} ### assemble text & html email if ($cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_form'] && !$cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_email'] && $cformsSettings['form' . $no]['cforms' . $no . '_mp']['mp_next'] == -1 && is_array($_SESSION['cforms'])) { $track = allTracks($_SESSION['cforms']); $ongoingSession = '0'; } ### debug db('$track = ' . print_r($track, 1)); $r = formatEmail($track, $no); $formdata = $r['text']; $htmlformdata = $r['html']; ### ### FIRST into the database is required! ### global $subID; $subID = $isTAF == '2' && !$send2author ? 'noid' : write_tracking_record($no, $field_email); ### ### allow the user to use form data for other apps ### $trackf['id'] = $no; $trackf['data'] = $track; if (function_exists('my_cforms_action')) { my_cforms_action($trackf); } ### ### set reply-to & watch out for T-A-F ### $replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_email'])); ### WP comment form > email to author if ($isTAF == '2' && $track['send2author'] == '1') { $to = $wpdb->get_results("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = " . $_POST['comment_post_ID' . $no] . " AND U.ID=P.post_author");
function cforms_submitcomment($content) { global $cformsSettings, $wpdb, $subID, $smtpsettings, $track, $trackf, $Ajaxpid, $AjaxURL, $wp_locale, $abspath; $WPsuccess = false; ### WP Comment flag $isAjaxWPcomment = strpos($content, '***'); ### WP comment feature $content = explode('***', $content); $content = $content[0]; $content = explode('+++', $content); ### Added special fields if (count($content) > 3) { $commentparent = $content[1]; $Ajaxpid = $content[2]; $AjaxURL = $content[3]; } else { $Ajaxpid = $content[1]; $AjaxURL = $content[2]; } $segments = explode('$#$', $content[0]); $params = array(); $sep = strpos(__FILE__, '/') === false ? '\\' : '/'; $WPpluggable = $abspath . 'wp-includes' . $sep . 'pluggable.php'; if (file_exists($WPpluggable)) { require_once $WPpluggable; } $CFfunctionsC = dirname(dirname(__FILE__)) . $cformsSettings['global']['cforms_IIS'] . 'cforms-custom' . $cformsSettings['global']['cforms_IIS'] . 'my-functions.php'; $CFfunctions = dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . 'my-functions.php'; if (file_exists($CFfunctionsC)) { include_once $CFfunctionsC; } else { if (file_exists($CFfunctions)) { include_once $CFfunctions; } } if (function_exists('wp_get_current_user')) { $user = wp_get_current_user(); } for ($i = 1; $i <= sizeof($segments); $i++) { $params['field_' . $i] = $segments[$i]; } ### fix reference to first form if ($segments[0] == '1') { $params['id'] = $no = ''; } else { $params['id'] = $no = $segments[0]; } ### TAF flag $isTAF = substr($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'], 0, 1); ### user filter ? if (function_exists('my_cforms_ajax_filter')) { $params = my_cforms_ajax_filter($params); } ### init variables $track = array(); $trackinstance = array(); $to_one = -1; $ccme = false; $field_email = ''; $off = 0; $fieldsetnr = 1; $taf_youremail = false; $taf_friendsemail = false; ### form limit reached if ($cformsSettings['form' . $no]['cforms' . $no . '_maxentries'] != '' && get_cforms_submission_left($no) == 0 || !cf_check_time($no)) { $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1); return $pre . preg_replace('|\\r\\n|', '<br />', stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_limittxt'])) . $hide; } ### for comment luv get_currentuserinfo(); global $user_level; ### Subscribe-To-Comments $isSubscribed == ''; if (class_exists('sg_subscribe')) { global $sg_subscribe; sg_subscribe_start(); $isSubscribed = $sg_subscribe->current_viewer_subscription_status(); } $captchaopt = $cformsSettings['global']['cforms_captcha_def']; for ($i = 1; $i <= sizeof($params) - 2; $i++) { $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]); while (in_array($field_stat[1], array('fieldsetstart', 'fieldsetend', 'textonly', 'captcha', 'verification'))) { if ($field_stat[1] == 'captcha' && !(is_user_logged_in() && !$captchaopt['fo'] == '1')) { break; } if ($field_stat[1] == 'verification' && !(is_user_logged_in() && !