function cp_calculated_fields_form_check_posted_data() { global $wpdb; if (isset($_GET['cp_calculatedfieldsf_ipncheck']) && $_GET['cp_calculatedfieldsf_ipncheck'] == '1' && isset($_GET["itemnumber"])) { cp_calculatedfieldsf_check_IPN_verification(); } if (isset($_GET) && array_key_exists('cp_calculated_fields_form_post', $_GET)) { if ($_GET["cp_calculated_fields_form_post"] == 'loadcoupons') { cp_calculatedfieldsf_load_discount_codes(); } } if (isset($_GET['cp_calculatedfieldsf']) && $_GET['cp_calculatedfieldsf'] == 'captcha') { @(include_once dirname(__FILE__) . '/captcha/captcha.php'); exit; } if (isset($_GET['cp_calculatedfieldsf_csv']) && is_admin()) { check_admin_referer('session_id_' . session_id(), '_cpcff_nonce'); cp_calculatedfieldsf_export_csv(); return; } if (isset($_GET['cp_calculatedfieldsf_export']) && is_admin()) { check_admin_referer('session_id_' . session_id(), '_cpcff_nonce'); cp_calculatedfieldsf_export_form(); return; } if ('POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['cp_calculatedfieldsf_post_options']) && is_admin()) { cp_calculatedfieldsf_save_options(); if (isset($_POST['preview'])) { print '<!DOCTYPE html><html><head><meta charset="UTF-8"></head><body>'; print cp_calculatedfieldsf_filter_content(array('id' => $_POST['cp_calculatedfieldsf_id'])); wp_footer(); print '</body></html>'; exit; } return; } if ('POST' != $_SERVER['REQUEST_METHOD'] || !isset($_POST['cp_calculatedfieldsf_pform_process'])) { if ('GET' != $_SERVER['REQUEST_METHOD'] || !isset($_GET['hdcaptcha_cp_calculated_fields_form_post'])) { return; } } define("CP_CALCULATEDFIELDSF_ID", @$_POST["cp_calculatedfieldsf_id"]); if (isset($_GET["ps"])) { $sequence = $_GET["ps"]; } else { if (isset($_POST["cp_calculatedfieldsf_pform_psequence"])) { $sequence = $_POST["cp_calculatedfieldsf_pform_psequence"]; } } if (!isset($_GET['hdcaptcha_cp_calculated_fields_form_post']) || $_GET['hdcaptcha_cp_calculated_fields_form_post'] == '') { $_GET['hdcaptcha_cp_calculated_fields_form_post'] = @$_POST['hdcaptcha_cp_calculated_fields_form_post']; } if (!apply_filters('cpcff_valid_submission', true) || cp_calculatedfieldsf_get_option('cv_enable_captcha', CP_CALCULATEDFIELDSF_DEFAULT_cv_enable_captcha) != 'false' && (strtolower($_GET['hdcaptcha_cp_calculated_fields_form_post']) != strtolower($_SESSION['rand_code' . $sequence]) || $_SESSION['rand_code' . $sequence] == '')) { echo 'captchafailed'; exit; } // Check the honeypot if (($honeypot = get_option('CP_CALCULATEDFIELDSF_HONEY_POT', '')) !== '' && !empty($_REQUEST[$honeypot])) { exit; } // if this isn't the real post (it was the captcha verification) then echo ok and exit if ('POST' != $_SERVER['REQUEST_METHOD'] || !isset($_POST['cp_calculatedfieldsf_pform_process'])) { echo 'ok'; exit; } // get form info //--------------------------- $paypal_zero_payment = cp_calculatedfieldsf_get_option('paypal_zero_payment', CP_CALCULATEDFIELDSF_DEFAULT_PAYPAL_ZERO_PAYMENT); require_once ABSPATH . "wp-admin" . '/includes/file.php'; $form_data = cp_calculatedfieldsf_get_option('form_structure', CP_CALCULATEDFIELDSF_DEFAULT_form_structure); $fields = array(); $choicesTxt = array(); // List of choices texts in fields where exits $choicesVal = array(); // List of choices vals in fields where exits foreach ($form_data[0] as $item) { $fields[$item->name] = $item; if (property_exists($item, 'choicesVal') && property_exists($item, 'choices')) { $choicesTxt[$item->name] = $item->choices; $choicesVal[$item->name] = $item->choicesVal; } if ($item->ftype == 'fPhone') { $_POST[$item->name . $sequence] = ''; for ($i = 0; $i <= substr_count($item->dformat, " "); $i++) { $_POST[$item->name . $sequence] .