function upload_file() { global $CONF_FE, $_TABLES, $GLOBALS, $_CONF; //upload the file $field_name = COM_applyFilter($_POST['current_upload_file']); $result_id = COM_applyFilter($_POST['res_id'], true); $form_id = COM_applyFilter($_POST['form_id'], true); $uploadfile = $_FILES[$field_name]; $fieldID = COM_applyFilter($_REQUEST['field_id'], true); if ($result_id == 0) { //form has not been saved yet $result_id = nexform_dbsave($form_id, 0, false); } if (($rec = nexform_check4files($result_id, $field_name)) != 0) { $retval = ''; $retval .= " <a href=\"{$CONF_FE['public_url']}/download.php?id={$rec}\" target=\"_new\">"; $retval .= "<img src=\"{$CONF_FE['image_url']}/document_sm.gif\" border=\"0\">{$uploadfile['name'][0]}</a> "; $edit_group = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$form_id}'"); if (SEC_inGroup($edit_group)) { $retval .= "<a href=\"#\" onClick='ajaxDeleteFile({$fieldID},{$rec},\"{$field_name}\"); return false;'>"; $retval .= "<img src=\"{$CONF_FE['image_url']}/delete.gif\" border=\"0\"></a> "; } $iserror = 'false'; } else { //COM_fileLog("upload error:" . $GLOBALS['fe_errmsg']); $errmsg = $GLOBALS['fe_errmsg']; $err_fieldname = 'error_' . ppRandomFilename(); $retval = ''; if ($errmsg == '') { $errmsg = 'Your file could not be uploaded.'; } $retval .= "<table id=\"tbl_{$err_fieldname}\"><tr id=\"{$err_fieldname}\"><td><img src=\"{$_CONF['layout_url']}/nexform/images/error.gif\"></td><td>{$errmsg}<br><center><font size=\"1\"><a href=\"#\" onClick=\"ajaxClearErrorMessage('{$err_fieldname}'); return false;\">[ Clear Message ]</a></font></center></td></tr></table>"; $iserror = 'true'; } return array($retval, $fieldID, $field_name, $form_id, $result_id, $iserror); }
function nexform_emailresults() { global $_USER, $_TABLES, $_CONF, $_POST, $form_id; $date = time(); if (!isset($_USER['uid'])) { $username = '******'; } else { $username = DB_getItem($_TABLES['users'], 'fullname', "uid={$_USER['uid']}"); } $date = COM_getUserDateTimeFormat(); $formname = DB_getItem($_TABLES['nxform_definitions'], 'name', "id='{$form_id}'"); $heading = 'Results from submitted form => Form name: ' . $formname; $page = new Template($_CONF['path_layout'] . 'nexform'); $page->set_file(array('page' => 'emailform.thtml', 'records' => 'emailrecords.thtml')); $page->set_var('LANG_date', 'Date'); $page->set_var('date', $date[0]); $page->set_var('heading', $heading); $page->set_var('LANG_postedby', 'Submitted By'); $page->set_var('postedby_name', $username); $page->set_var('begin_data', '=============SUBMITTED DATA FROM FORM ============='); $page->set_var('end_data', '==================== END OF DATA ===================='); foreach ($_POST as $var => $value) { if ($var != 'form_id' and $var != 'formhandler') { /* The variable names contain the fieldtype and fieldid */ /* XXX_form{formid}_{fieldid} - where XXX is the fieldtype */ $parts = explode('_', $var); $fieldtype = $parts[0]; $field_id = (int) $parts[2]; /* Check if this field is a textarea field */ if ($fieldtype == 'ta1' or $fieldtype == 'ta2') { if ($fieldtype == 'ta1') { $value = COM_checkWords(COM_checkHTML(COM_killJS($value))); } else { $value = COM_checkWords(COM_killJS($value)); } $label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'"); $page->set_var('label', $label); $page->set_var('field_value', $value); $page->parse('email_records', 'records', true); } elseif ($fieldtype == 'mchk') { if (is_array($value)) { $value = implode(',', $value); } $label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'"); $page->set_var('label', $label); $page->set_var('field_value', $value); $page->parse('email_records', 'records', true); } elseif ($fieldtype != 'sub' and $fieldtype != 'btn') { $value = COM_checkWords(COM_checkHTML(COM_killJS($value))); $label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'"); $page->set_var('label', $label); $page->set_var('field_value', $value); $page->parse('email_records', 'records', true); } } } /* Check for any uploaded files */ $filelinks = nexform_check4files(); if ($filelinks != '') { $page->set_var('label', 'Attachments'); $page->set_var('field_value', $filelinks); $page->parse('email_records', 'records', true); } $page->parse('output', 'page'); $message = $page->finish($page->get_var('output')); //echo "<br>Send message:<br>$message"; $to = DB_getItem($_TABLES['nxform_definitions'], 'post_option', "id='{$form_id}'"); COM_mail($to, $heading, $message); }