$captchaopt['foqa'] == '1')) { break; } if ($field_stat[1] == 'fieldsetstart') { $track['$$$' . ((int) $i + (int) $off)] = 'Fieldset' . $fieldsetnr; $track['Fieldset' . $fieldsetnr++] = $field_stat[0]; } elseif ($field_stat[1] == 'fieldsetend') { $track['FieldsetEnd' . $fieldsetnr++] = '--'; } ### get next in line... $off++; $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]); if ($field_stat[1] == '') { break 2; } ### all fields searched, break both while & for } ### filter all redundant WP comment fields if user is logged in while (in_array($field_stat[1], array('cauthor', 'email', 'url')) && $user->ID) { $temp = explode('|', $field_stat[0], 3); ### get field name $temp = explode('#', $temp[0], 2); switch ($field_stat[1]) { case 'cauthor': $track['cauthor'] = $track[$temp[0]] = $user->display_name; $track['$$$' . ((int) $i + (int) $off)] = $temp[0]; break; case 'email': $track['email'] = $track[$temp[0]] = $field_email = $user->user_email; $track['$$$' . ((int) $i + (int) $off)] = $temp[0]; break; case 'url': $track['url'] = $track[$temp[0]] = $user->user_url; $track['$$$' . ((int) $i + (int) $off)] = $temp[0]; break; } $off++; $field_stat = explode('$#$', $cformsSettings['form' . $no]['cforms' . $no . '_count_field_' . ((int) $i + (int) $off)]); if ($field_stat[1] == '') { break 2; } ### all fields searched, break both while & for } $field_name = $field_stat[0]; $field_type = $field_stat[1]; ### remove [id: ] first if (strpos($field_name, '[id:') !== false) { $idPartA = strpos($field_name, '[id:'); $idPartB = strpos($field_name, ']', $idPartA); $customTrackingID = substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4); $field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1); } else { $customTrackingID = ''; } ### dissect field $obj = explode('|', $field_name, 3); ### strip out default value $field_name = $obj[0]; ### special WP comment fields if (in_array($field_stat[1], array('luv', 'subscribe', 'cauthor', 'email', 'url', 'comment', 'send2author'))) { $temp = explode('#', $field_name, 2); if ($temp[0] == '') { $field_name = $field_stat[1]; } else { $field_name = $temp[0]; } ### keep copy of values $track[$field_stat[1]] = stripslashes($params['field_' . $i]); if ($field_stat[1] == 'email') { $field_email = $params['field_' . $i]; } } ### special Tell-A-Friend fields if ($taf_friendsemail == '' && $field_type == 'friendsemail' && $field_stat[3] == '1') { $field_email = $taf_friendsemail = $params['field_' . $i]; } if ($taf_youremail == '' && $field_type == 'youremail' && $field_stat[3] == '1') { $taf_youremail = $params['field_' . $i]; } if ($field_type == 'friendsname') { $taf_friendsname = $params['field_' . $i]; } if ($field_type == 'yourname') { $taf_yourname = $params['field_' . $i]; } ### lets find an email field ("Is Email") and that's not empty! if ($field_email == '' && $field_stat[3] == '1') { $field_email = $params['field_' . $i]; } ### special case: select & radio if ($field_type == "multiselectbox" || $field_type == "selectbox" || $field_type == "radiobuttons" || $field_type == "checkboxgroup") { $field_name = explode('#', $field_name); $field_name = $field_name[0]; } ### special case: check box if ($field_type == "checkbox" || $field_type == "ccbox") { $field_name = explode('#', $field_name); $field_name = $field_name[1] == '' ? $field_name[0] : $field_name[1]; $field_name = explode('|', $field_name); $field_name = $field_name[0]; ### if ccbox & checked if ($field_type == "ccbox" && $params['field_' . $i] != "-") { $ccme = 'field_' . $i; } } if ($field_type == "emailtobox") { ### special case where the value needs to bet get from the DB! $to_one = $params['field_' . $i]; $field_name = explode('#', $field_stat[0]); ### can't use field_name, since '|' check earlier $tmp = explode('|', $field_name[$to_one + 1]); ### remove possible |set:true $value = $tmp[0]; ### values start from 0 or after! $to = $replyto = stripslashes($tmp[1]); $field_name = $field_name[0]; } else { if (strtoupper(get_option('blog_charset')) != 'UTF-8' && function_exists('mb_convert_encoding')) { $value = mb_convert_encoding(utf8_decode(stripslashes($params['field_' . $i])), get_option('blog_charset')); } else { $value = stripslashes($params['field_' . $i]); } } ### only if hidden! if ($field_type == 'hidden') { $value = rawurldecode($value); } ### Q&A verification if ($field_type == "verification") { $field_name = __('Q&A', 'cforms'); } ### determine tracked field name $inc = ''; $trackname = trim($field_name); if (array_key_exists($trackname, $track)) { if ($trackinstance[$trackname] == '') { $trackinstance[$trackname] = 2; } $inc = '___' . $trackinstance[$trackname]++; } $track['$$$' . (int) ($i + $off)] = $trackname . $inc; $track[$trackname . $inc] = $value; if ($customTrackingID != '') { $track['$$$' . $customTrackingID] = $trackname . $inc; } } ### for ### assemble text & html email $r = formatEmail($track, $no); $formdata = $r['text']; $htmlformdata = $r['html']; ### ### record: ### $subID = $isTAF == '2' && $track['send2author'] != '1' ? 'noid' : write_tracking_record($no, $field_email); ### ### allow the user to use form data for other apps ### $trackf['id'] = $no; $trackf['data'] = $track; if (function_exists('my_cforms_action')) { my_cforms_action($trackf); } ### Catch WP-Comment function | if send2author just continue if ($isAjaxWPcomment !