| [ Index ] |
PHP Cross Reference of phpwcms V1.4.3 _r380 (23.11.09) |
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************************* 3 Copyright notice 4 5 (c) 2002-2009 Oliver Georgi (oliver@phpwcms.de) // All rights reserved. 6 7 This script is part of PHPWCMS. The PHPWCMS web content management system is 8 free software; you can redistribute it and/or modify it under the terms of 9 the GNU General Public License as published by the Free Software Foundation; 10 either version 2 of the License, or (at your option) any later version. 11 12 The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html 13 A copy is found in the textfile GPL.txt and important notices to the license 14 from the author is found in LICENSE.txt distributed with these scripts. 15 16 This script is distributed in the hope that it will be useful, but WITHOUT ANY 17 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 18 PARTICULAR PURPOSE. See the GNU General Public License for more details. 19 20 This copyright notice MUST APPEAR in all copies of the script! 21 *************************************************************************************/ 22 23 // ---------------------------------------------------------------- 24 // obligate check for phpwcms constants 25 if (!defined('PHPWCMS_ROOT')) { 26 die("You Cannot Access This Script Directly, Have a Nice Day."); 27 } 28 // ---------------------------------------------------------------- 29 30 include_once (PHPWCMS_ROOT.'/include/inc_front/content/cnt_functions/cnt23.func.inc.php'); 31 32 // Form 33 $CNT_TMP .= '<a name="jumpForm'.$crow["acontent_id"].'" id="jumpForm'.$crow["acontent_id"].'"></a>'; 34 $CNT_TMP .= headline($crow["acontent_title"], $crow["acontent_subtitle"], $template_default["article"]); 35 $cnt_form = unserialize($crow["acontent_form"]); 36 37 // save default form tracking status 38 $default_formtracking_value = $phpwcms['form_tracking']; 39 // check form related form tracking status 40 if(isset($cnt_form['formtracking_off']) && $cnt_form['formtracking_off'] == 1) { 41 $phpwcms['form_tracking'] = 0; 42 } 43 44 $form_error_text = ''; 45 46 $form_cnt = $cnt_form['labelpos']== 2 ? $cnt_form['customform'] : ''; 47 48 // set sender email address 49 if(empty($cnt_form['sendertype']) || $cnt_form['sendertype'] == 'system') { 50 $cnt_form['sender'] = $phpwcms['SMTP_FROM_EMAIL']; 51 } elseif($cnt_form['sendertype'] == 'email' && !is_valid_email($cnt_form['sender'])) { 52 $cnt_form['sender'] = $phpwcms['SMTP_FROM_EMAIL']; 53 } 54 55 // basic sender name check 56 if(empty($cnt_form['sendernametype'])) { 57 58 $cnt_form['sendername'] = ''; 59 $cnt_form['sendernametype'] = ''; 60 61 } elseif($cnt_form['sendernametype'] == 'system') { 62 63 $cnt_form['sendername'] = $phpwcms['SMTP_FROM_NAME']; 64 65 } 66 67 if(empty($cnt_form['sendername'])) { 68 $cnt_form['sendername'] = ''; 69 } 70 if(empty($cnt_form["error_class"])) { 71 $cnt_form["error_class"] = 'error'; 72 } 73 74 // set enctype mode false (no upload) 75 $cnt_form['is_enctype'] = false; 76 77 /* 78 * Browse form fields 79 */ 80 if(isset($cnt_form["fields"]) && is_array($cnt_form["fields"]) && count($cnt_form["fields"])) { 81 82 $form_counter = 0; 83 $cnt_form['label_wrap'] = explode('|', $cnt_form['label_wrap']); 84 $cnt_form['label_wrap'][0] = !empty($cnt_form['label_wrap'][0]) ? trim($cnt_form['label_wrap'][0]) : ''; 85 $cnt_form['label_wrap'][1] = !empty($cnt_form['label_wrap'][1]) ? trim($cnt_form['label_wrap'][1]) : ''; 86 $form_field_hidden = ''; 87 88 $cnt_form['regx_pattern'] = array( 89 'A-Z' => '/^[A-Z]+$/', 90 'a-Z' => '/^[a-zA-Z]+$/', 91 'a-z' => '/^[a-z]+$/', 92 '0-9' => '/^[0-9]+$/', 93 'PHONE' => '/^[+]?([0-9]*[\.\s\-\(\)\/]|[0-9]+){3,24}$/', 94 'INT' => '/^[0-9\-\+]+$/', 95 'WORD' => '/^[\w]+$/', 96 'LETTER+SPACE' => '/^[a-z _\-\:]+$/i' 97 ); 98 99 if(!empty($_POST['cpID'.$crow["acontent_id"]]) && intval($_POST['cpID'.