/** END FORM ELEMENT CONFIGURATION **/ function process(Quform $form, array &$config) { // Process the form if ($form->isValid($_POST)) { // Custom code section #1 - see documentation for examples // End custom code section #1 try { $attachments = array(); $elements = $form->getElements(); // Process uploaded files foreach ($elements as $element) { if ($element instanceof Quform_Element_File && array_key_exists($element->getName(), $_FILES) && is_array($_FILES[$element->getName()])) { $file = $_FILES[$element->getName()]; if (is_array($file['error'])) { // Process multiple upload field foreach ($file['error'] as $key => $error) { if ($error === UPLOAD_ERR_OK) { $fileData = array('path' => $file['tmp_name'][$key], 'filename' => Quform_Element_File::filterFilename($file['name'][$key]), 'type' => $file['type'][$key], 'size' => $file['size'][$key]); if ($config['saveUploads'] && $element->getSave()) { $result = Quform_Element_File::saveUpload($config['uploadPath'], $config['uploadUrl'], $fileData, $element); if (is_array($result)) { $fileData = $result; } } if ($element->getAttach()) { $attachments[] = $fileData; } $element->addFile($fileData); } } } else { // Process single upload field if ($file['error'] === UPLOAD_ERR_OK) { $fileData = array('path' => $file['tmp_name'], 'filename' => Quform_Element_File::filterFilename($file['name']), 'type' => $file['type'], 'size' => $file['size']); if ($config['saveUploads'] && $element->getSave()) { $result = Quform_Element_File::saveUpload($config['uploadPath'], $config['uploadUrl'], $fileData, $element); if (is_array($result)) { $fileData = $result; } } if ($element->getAttach()) { $attachments[] = $fileData; } $element->addFile($fileData); } } } // element exists in $_FILES } // foreach element // Save to a MySQL database if ($config['database']) { // Connect to MySQL mysql_connect('localhost', 'username', 'password') or die(mysql_error()); // Select the database mysql_select_db('database') or die(mysql_error()); // Set the connection encoding if (strtolower(QUFORM_CHARSET) == 'utf-8') { mysql_query("SET NAMES utf8") or die(mysql_error()); } // Build the query $query = "INSERT INTO table SET "; $query .= "`name` = '" . mysql_real_escape_string($form->getValue('name')) . "',"; $query .= "`email` = '" . mysql_real_escape_string($form->getValue('email')) . "',"; $query .= "`message` = '" . mysql_real_escape_string($form->getValue('message')) . "';"; // Careful! The last line ends in a semi-colon // Execute the query mysql_query($query) or die(mysql_error()); // Close the connection mysql_close(); } if ($config['email']) { // Get a new PHPMailer instance $mailer = Quform::newPHPMailer($config['smtp']); // Set the from information $from = $form->parseEmailRecipient($config['from']); if ($from['email']) { $mailer->From = $from['email']; $mailer->FromName = $from['name']; } // Set the Reply-To header of the email as the submitted email address from the form if (!empty($config['replyTo'])) { $replyTo = $form->parseEmailRecipient($config['replyTo']); if ($replyTo['email']) { $mailer->AddReplyTo($replyTo['email'], $replyTo['name']); } } // Set the subject $mailer->Subject = $form->replacePlaceholderValues($config['subject']); // Set the recipients foreach ((array) $config['recipients'] as $recipient) { $mailer->AddAddress($recipient); } // Set the message body HTML ob_start(); include QUFORM_ROOT . $config['emailBody']; $mailer->MsgHTML(ob_get_clean()); $mailer->AltBody = 'To view this email please use HTML compatible email software.'; // Add any attachments foreach ($attachments as $attachment) { $mailer->AddAttachment($attachment['path'], $attachment['filename'], 'base64', $attachment['type']); } // Send the notification message $mailer->Send(); } // Autoreply email if ($config['autoreply']) { $autoreplyRecipient = $form->parseEmailRecipient($config['autoreplyRecipient']); if ($autoreplyRecipient['email']) { // Create the autoreply message $mailer = Quform::newPHPMailer($config['smtp']); // Set the from address $autoreplyFrom = $form->parseEmailRecipient($config['autoreplyFrom']); if ($autoreplyFrom['email']) { $mailer->From = $autoreplyFrom['email']; $mailer->FromName = $autoreplyFrom['name']; } // Set the recipient $mailer->AddAddress($autoreplyRecipient['email'], $autoreplyRecipient['name']); // Set the subject $mailer->Subject = $form->replacePlaceholderValues($config['autoreplySubject']); // Set the message body HTML ob_start(); include QUFORM_ROOT . $config['autoreplyBody']; $mailer->MsgHTML(ob_get_clean()); $mailer->AltBody = 'To view this email please use HTML compatible email software.'; // Send the autoreply $mailer->Send(); } } // Custom code section #2 - see documentation for examples // End custom code section #2 } catch (Exception $e) { if (QUFORM_DEBUG) { throw $e; } } } else { // Form data failed validation return false; } // Form processed successfully return true; }
/** * Returns a santised filename from the given path * * @param string $path * @return string */ public static function filterFilename($path) { $pathInfo = Quform_Element_File::pathinfo($path); $extension = $pathInfo['extension']; $filename = $pathInfo['filename']; $filenameFilter = new Quform_Filter_Filename(); $filename = $filenameFilter->filter($filename); $filename = strlen($filename) ? $filename : 'upload'; $filename = strlen($extension) ? "{$filename}.{$extension}" : $filename; return $filename; }