== false && $track['send2author'] == '0') { require_once dirname(__FILE__) . '/lib_WPcomment.php'; ### Catch WP-Comment function: error if (!$WPsuccess) { return $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1) . $WPresp . '|---'; } } ### Catch WP-Comment function ### multiple recipients? and to whom is the email sent? to_one = picked recip. if ($isAjaxWPcomment !== false && $track['send2author'] == '1') { $to = $wpdb->get_results("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = {$Ajaxpid} AND U.ID=P.post_author"); $to = $replyto = $to[0]->user_email != '' ? $to[0]->user_email : $replyto; } else { if (!($to_one != -1 && $to != '')) { $to = $replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_email'])); } } ### from $frommail = check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track, $no); ### T-A-F override? if ($isTAF == '1' && $taf_youremail && $taf_friendsemail) { $replyto = "\"{$taf_yourname}\" <{$taf_youremail}>"; } ### logic: dynamic admin email address if (function_exists('my_cforms_logic')) { $to = my_cforms_logic($trackf, $to, 'adminTO'); } ### use trackf! ### either use configured subject or user determined $vsubject = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_subject']); $vsubject = check_default_vars($vsubject, $no); $vsubject = check_cust_vars($vsubject, $track, $no); ### prep message text, replace variables $message = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header']); if (function_exists('my_cforms_logic')) { $message = my_cforms_logic($trackf, $message, 'adminEmailTXT'); } $message = check_default_vars($message, $no); $message = check_cust_vars($message, $track, $no); ### actual user message $htmlmessage = ''; if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 2, 1) == '1') { $htmlmessage = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_header_html']); if (function_exists('my_cforms_logic')) { $htmlmessage = my_cforms_logic($trackf, $htmlmessage, 'adminEmailHTML'); } $htmlmessage = check_default_vars($htmlmessage, $no); $htmlmessage = check_cust_vars($htmlmessage, $track, $no); } $mail = new cf_mail($no, $frommail, $to, $field_email, true); $mail->subj = $vsubject; $mail->char_set = 'utf-8'; ### HTML email if ($mail->html_show) { $mail->is_html(true); $mail->body = "<html>" . $mail->eol . "<body>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol; $mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } else { $mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } ### SMTP server or native PHP mail() ? if ($cformsSettings['form' . $no]['cforms' . $no . '_emailoff'] == '1' || $WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] != '21') { $sentadmin = 1; } else { if ($smtpsettings[0] == '1') { $sentadmin = cforms_phpmailer($no, $frommail, $field_email, $to, $vsubject, $message, $formdata, $htmlmessage, $htmlformdata); } else { $sentadmin = $mail->send(); } } if ($sentadmin == 1) { ### send copy or notification? if ($cformsSettings['form' . $no]['cforms' . $no . '_confirm'] == '1' && $field_email != '' || $ccme && $trackf[$ccme] != '-') { $frommail = check_cust_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_fromemail']), $track, $no); ### actual user message $cmsg = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg']); if (function_exists('my_cforms_logic')) { $cmsg = my_cforms_logic($trackf, $cmsg, 'autoConfTXT'); } $cmsg = check_default_vars($cmsg, $no); $cmsg = check_cust_vars($cmsg, $track, $no); ### HTML text $cmsghtml = ''; if (substr($cformsSettings['form' . $no]['cforms' . $no . '_formdata'], 3, 1) == '1') { $cmsghtml = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_cmsg_html']); if (function_exists('my_cforms_logic')) { $cmsghtml = my_cforms_logic($trackf, $cmsghtml, 'autoConfHTML'); } $cmsghtml = check_default_vars($cmsghtml, $no); $cmsghtml = check_cust_vars($cmsghtml, $track, $no); } ### subject $subject2 = stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_csubject']); $subject2 = check_default_vars($subject2, $no); $subject2 = check_cust_vars($subject2, $track, $no); ### different cc & ac subjects? $s = explode('$#$', $subject2); $s[1] = $s[1] != '' ? $s[1] : $s[0]; ### email tracking via 3rd party? ### if in Tell-A-Friend Mode, then overwrite header stuff... if ($taf_youremail && $taf_friendsemail && $isTAF == '1') { $field_email = "\"{$taf_friendsname}\" <{$taf_friendsemail}>"; } else { $field_email = $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] != '' ? $field_email . $cformsSettings['form' . $no]['cforms' . $no . '_tracking'] : $field_email; } $mail = new cf_mail($no, $frommail, $field_email, $replyto); ### auto conf