$crow["acontent_id"]]) == $crow["acontent_id"]) { 100 $POST_DO = true; 101 $POST_val = array(); 102 $cache_nosave = true; 103 } else { 104 $POST_DO = false; 105 } 106 107 // make spam check 108 if($POST_DO && !checkFormTrackingValue()) { 109 $POST_ERR['spamFormAlert'.time()] = '[span_class:spamFormAlert]Your IP '.getRemoteIP().' is not allowed to send form![/class]'; 110 } 111 112 foreach($cnt_form["fields"] as $key => $value) { 113 114 $form_field = ''; 115 $form_name = html_specialchars($cnt_form["fields"][$key]['name']); 116 $POST_name = $cnt_form["fields"][$key]['name']; 117 118 switch($cnt_form["fields"][$key]['type']) { 119 120 case 'text' : /* 121 * Text 122 */ 123 if($POST_DO && isset($_POST[$POST_name])) { 124 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 125 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 126 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 127 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 128 } else { 129 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 130 } 131 } 132 // 133 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" '; 134 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 135 if($cnt_form["fields"][$key]['size']) { 136 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 137 } 138 if($cnt_form["fields"][$key]['max']) { 139 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 140 } 141 if($cnt_form["fields"][$key]['class']) { 142 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 143 } 144 if($cnt_form["fields"][$key]['style']) { 145 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 146 } 147 $form_field .= ' />'; 148 break; 149 150 case 'captcha': /* 151 * Captcha 152 */ 153 if($POST_DO && isset($_POST[$POST_name])) { 154 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 155 include_once (PHPWCMS_ROOT.'/include/inc_ext/SOLMETRA_FormValidator/SPAF_FormValidator.class.php'); 156 $spaf_obj = new SPAF_FormValidator(); 157 if($spaf_obj->validRequest($POST_val[$POST_name])) { 158 $spaf_obj->destroy(); 159 } else { 160 $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? 'Captcha error' : $cnt_form["fields"][$key]['error']; 161 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 162 } 163 $cnt_form["fields"][$key]['value'] = ''; 164 } 165 // 166 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" value=""'; 167 if($cnt_form["fields"][$key]['size']) { 168 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 169 } 170 if($cnt_form["fields"][$key]['max']) { 171 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 172 } 173 if($cnt_form["fields"][$key]['class']) { 174 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 175 } 176 if($cnt_form["fields"][$key]['style']) { 177 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 178 } 179 $form_field .= ' />'; 180 break; 181 182 case 'special' : /* 183 * Special 184 */ 185 $cnt_form['special_attribute'] = array( 186 'default' => '', 187 'type' => 'MIX', 188 'dateformat' => 'm/d/Y', 189 'pattern' => '/.*?/' 190 ); 191 192 if($cnt_form["fields"][$key]['value']) { 193 $cnt_form['special_value'] = str_replace( array('"', "'", "\r'"), '', $cnt_form["fields"][$key]['value'] ); 194 $cnt_form['special_value'] = explode("\n", $cnt_form['special_value']); 195 $cnt_form["fields"][$key]['value'] = ''; 196 197 if(is_array($cnt_form['special_value']) && count($cnt_form['special_value'])) { 198 foreach($cnt_form['special_value'] as $cnt_form['special_key'] => $cnt_form['special_val']) { 199 $temp_array = explode('=', $cnt_form['special_val']); 200 switch($temp_array[0]) { 201 case 'default': $cnt_form['special_attribute']['default'] = isset($temp_array[1]) ? $temp_array[1] : ''; 202 break; 203 case 'type': $cnt_form['special_attribute']['type'] = isset($temp_array[1]) ? $temp_array[1] : 'MIX'; 204 break; 205 case 'dateformat': $cnt_form['special_attribute']['dateformat'] = isset($temp_array[1]) ? $temp_array[1] : 'm/d/Y'; 206 break; 207 case 'pattern': $cnt_form['special_attribute']['pattern'] = isset($temp_array[1]) ? $temp_array[1] : '/.*?/'; 208 break; 209 } 210 } 211 } 212 } 213 214 $cnt_form["fields"][$key]['value'] = isset($cnt_form['special_attribute']['default']) ? $cnt_form['special_attribute']['default'] : ''; 215 216 if($POST_DO && isset($_POST[$POST_name])) { 217 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 218 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 219 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 220 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 221 } else { 222 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 223 // try to check for special value 224 if(isset($cnt_form['special_attribute']['type'])) { 225 switch($cnt_form['special_attribute']['type']) { 226 227 case 'A-Z': 228 case 'a-Z': 229 case 'a-z': 230 case '0-9': 231 case 'WORD': 232 case 'LETTER+SPACE': 233 case 'PHONE': 234 case 'INT': if($cnt_form["fields"][$key]['value'] !