin_email');
     }
     // Process variable tags
     if (stripos($original, '|') !== false) {
         $stripped = preg_replace('/(^{|}$)/', '', $original);
         $parts = explode('|', $stripped);
         switch ($parts[0]) {
             case 'current_date':
             case 'submit_date':
             case 'current_time':
             case 'submit_time':
                 return date_i18n($parts[1]);
         }
     }
     return $original;
 }