attachment? $a = $cformsSettings['form' . $no]['cforms' . $no . '_cattachment'][0]; $a = substr($a, 0, 1) == '/' ? $a : dirname(__FILE__) . $cformsSettings['global']['cforms_IIS'] . $a; if ($a != '' && file_exists($a)) { $n = substr($a, strrpos($a, $cformsSettings['global']['cforms_IIS']) + 1, strlen($a)); $m = getMIME(strtolower(substr($n, strrpos($n, '.') + 1, strlen($n)))); $mail->add_file($a, $n, 'base64', $m); ### optional name } $mail->char_set = 'utf-8'; ### CC or auto conf? if ($ccme && $trackf[$ccme] != '-') { if ($smtpsettings[0] == '1') { $sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[1], $message, $formdata, $htmlmessage, $htmlformdata, 'ac'); } else { $mail->subj = $s[1]; if ($mail->html_show_ac) { $mail->is_html(true); $mail->body = "<html>" . $mail->eol . "<body>" . $htmlmessage . ($mail->f_html ? $mail->eol . $htmlformdata : '') . $mail->eol . "</body></html>" . $mail->eol; $mail->body_alt = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } else { $mail->body = $message . ($mail->f_txt ? $mail->eol . $formdata : ''); } $sent = $mail->send(); } } else { if ($smtpsettings[0] == '1') { $sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, $s[0], $cmsg, '', $cmsghtml, '', 'ac'); } else { $mail->subj = $s[0]; if ($mail->html_show_ac) { $mail->is_html(true); $mail->body = "<html>" . $mail->eol . "<body>" . $cmsghtml . "</body></html>" . $mail->eol; $mail->body_alt = $cmsg; } else { $mail->body = $cmsg; } $sent = $mail->send(); } } if ($sent != '1') { $err = __('Error occurred while sending the auto confirmation message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sent : $mail->ErrorInfo; $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1); return $pre . $err . '|!!!'; } } ### cc ### return success msg $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 0, 1); $successMsg = check_default_vars(stripslashes($cformsSettings['form' . $no]['cforms' . $no . '_success']), $no); $successMsg = check_cust_vars($successMsg, $track, $no); $successMsg = str_replace($mail->eol, '<br />', $successMsg); ### logic: possibly change usermessage if (function_exists('my_cforms_logic')) { $successMsg = my_cforms_logic($trackf, $successMsg, 'successMessage'); } ### WP-Comment: override if ($WPsuccess && $cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] == '21') { $successMsg = $WPresp; } $opt = ''; ### hide? if ($cformsSettings['form' . $no]['cforms' . $no . '_hide'] || get_cforms_submission_left($no) == 0) { $opt .= '|~~~'; } ### redirect to a different page on suceess? if ($cformsSettings['form' . $no]['cforms' . $no . '_redirect']) { if (function_exists('my_cforms_logic')) { $red = my_cforms_logic($trackf, $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page'], 'redirection'); if ($red != '') { $opt .= '|>>>' . $red; } ### use trackf! } else { $opt .= '|>>>' . $cformsSettings['form' . $no]['cforms' . $no . '_redirect_page']; } } return $pre . $successMsg . $opt; } else { ### no admin mail sent! ### return error msg $err = __('Error occurred while sending the message: ', 'cforms') . '<br />' . $smtpsettings[0] ? '<br />' . $sentadmin : $mail->ErrorInfo; $pre = $segments[0] . '*$#' . substr($cformsSettings['form' . $no]['cforms' . $no . '_popup'], 1, 1); return $pre . $err . '|!!!'; } }
function cforms_submitcomment($content) { global $wpdb, $subID, $styles, $smtpsettings, $track, $Ajaxpid, $AjaxURL, $wp_locale; $isAjaxWPcomment = strpos($content, '***'); // WP comment feature $content = explode('***', $content); $content = $content[0]; $content = explode('+++', $content); // Added special fields $Ajaxpid = $content[1]; $AjaxURL = $content[2]; $segments = explode('$#$', $content[0]); $params = array(); $sep = strpos(__FILE__, '/') === false ? '\\' : '/'; $WPpluggable = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), 'wp-content')) . 'wp-includes' . $sep . 'pluggable.php'; if (file_exists($WPpluggable)) { require_once $WPpluggable; } $CFfunctions = dirname(__FILE__) . $sep . 'my-functions.php'; if (file_exists($CFfunctions)) { include_once $CFfunctions; } if (function_exists('wp_get_current_user')) { $user = wp_get_current_user(); } for ($i = 1; $i <= sizeof($segments); $i++) { $params['field_' . $i] = $segments[$i]; } // fix reference to first form if ($segments[0] == '1') { $params['id'] = $no = ''; } else { $params['id'] = $no = $segments[0]; } // user filter ? if (function_exists('my_cforms_ajax_filter')) { $params = my_cforms_ajax_filter($params); } // init variables $formdata = ''; $htmlformdata = ''; $track = array(); $trackinstance = array(); $to_one = "-1"; $ccme = false; $field_email = ''; $off = 0; $fieldsetnr = 1; $taf_youremail = false; $taf_friendsemail = false; // form limit reached if (get_option('cforms' . $no . '_maxentries') != '' && get_cforms_submission_left($no) == 0) { $pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 0, 1); return $pre . preg_replace('|\\r\\n|', '<br />', stripslashes(get_option('cforms' . $no . '_limittxt'))) . $hide; } //space for pre formatted text layout $customspace = (int) (get_option('cforms' . $no . '_space') > 0) ? get_option('cforms' . $no . '_space') : 30; for ($i = 1; $i <= sizeof($params) - 2; $i++) { $field_stat = explode('$#$', get_option('cforms' . $no . '_count_field_' . ((int) $i + (int) $off))); // filter non input fields while (in_array($field_stat[1], array('fieldsetstart', 'fieldsetend', 'textonly'))) { if ($field_stat[1] != 'textonly') { // include and make only fieldsets pretty! //just for email looks $space = '-'; $n = ($customspace * 2 + 2 - strlen($field_stat[0])) / 2; $n = $n < 0 ? 0 : $n; if (strlen($field_stat[0]) < $customspace * 2 - 2) { $space = str_repeat("-", $n); } $formdata .= substr("\n{$space}" . stripslashes($field_stat[0]) . "{$space}", 0, $customspace * 2) . "\n\n"; $htmlformdata .= '<tr><td class=3D"fs-td" colspan=3D"2">' . $field_stat[0] . '</td></tr>'; if ($field_stat[1] == 'fieldsetstart') { $track['$$$' . ((int) $i + (int) $off)] = 'Fieldset' . $fieldsetnr; $track['Fieldset' . $fieldsetnr++] = $field_stat[0]; } } //get next in line... $off++; $field_stat = explode('$#$', get_option('cforms' . $no . '_count_field_' . ((int) $i + (int) $off))); if ($field_stat[1] == '') { break 2; } // all fields searched, break both while & for } // filter all redundant WP comment fields if user is logged in while (in_array($field_stat[1], array('cauthor', 'email', 'url')) && $user->ID) { switch ($field_stat[1]) { case 'cauthor': $track['cauthor'] = $user->display_name; $track['$$$' . ((int) $i + (int) $off)] = 'cauthor'; break; case 'email': $track['email'] = $field_email = $user->user_email; $track['$$$' . ((int) $i + (int) $off)] = 'email'; break; case 'url': $track['url'] = $user->user_url; $track['$$$' . ((int) $i + (int) $off)] = 'url'; break; } $formdata .= stripslashes($field_stat[1]) . ': ' . $space . $track[$field_stat[1]] . "\n"; $htmlformdata .= '<tr><td class=3D"data-td">' . $field_stat[1] . '</td><td>' . $track[$field_stat[1]] . '</td></tr>'; $off++; $field_stat = explode('$#$', get_option('cforms' . $no . '_count_field_' . ((int) $i + (int) $off))); if ($field_stat[1] == '') { break 2; } // all fields searched, break both while & for } $field_name = $field_stat[0]; $field_type = $field_stat[1]; ### remove [id: ] first if (strpos($field_name, '[id:') !== false) { $idPartA = strpos($field_name, '[id:'); $idPartB = strpos($field_name, ']', $idPartA); $customTrackingID = substr($field_name, $idPartA + 4, $idPartB - $idPartA - 4); $field_name = substr_replace($field_name, '', $idPartA, $idPartB - $idPartA + 1); } else { $customTrackingID = ''; } // check if fields needs to be cleared $obj = explode('|', $field_name, 3); $defaultval = stripslashes($obj[1]); if ($params['field_' . $i] == $defaultval && $field_stat[4] == '1') { $params['field_' . $i] = ''; } // strip out default value $field_name = $obj[0]; // special WP comment fields if (in_array($field_stat[1], array('cauthor', 'email', 'url', 'comment', 'send2author'))) { $field_name = $field_stat[1]; if ($field_stat[1] == 'email') { $field_email = $params['field_' . $i]; } } // special Tell-A-Friend fields if ($taf_friendsemail == '' && $field_type == 'friendsemail' && $field_stat[3] == '1') { $field_email = $taf_friendsemail = $params['field_' . $i]; } if ($taf_youremail == '' && $field_type == 'youremail' && $field_stat[3] == '1') { $taf_youremail = $params['field_' . $i]; } if ($field_type == 'friendsname') { $taf_friendsname = $params['field_' . $i]; } if ($field_type == 'yourname') { $taf_yourname = $params['field_' . $i]; } // lets find an email field ("Is Email") and that's not empty! if ($field_email == '' && $field_stat[3] == '1') { $field_email = $params['field_' . $i]; } // special case: select & radio if ($field_type == "multiselectbox" || $field_type == "selectbox" || $field_type == "radiobuttons" || $field_type == "checkboxgroup") { $field_name = explode('#', $field_name); $field_name = $field_name[0]; } // special case: check box if ($field_type == "checkbox" || $field_type == "ccbox") { $field_name = explode('#', $field_name); $field_name = $field_name[1] == '' ? $field_name[0] : $field_name[1]; $field_name = explode('|', $field_name); $field_name = $field_name[0]; // if ccbox & checked if ($field_type == "ccbox" && $params['field_' . $i] != "-") { $ccme = true; } } if ($field_type == "emailtobox") { //special case where the value needs to bet get from the DB! $field_name = explode('#', $field_stat[0]); //can't use field_name, since '|' check earlier $to_one = $params['field_' . $i]; $offset = strpos($field_name[1], '|') === false ? 