== '' && !preg_match($cnt_form['regx_pattern'][ $cnt_form['special_attribute']['type'] ], $cnt_form["fields"][$key]['value'])) { 235 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 236 } /* else { $cnt_form["fields"][$key]['value'] = $cnt_form["fields"][$key]['value']; } */ 237 break; 238 239 case 'REGEX': if($cnt_form["fields"][$key]['value'] !== '' && !preg_match($cnt_form['special_attribute']['pattern'], $cnt_form["fields"][$key]['value'])) { 240 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 241 } 242 break; 243 244 case 'DEC': 245 case 'FLOAT': if($cnt_form["fields"][$key]['value'] !== '' && !is_float_ex($cnt_form["fields"][$key]['value'])) { 246 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 247 } 248 break; 249 250 case 'IDENT': if(isset($cnt_form['special_attribute']['default']) && 251 decode_entities($cnt_form['special_attribute']['default']) != decode_entities($cnt_form["fields"][$key]['value'])) { 252 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 253 } 254 break; 255 256 case 'DATE': if($cnt_form["fields"][$key]['value'] !== '' && isset($cnt_form['special_attribute']['dateformat']) && 257 !is_date($cnt_form["fields"][$key]['value'], $cnt_form['special_attribute']['dateformat'])) { 258 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 259 } 260 break; 261 } 262 } 263 } 264 } else { 265 266 if(isset($cnt_form['special_attribute']['default']) && isset($cnt_form['special_attribute']['type']) && 267 $cnt_form['special_attribute']['type'] == 'DATE' && $cnt_form['special_attribute']['default'] == 'NOW') { 268 echo 'ja'; 269 if(isset($cnt_form['special_attribute']['dateformat'])) { 270 $cnt_form["fields"][$key]['value'] = date($cnt_form['special_attribute']['dateformat']); 271 } else { 272 $cnt_form["fields"][$key]['value'] = date('m/d/Y'); 273 } 274 } 275 } 276 // 277 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" '; 278 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 279 if($cnt_form["fields"][$key]['size']) { 280 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 281 } 282 if($cnt_form["fields"][$key]['max']) { 283 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 284 } 285 if($cnt_form["fields"][$key]['class']) { 286 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 287 } 288 if($cnt_form["fields"][$key]['style']) { 289 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 290 } 291 $form_field .= ' />'; 292 break; 293 294 case 'email' : /* 295 * Email 296 */ 297 if($POST_DO && isset($_POST[$POST_name])) { 298 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 299 if(($cnt_form["fields"][$key]['required'] && !$POST_val[$POST_name]) || ($POST_val[$POST_name] && !is_valid_email($POST_val[$POST_name]))) { 300 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 301 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 302 } 303 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 304 } 305 // check if message should be delivered to email address of this field 306 if($POST_DO && ($cnt_form['targettype'] == 'emailfield_'.$POST_name) && empty($POST_ERR[$key]) && is_valid_email($cnt_form["fields"][$key]['value'])) { 307 if(empty($cnt_form['target'])) { 308 $cnt_form['target'] = $cnt_form["fields"][$key]['value']; 309 } else { 310 $cnt_form['target'] = $cnt_form["fields"][$key]['value'].';'.$cnt_form['target']; 311 } 312 } 313 // 314 // check if message should be sent by email address of this field 315 if($POST_DO && ($cnt_form['sendertype'] == 'emailfield_'.