= $_POST[$item->name . $sequence . "_" . $i] != '' ? ($i == 0 ? '' : '-') . $_POST[$item->name . $sequence . "_" . $i] : ''; unset($_POST[$item->name . $sequence . "_" . $i]); } } } // get base price $request_cost = cp_calculatedfieldsf_get_option('request_cost', CP_CALCULATEDFIELDSF_DEFAULT_COST); $price_item = $fields[$request_cost]; $find_arr = array(',', '.'); $replace_arr = array('', '.'); if ($price_item->ftype == 'fCalculated') { $find_arr[0] = $price_item->groupingsymbol; $find_arr[1] = $price_item->decimalsymbol; } elseif ($price_item->ftype == 'fcurrency') { $find_arr[0] = $price_item->thousandSeparator; $find_arr[1] = $price_item->centSeparator; } elseif ($price_item->ftype == 'fnumber' || $price_item->ftype == 'fnumberds') { $find_arr[0] = $price_item->thousandSeparator; $find_arr[1] = $price_item->decimalSymbol; } $price = @$_POST[$request_cost . $_POST["cp_calculatedfieldsf_pform_psequence"]]; $price = preg_replace('/[^\\d\\.\\,]/', '', $price); $price = str_replace($find_arr, $replace_arr, $price); $paypal_base_amount = preg_replace('/[^\\d\\.\\,]/', '', cp_calculatedfieldsf_get_option('paypal_base_amount', 0)); $paypal_base_amount = str_replace($find_arr, $replace_arr, $paypal_base_amount); $price = max($price, $paypal_base_amount); // calculate discounts if any //--------------------------- $discount_note = ""; $coupon = false; $codes = $wpdb->get_results($wpdb->prepare("SELECT * FROM " . CP_CALCULATEDFIELDSF_DISCOUNT_CODES_TABLE_NAME . " WHERE code=%s AND expires>='" . date("Y-m-d") . " 00:00:00' AND `form_id`=%d", @$_POST["couponcode"], CP_CALCULATEDFIELDSF_ID)); if (count($codes)) { $coupon = $codes[0]; if ($coupon->availability == 1) { $coupon->discount = str_replace($find_arr, $replace_arr, $coupon->discount); $price = number_format(floatval($price) - $coupon->discount, 2); $discount_note = " (" . cp_calculatedfieldsf_get_option('currency', CP_CALCULATEDFIELDSF_DEFAULT_CURRENCY) . " " . $coupon->discount . " discount applied)"; } else { $price = number_format(floatval($price) - $price * $coupon->discount / 100, 2); $discount_note = " (" . $coupon->discount . "% discount applied)"; } } // grab posted data //--------------------------- $buffer = ""; foreach ($_POST as $item => $value) { if (array_key_exists(str_replace($_POST["cp_calculatedfieldsf_pform_psequence"], '', $item), $fields)) { $buffer .= $fields[str_replace($_POST["cp_calculatedfieldsf_pform_psequence"], '', $item)]->title . ": " . (is_array($value) ? implode(", ", $value) : $value) . "\n\n"; $params[str_replace($_POST["cp_calculatedfieldsf_pform_psequence"], '', $item)] = $value; } } foreach ($_FILES as $item => $value) { $item = str_replace($_POST["cp_calculatedfieldsf_pform_psequence"], '', $item); if (isset($fields[$item])) { $files_names_arr = array(); $files_links_arr = array(); $files_urls_arr = array(); for ($f = 0; $f < count($value['name']); $f++) { if (!empty($value['name'][$f])) { $uploaded_file = array('name' => $value['name'][$f], 'type' => $value['type'][$f], 'tmp_name' => $value['tmp_name'][$f], 'error' => $value['error'][$f], 'size' => $value['size'][$f]); if (cp_calculatedfieldsf_check_upload($uploaded_file)) { $movefile = wp_handle_upload($uploaded_file, array('test_form' => false)); if (empty($movefile['error'])) { $files_links_arr[] = $params[$item . "_link"][$f] = $movefile["file"]; $files_urls_arr[] = $params[$item . "_url"][$f] = $movefile["url"]; $files_names_arr[] = $uploaded_file['name']; } } } } $joinned_files_names = implode(", ", $files_names_arr); $buffer .