1 : 2; // names come usually right after the label $value = $field_name[(int) $to_one + $offset]; // values start from 0 or after! $field_name = $field_name[0]; } else { if (strtoupper(get_option('blog_charset')) != 'UTF-8' && function_exists('mb_convert_encoding')) { $value = mb_convert_encoding(utf8_decode(stripslashes($params['field_' . $i])), get_option('blog_charset')); } else { $value = stripslashes($params['field_' . $i]); } } //only if hidden! if ($field_type == 'hidden') { $value = rawurldecode($value); } // Q&A verification if ($field_type == "verification") { $field_name = __('Q&A', 'cforms'); } //for db tracking $inc = ''; $trackname = trim($field_name); if (array_key_exists($trackname, $track)) { if ($trackinstance[$trackname] == '') { $trackinstance[$trackname] = 2; } $inc = '___' . $trackinstance[$trackname]++; } $track['$$$' . (int) ($i + $off)] = $trackname . $inc; $track[$trackname . $inc] = $value; if ($customTrackingID != '') { $track['$$$' . $customTrackingID] = $trackname . $inc; } //for all equal except textareas! $htmlvalue = str_replace("=", "=3D", $value); $htmlfield_name = $field_name; // just for looks: break for textarea if ($field_type == "textarea" || $field_type == "comment") { $field_name = "\n" . $field_name; $htmlvalue = str_replace(array("=", "\n"), array("=3D", "<br />\n"), $value); $value = "\n" . $value . "\n"; } // just for looks:rest $space = ''; if (strlen(stripslashes($field_name)) < $customspace) { // don't count ->\" sometimes adds more spaces?!? $space = str_repeat(" ", $customspace - strlen(stripslashes($field_name))); } // create formdata block for email if ($field_stat[1] != 'verification' && $field_stat[1] != 'captcha') { $formdata .= stripslashes($field_name) . ': ' . $space . $value . "\n"; $htmlformdata .= '<tr><td class=3D"data-td">' . $htmlfield_name . '</td><td>' . $htmlvalue . '</td></tr>'; } } // for // assemble html formdata $htmlformdata = '<div class=3D"datablock"><table width=3D"100%" cellpadding=3D"2">' . stripslashes($htmlformdata) . '</table></div><span class=3D"cforms">powered by <a href=3D"http://www.deliciousdays.com/cforms-plugin">cformsII</a></span>'; // // allow the user to use form data for other apps // $trackf['id'] = $no; $trackf['data'] = $track; if (function_exists('my_cforms_action')) { my_cforms_action($trackf); } // Catch WP-Comment function if ($isAjaxWPcomment !== false && $track['send2author'] == '0') { require_once dirname(__FILE__) . '/lib_WPcomment.php'; if ($WPsuccess) { $hide = ''; // redirect to a different page on suceess? if (get_option('cforms' . $no . '_redirect') == 1) { return get_option('cforms' . $no . '_redirect_page'); } else { if (get_option('cforms' . $no . '_redirect') == 2) { $hide = '|~~~'; } } $pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 0, 1); return $pre . $WPresp . $hide; } else { $pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 1, 1); return $pre . $WPresp . '|---'; } } // //reply to all email recipients // $replyto = preg_replace(array('/;|#|\\|/'), array(','), stripslashes(get_option('cforms' . $no . '_email'))); // multiple recipients? and to whom is the email sent? to_one = picked recip. if ($isAjaxWPcomment !== false && $track['send2author'] == '1') { $to = $wpdb->get_results("SELECT U.user_email FROM {$wpdb->users} as U, {$wpdb->posts} as P WHERE P.ID = {$Ajaxpid} AND U.ID=P.post_author"); $to = $replyto = $to[0]->user_email != '' ? $to[0]->user_email : $replyto; } else { if ($to_one != "-1") { $all_to_email = explode(',', $replyto); $replyto = $to = $all_to_email[$to_one]; } else { $to = $replyto; } } // T-A-F override? if ($taf_youremail && $taf_friendsemail && substr(get_option('cforms' . $no . '_tellafriend'), 0, 1) == '1') { $replyto = "\"{$taf_yourname}\" <{$taf_youremail}>"; } // // FIRST write into the cforms tables! // $subID = write_tracking_record($no, $field_email); // // ready to send email // email header // $html_show = substr(get_option('cforms' . $no . '_formdata'), 2, 1) == '1' ? true : false; $fmessage = ''; $eol = "\n"; if (($frommail = stripslashes(get_option('cforms' . $no . '_fromemail'))) == '') { $frommail = '"' . get_option('blogname') . '" <wordpress@' . preg_replace('#^www\\.#', '', strtolower($_SERVER['SERVER_NAME'])) . '>'; } $headers = "From: " . $frommail . $eol; $headers .= "Reply-To: " . $field_email . $eol; if (($tempBcc = stripslashes(get_option('cforms' . $no . '_bcc'))) != "") { $headers .= "Bcc: " . $tempBcc . $eol; } $headers .