function upload_file()
{
global $CONF_FE, $_TABLES, $GLOBALS, $_CONF;
//upload the file
$field_name = COM_applyFilter($_POST['current_upload_file']);
$result_id = COM_applyFilter($_POST['res_id'], true);
$form_id = COM_applyFilter($_POST['form_id'], true);
$uploadfile = $_FILES[$field_name];
$fieldID = COM_applyFilter($_REQUEST['field_id'], true);
if ($result_id == 0) {
//form has not been saved yet
$result_id = nexform_dbsave($form_id, 0, false);
}
if (($rec = nexform_check4files($result_id, $field_name)) != 0) {
$retval = '';
$retval .= " <a href=\"{$CONF_FE['public_url']}/download.php?id={$rec}\" target=\"_new\">";
$retval .= "<img src=\"{$CONF_FE['image_url']}/document_sm.gif\" border=\"0\">{$uploadfile['name'][0]}</a> ";
$edit_group = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$form_id}'");
if (SEC_inGroup($edit_group)) {
$retval .= "<a href=\"#\" onClick='ajaxDeleteFile({$fieldID},{$rec},\"{$field_name}\"); return false;'>";
$retval .= "<img src=\"{$CONF_FE['image_url']}/delete.gif\" border=\"0\"></a> ";
}
$iserror = 'false';
} else {
//COM_fileLog("upload error:" . $GLOBALS['fe_errmsg']);
$errmsg = $GLOBALS['fe_errmsg'];
$err_fieldname = 'error_' . ppRandomFilename();
$retval = '';
if ($errmsg == '') {
$errmsg = 'Your file could not be uploaded.';
}
$retval .= "<table id=\"tbl_{$err_fieldname}\"><tr id=\"{$err_fieldname}\"><td><img src=\"{$_CONF['layout_url']}/nexform/images/error.gif\"></td><td>{$errmsg}<br><center><font size=\"1\"><a href=\"#\" onClick=\"ajaxClearErrorMessage('{$err_fieldname}'); return false;\">[ Clear Message ]</a></font></center></td></tr></table>";
$iserror = 'true';
}
return array($retval, $fieldID, $field_name, $form_id, $result_id, $iserror);
}
function nexform_emailresults()
{
global $_USER, $_TABLES, $_CONF, $_POST, $form_id;
$date = time();
if (!isset($_USER['uid'])) {
$username = '******';
} else {
$username = DB_getItem($_TABLES['users'], 'fullname', "uid={$_USER['uid']}");
}
$date = COM_getUserDateTimeFormat();
$formname = DB_getItem($_TABLES['nxform_definitions'], 'name', "id='{$form_id}'");
$heading = 'Results from submitted form => Form name: ' . $formname;
$page = new Template($_CONF['path_layout'] . 'nexform');
$page->set_file(array('page' => 'emailform.thtml', 'records' => 'emailrecords.thtml'));
$page->set_var('LANG_date', 'Date');
$page->set_var('date', $date[0]);
$page->set_var('heading', $heading);
$page->set_var('LANG_postedby', 'Submitted By');
$page->set_var('postedby_name', $username);
$page->set_var('begin_data', '=============SUBMITTED DATA FROM FORM =============');
$page->set_var('end_data', '==================== END OF DATA ====================');
foreach ($_POST as $var => $value) {
if ($var != 'form_id' and $var != 'formhandler') {
/* The variable names contain the fieldtype and fieldid */
/* XXX_form{formid}_{fieldid} - where XXX is the fieldtype */
$parts = explode('_', $var);
$fieldtype = $parts[0];
$field_id = (int) $parts[2];
/* Check if this field is a textarea field */
if ($fieldtype == 'ta1' or $fieldtype == 'ta2') {
if ($fieldtype == 'ta1') {
$value = COM_checkWords(COM_checkHTML(COM_killJS($value)));
} else {
$value = COM_checkWords(COM_killJS($value));
}
$label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'");
$page->set_var('label', $label);
$page->set_var('field_value', $value);
$page->parse('email_records', 'records', true);
} elseif ($fieldtype == 'mchk') {
if (is_array($value)) {
$value = implode(',', $value);
}
$label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'");
$page->set_var('label', $label);
$page->set_var('field_value', $value);
$page->parse('email_records', 'records', true);
} elseif ($fieldtype != 'sub' and $fieldtype != 'btn') {
$value = COM_checkWords(COM_checkHTML(COM_killJS($value)));
$label = DB_getItem($_TABLES['nxform_fields'], 'label', "id='{$field_id}'");
$page->set_var('label', $label);
$page->set_var('field_value', $value);
$page->parse('email_records', 'records', true);
}
}
}
/* Check for any uploaded files */
$filelinks = nexform_check4files();
if ($filelinks != '') {
$page->set_var('label', 'Attachments');
$page->set_var('field_value', $filelinks);
$page->parse('email_records', 'records', true);
}
$page->parse('output', 'page');
$message = $page->finish($page->get_var('output'));
//echo "<br>Send message:<br>$message";
$to = DB_getItem($_TABLES['nxform_definitions'], 'post_option', "id='{$form_id}'");
COM_mail($to, $heading, $message);
}