= $fields[$item]->title . ": " . $joinned_files_names . "\n\n"; $params[$item] = $joinned_files_names; $params[$item . "_links"] = implode(",", $files_links_arr); $params[$item . "_urls"] = implode(",", $files_urls_arr); } } $buffer_A = $buffer; $params["final_price"] = $price; $params["coupon"] = $coupon ? $coupon->code . $discount_note : ""; if (@$_POST["bccf_payment_option_paypal"] == '1') { $params["payment_option"] = cp_calculatedfieldsf_get_option('enable_paypal_option_yes', CP_CALCULATEDFIELDSF_PAYPAL_OPTION_YES); } else { if (@$_POST["bccf_payment_option_paypal"] == '0') { $params["payment_option"] = cp_calculatedfieldsf_get_option('enable_paypal_option_no', CP_CALCULATEDFIELDSF_PAYPAL_OPTION_NO); } } // insert into database //--------------------------------- @(include_once dirname(__FILE__) . '/cp_calculatedfieldsf_insert_in_database.php'); $to = cp_calculatedfieldsf_get_option('cu_user_email_field', CP_CALCULATEDFIELDSF_DEFAULT_cu_user_email_field); $to = explode(',', $to); $to_arr = array(); foreach ($to as $index => $value) { $value .= $_POST["cp_calculatedfieldsf_pform_psequence"]; $_POST[$value] = trim(@$_POST[$value]); if (!empty($_POST[$value])) { $to_arr[] = $_POST[$value]; } } $rows_affected = $wpdb->insert(CP_CALCULATEDFIELDSF_POSTS_TABLE_NAME, array('formid' => CP_CALCULATEDFIELDSF_ID, 'time' => current_time('mysql'), 'ipaddr' => $_SERVER['REMOTE_ADDR'], 'notifyto' => implode(',', $to_arr), 'paypal_post' => @serialize($params), 'data' => $buffer_A . ($coupon ? "\n\nCoupon code:" . $coupon->code . $discount_note : "")), array('%d', '%s', '%s', '%s', '%s', '%s')); if (!$rows_affected) { _e('Error saving data! Please try again.', 'calculated-fields-form'); _e('<br /><br />Error debug information: ', 'calculated-fields-form'); $wpdb->print_error(); exit; } $myrows = $wpdb->get_results("SELECT MAX(id) as max_id FROM " . CP_CALCULATEDFIELDSF_POSTS_TABLE_NAME); // saved data here $item_number = $myrows[0]->max_id; // Call action for data processing //--------------------------------- $params['itemnumber'] = $item_number; do_action('cp_calculatedfieldsf_process_data', $params); $paypal_optional = cp_calculatedfieldsf_get_option('enable_paypal', CP_CALCULATEDFIELDSF_DEFAULT_ENABLE_PAYPAL) == '2'; if ((floatval($price) >= 0 && !$paypal_zero_payment || floatval($price) > 0 && $paypal_zero_payment) && cp_calculatedfieldsf_get_option('enable_paypal', CP_CALCULATEDFIELDSF_DEFAULT_ENABLE_PAYPAL) && (!$paypal_optional || @$_POST["bccf_payment_option_paypal"] == '1')) { if (cp_calculatedfieldsf_get_option('paypal_mode', CP_CALCULATEDFIELDSF_DEFAULT_PAYPAL_MODE) == "sandbox") { $ppurl = 'https://www.sandbox.paypal.com/cgi-bin/webscr'; } else { $ppurl = 'https://www.paypal.com/cgi-bin/webscr'; } if (cp_calculatedfieldsf_get_option('paypal_notiemails', '0') == '1') { cp_calculatedfieldsf_process_ready_to_go_reservation($item_number, "", $params, $fields); } $_SESSION['cp_cff_form_data'] = $item_number; ?> <html> <head><title>Redirecting to Paypal...</title></head> <body> <form action="<?php echo $ppurl; ?> " name="ppform3" method="post"> <input type="hidden" name="business" value="<?php echo cp_calculatedfieldsf_get_option('paypal_email', CP_CALCULATEDFIELDSF_DEFAULT_PAYPAL_EMAIL); ?> " /> <?php $paypal_item_name = cp_calculatedfieldsf_get_option('paypal_product_name', CP_CALCULATEDFIELDSF_DEFAULT_PRODUCT_NAME) . (@$_POST["services"] ? ": " . trim($services_formatted[1]) : "") . $discount_note; foreach ($params as $item => $value) { $paypal_item_name = str_replace('<%' . $item . '%>', is_array($value) ? implode(", ", $value) : $value, $paypal_item_name); } ?> <input type="hidden" name="item_name" value="<?php echo esc_attr($paypal_item_name); ?> " /> <input type="hidden" name="item_number" value="<?php echo $item_number; ?> " /> <input type="hidden" name="email" value="<?php echo @$_POST[$to]; ?