= "MIME-Version: 1.0" . $eol; if ($html_show) { $headers .= "Content-Type: multipart/alternative; boundary=\"----MIME_BOUNDRY_main_message\""; $fmessage = "This is a multi-part message in MIME format." . $eol; $fmessage .= "------MIME_BOUNDRY_main_message" . $eol; $fmessage .= "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"" . $eol; $fmessage .= "Content-Transfer-Encoding: quoted-printable" . $eol . $eol; } else { $headers .= "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\""; } // prep message text, replace variables $message = get_option('cforms' . $no . '_header'); $message = check_default_vars($message, $no); $message = stripslashes(check_cust_vars($message, $track, $no)); // text text $fmessage .= $message . $eol; // need to add form data summary or is all in the header anyway? if (substr(get_option('cforms' . $no . '_formdata'), 0, 1) == '1') { $fmessage .= $eol . $formdata . $eol; } // HTML text if ($html_show) { // actual user message $htmlmessage = get_option('cforms' . $no . '_header_html'); $htmlmessage = check_default_vars($htmlmessage, $no); $htmlmessage = str_replace(array("=", "\n"), array("=3D", "<br />\n"), stripslashes(check_cust_vars($htmlmessage, $track, $no))); $fmessage .= "------MIME_BOUNDRY_main_message" . $eol; $fmessage .= "Content-Type: text/html; charset=\"" . get_option('blog_charset') . "\"" . $eol; $fmessage .= "Content-Transfer-Encoding: quoted-printable" . $eol . $eol; $fmessage .= "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">" . $eol; $fmessage .= "<HTML>" . $eol; $fmessage .= $styles; $fmessage .= "<BODY>" . $eol; $fmessage .= $htmlmessage; // need to add form data summary or is all in the header anyway? if (substr(get_option('cforms' . $no . '_formdata'), 1, 1) == '1') { $fmessage .= $eol . $htmlformdata; } $fmessage .= "</BODY></HTML>" . $eol . $eol; } //either use configured subject or user determined $vsubject = get_option('cforms' . $no . '_subject'); $vsubject = check_default_vars($vsubject, $no); $vsubject = stripslashes(check_cust_vars($vsubject, $track, $no)); // SMTP server or native PHP mail() ? if ($smtpsettings[0] == '1') { $sentadmin = cforms_phpmailer($no, $frommail, $field_email, $to, $vsubject, $message, $formdata, $htmlmessage, $htmlformdata); } else { $sentadmin = @mail($to, encode_header($vsubject), $fmessage, $headers); } if ($sentadmin == 1) { // send copy or notification? if (get_option('cforms' . $no . '_confirm') == '1' && $field_email != '' || $ccme) { if (($frommail = stripslashes(get_option('cforms' . $no . '_fromemail'))) == '') { $frommail = '"' . get_option('blogname') . '" <wordpress@' . preg_replace('#^www\\.#', '', strtolower($_SERVER['SERVER_NAME'])) . '>'; } // HTML message part? $html_show_ac = substr(get_option('cforms' . $no . '_formdata'), 3, 1) == '1' ? true : false; $automessage = ''; $headers2 = "From: " . $frommail . $eol; $headers2 .= "Reply-To: " . $replyto . $eol; if (substr(get_option('cforms' . $no . '_tellafriend'), 0, 1) == '1') { //TAF: add CC $headers2 .= "CC: " . $replyto . $eol; } $headers2 .= "MIME-Version: 1.0" . $eol; if ($html_show_ac || $html_show && $ccme) { $headers2 .= "Content-Type: multipart/alternative; boundary=\"----MIME_BOUNDRY_main_message\""; $automessage = "This is a multi-part message in MIME format." . $eol; $automessage .= "------MIME_BOUNDRY_main_message" . $eol; $automessage .= "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"" . $eol; $automessage .= "Content-Transfer-Encoding: quoted-printable" . $eol . $eol; } else { $headers2 .= "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\""; } // actual user message $cmsg = get_option('cforms' . $no . '_cmsg'); $cmsg = check_default_vars($cmsg, $no); $cmsg = check_cust_vars($cmsg, $track, $no); // text text $automessage .= $cmsg . $eol; // HTML text if ($html_show_ac) { // actual user message $cmsghtml = get_option('cforms' . $no . '_cmsg_html'); $cmsghtml = check_default_vars($cmsghtml, $no); $cmsghtml = str_replace(array("=", "\n"), array("=3D", "<br />\n"), check_cust_vars($cmsghtml, $track, $no)); $automessage .= "------MIME_BOUNDRY_main_message" . $eol; $automessage .= "Content-Type: text/html; charset=\"" . get_option('blog_charset') . "\"" . $eol; $automessage .= "Content-Transfer-Encoding: quoted-printable" . $eol . $eol; $automessage .= "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">" . $eol; $automessage .= "<HTML><BODY>" . $eol; $automessage .= $cmsghtml; $automessage .