> " /> <?php $paypal_recurrent = cp_calculatedfieldsf_get_option('paypal_recurrent', CP_CALCULATEDFIELDSF_DEFAULT_PAYPAL_RECURRENT); $paypal_recurrent_setup = cp_calculatedfieldsf_get_option('paypal_recurrent_setup', ''); $paypal_recurrent_setup_days = cp_calculatedfieldsf_get_option('paypal_recurrent_setup_days', '15'); if (strpos($paypal_recurrent, 'field') !== false) { if (!empty($params[$paypal_recurrent]) && !empty($choicesTxt[$paypal_recurrent]) && !empty($choicesVal[$paypal_recurrent]) && ($index = array_search($params[$paypal_recurrent], $choicesTxt[$paypal_recurrent])) !== false) { $paypal_recurrent = $choicesVal[$paypal_recurrent][$index]; } } $paypal_recurrent = intval($paypal_recurrent); if ($paypal_recurrent == 0) { ?> <input type="hidden" name="cmd" value="_xclick" /> <input type="hidden" name="bn" value="NetFactorSL_SI_Custom" /> <input type="hidden" name="amount" value="<?php echo $price; ?> " /> <?php } else { if ($paypal_recurrent_setup != '') { ?> <input type="hidden" name="a1" value="<?php echo $paypal_recurrent_setup; ?> "> <input type="hidden" name="p1" value="<?php echo $paypal_recurrent_setup_days; ?> "> <input type="hidden" name="t1" value="D"> <?php } ?> <input type="hidden" name="cmd" value="_xclick-subscriptions"> <input type="hidden" name="bn" value="NetFactorSL_SI_Custom"> <input type="hidden" name="a3" value="<?php echo $price; ?> "> <input type="hidden" name="p3" value="<?php echo $paypal_recurrent; ?> "> <input type="hidden" name="t3" value="M"> <input type="hidden" name="src" value="1"> <input type="hidden" name="sra" value="1"> <?php } ?> <input type="hidden" name="page_style" value="Primary" /> <input type="hidden" name="no_shipping" value="1" /> <input type="hidden" name="return" value="<?php echo cp_calculatedfieldsf_get_option('fp_return_page', CP_CALCULATEDFIELDSF_DEFAULT_fp_return_page); ?> "> <input type="hidden" name="cancel_return" value="<?php echo $_POST["cp_ref_page"]; ?> " /> <input type="hidden" name="no_note" value="1" /> <input type="hidden" name="currency_code" value="<?php echo strtoupper(cp_calculatedfieldsf_get_option('currency', CP_CALCULATEDFIELDSF_DEFAULT_CURRENCY)); ?> " /> <input type="hidden" name="lc" value="<?php echo cp_calculatedfieldsf_get_option('paypal_language', CP_CALCULATEDFIELDSF_DEFAULT_PAYPAL_LANGUAGE); ?> " /> <input type="hidden" name="notify_url" value="<?php echo cp_calculatedfieldsf_get_site_url(); ?> /?cp_calculatedfieldsf_ipncheck=1&itemnumber=<?php echo $item_number; ?> " /> <input type="hidden" name="ipn_test" value="1" /> <input class="pbutton" type="hidden" value="Buy Now" /></div> </form> <script type="text/javascript"> document.ppform3.submit(); </script> </body> </html> <?php exit; } else { cp_calculatedfieldsf_process_ready_to_go_reservation($item_number, "", $params, $fields); $_SESSION['cp_cff_form_data'] = $item_number; $redirect = true; /** * Filters applied to decide if the website should be redirected to the thank you page after submit the form, * pass a boolean as parameter and returns a boolean */ $redirect = apply_filters('cpcff_redirect', $redirect); if ($redirect) { $location = cp_calculatedfieldsf_get_option('fp_return_page', CP_CALCULATEDFIELDSF_DEFAULT_fp_return_page); header("Location: " . $location); exit; } } }
function cp_calculated_fields_form_check_posted_data() { global $wpdb; if ('POST' == $_SERVER['REQUEST_METHOD'] && isset($_POST['cp_calculatedfieldsf_post_options']) && is_admin()) { cp_calculatedfieldsf_save_options(); if (isset($_POST['preview'])) { print '<!DOCTYPE html><html><head><meta charset="UTF-8"></head><body>'; print cp_calculatedfieldsf_filter_content(array('id' => $_POST['cp_calculatedfieldsf_id'])); wp_footer(); print '</body></html>'; exit; } return; } }