= "</BODY></HTML>" . $eol . $eol; } // replace variables $subject2 = get_option('cforms' . $no . '_csubject'); $subject2 = check_default_vars($subject2, $no); $subject2 = check_cust_vars($subject2, $track, $no); // different cc & ac subjects? $t = explode('$#$', $subject2); $t[1] = $t[1] != '' ? $t[1] : $t[0]; // email tracking via 3rd party? $field_email = get_option('cforms' . $no . '_tracking') != '' ? $field_email . get_option('cforms' . $no . '_tracking') : $field_email; // if in Tell-A-Friend Mode, then overwrite header stuff... if ($taf_youremail && $taf_friendsemail && substr(get_option('cforms' . $no . '_tellafriend'), 0, 1) == '1') { $field_email = "\"{$taf_friendsname}\" <{$taf_friendsemail}>"; } if ($ccme) { if ($smtpsettings[0] == '1') { $sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, stripslashes($t[1]), $message, $formdata, $htmlmessage, $htmlformdata, 'ac'); } else { $sent = @mail($field_email, encode_header(stripslashes($t[1])), $fmessage, $headers2); } //takes $message!! } else { if ($smtpsettings[0] == '1') { $sent = cforms_phpmailer($no, $frommail, $replyto, $field_email, stripslashes($t[0]), $cmsg, '', $cmsghtml, '', 'ac'); } else { $sent = @mail($field_email, encode_header(stripslashes($t[0])), stripslashes($automessage), $headers2); } } if ($sent != '1') { $err = __('Error occurred while sending the auto confirmation message: ', 'cforms') . ($smtpsettings[0] ? " ({$sent})" : ''); $pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 1, 1); return $pre . $err . '|!!!'; } } // cc $hide = ''; // redirect to a different page on suceess? if (get_option('cforms' . $no . '_redirect') == 1) { return get_option('cforms' . $no . '_redirect_page'); } else { if (get_option('cforms' . $no . '_redirect') == 2 || get_cforms_submission_left($no) == 0) { $hide = '|~~~'; } } // return success msg $pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 0, 1); $successMsg = check_default_vars(stripslashes(get_option('cforms' . $no . '_success')), $no); $successMsg = check_cust_vars($successMsg, $track, $no); return $pre . preg_replace('|\\r\\n|', '<br />', $successMsg) . $hide; } else { // return error msg $err = __('Error occurred while sending the message: ', 'cforms') . ($smtpsettings[0] ? '<br />' . $sentadmin : ''); $pre = $segments[0] . '*$#' . substr(get_option('cforms' . $no . '_popup'), 1, 1); return $pre . $err . '|!!!'; } }
} } $comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0; $comment_type = ''; $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); $comment_id = wp_new_comment($commentdata); $comment = get_comment($comment_id); if (!$user->ID) { setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); setcookie('comment_author_url_' . COOKIEHASH, clean_url($comment->comment_author_url), time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); } ### send a notification if required if ($cformsSettings['form' . $no]['cforms' . $no . '_tellafriend'] == '21') { cforms('', $no); } ### keep track of custom comment fields write_tracking_record($no, $comment_author_email, $comment_id); $location = empty($_POST['redirect_to']) ? get_permalink($_POST['comment_post_ID']) . $cfpre . 'cfemail=posted' . '#cforms' . $no . 'form' : $_POST['redirect_to']; $location = apply_filters('comment_post_redirect', $location, $comment); wp_redirect($location); } else { $err = ''; foreach (array_keys($_POST) as $postvar) { $err .= '&' . $postvar . '=' . urlencode($_POST[$postvar]); } header("HTTP/1.0 301 Temporary redirect"); header("Location: " . get_permalink($comment_post_ID) . $cfpre . 'cfemail=err' . $err . '#cforms' . $no . 'form'); } } ### non Ajax
if (strlen(stripslashes($field_name)) < $customspace) { $space = str_repeat(" ", $customspace - strlen(stripslashes($field_name))); } $field_name .= ': ' . $space; if ($field_stat[1] != 'verification' && $field_stat[1] != 'captcha') { $formdata .= stripslashes($field_name) . $value . "\n"; $htmlformdata .= '<tr><td class=3D"data-td">' . $htmlfield_name . '</td><td>' . $htmlvalue . '</td></tr>'; } } //for all fields // assemble html formdata $htmlformdata = '<div class=3D"datablock"><table width=3D"100%" cellpadding=3D"2">' . stripslashes($htmlformdata) . '</table></div><span class=3D"cforms">powered by <a href=3D"http://www.deliciousdays.com/cforms-plugin">cformsII</a></span>'; // // FIRST into the database is required! // $subID = get_option('cforms' . $no . '_tellafriend') == '2' && !$send2author ? 'noid' : write_tracking_record($no, $field_email); // // Files uploaded?? // $filefield = 0; $temp = explode('$#$', stripslashes(htmlspecialchars(get_option('cforms' . $no . '_upload_dir')))); $fileuploaddir = $temp[0]; if (isset($_FILES['cf_uploadfile' . $no])) { foreach ($_FILES['cf_uploadfile' . $no][tmp_name] as $tmpfile) { //copy attachment to local server dir if ($tmpfile != '') { copy($tmpfile, $fileuploaddir . '/' . $subID . '-' . $file['name'][$filefield]); } $filefield++; } }