$POST_name) && empty($POST_ERR[$key]) && is_valid_email($cnt_form["fields"][$key]['value'])) { 316 $cnt_form['sender'] = $cnt_form["fields"][$key]['value']; 317 } 318 // 319 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" '; 320 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 321 if($cnt_form["fields"][$key]['size']) { 322 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 323 } 324 if($cnt_form["fields"][$key]['max']) { 325 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 326 } 327 if($cnt_form["fields"][$key]['class']) { 328 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 329 } 330 if($cnt_form["fields"][$key]['style']) { 331 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 332 } 333 $form_field .= ' />'; 334 break; 335 336 case 'textarea' : /* 337 * Textarea 338 */ 339 if($POST_DO && isset($_POST[$POST_name])) { 340 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 341 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 342 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 343 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 344 } else { 345 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 346 } 347 } 348 // 349 $form_field .= '<textarea name="'.$form_name.'" id="'.$form_name.'"'; 350 if($cnt_form["fields"][$key]['size']) { 351 $form_field .= ' cols="'.$cnt_form["fields"][$key]['size'].'"'; 352 } else { 353 $form_field .= ' cols="20"'; 354 } 355 if($cnt_form["fields"][$key]['max']) { 356 $form_field .= ' rows="'.$cnt_form["fields"][$key]['max'].'"'; 357 } 358 if($cnt_form["fields"][$key]['class']) { 359 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 360 } 361 if($cnt_form["fields"][$key]['style']) { 362 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 363 } 364 $form_field .= '>'.html_specialchars($cnt_form["fields"][$key]['value']).'</textarea>'; 365 break; 366 367 case 'hidden' : /* 368 * Hidden 369 */ 370 if($POST_DO && isset($_POST[$POST_name])) { 371 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 372 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 373 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 374 } else { 375 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 376 } 377 } 378 // 379 $form_field_hidden .= '<input type="hidden" name="'.$form_name.'" '; 380 $form_field_hidden .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'" />'; 381 break; 382 383 case 'password' : /* 384 * Password 385 */ 386 if($POST_DO && isset($_POST[$POST_name])) { 387 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 388 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 389 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 390 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 391 } else { 392 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 393 } 394 } 395 // 396 $form_field .= '<input type="password" name="'.$form_name.'" id="'.$form_name.'" '; 397 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 398 if($cnt_form["fields"][$key]['size']) { 399 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 400 } 401 if($cnt_form["fields"][$key]['max']) { 402 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 403 } 404 if($cnt_form["fields"][$key]['class']) { 405 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 406 } 407 if($cnt_form["fields"][$key]['style']) { 408 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 409 } 410 $form_field .= ' autocomplete="off" />'; 411 break; 412 413 case 'country': 414 case 'selectemail': 415 case 'select' : /* 416 * Select menu 417 */ 418 if($POST_DO && isset($_POST[$POST_name])) { 419 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 420 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 421 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 422 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 423 } else { 424 $cnt_form["fields"][$key]['value'] = str_replace(' selected', '', $cnt_form["fields"][$key]['value']); 425 } 426 } 427 // 428 if($cnt_form["fields"][$key]['type'] == 'selectemail' && $POST_DO && empty($POST_ERR[$key]) ) { 429 430 // check if message should be delivered to email address of this field 431 if( ($cnt_form['targettype'] == 'emailfield_'.$POST_name) && is_valid_email($POST_val[$POST_name])) { 432 if(empty($cnt_form['target'])) { 433 $cnt_form['target'] = $POST_val[$POST_name]; 434 } else { 435 $cnt_form['target'] = $POST_val[$POST_name].';'.$cnt_form['target']; 436 } 437 } 438 // 439 // check if message should be sent by email address of this field 440 if( ($cnt_form['sendertype'] == 'emailfield_'.$POST_name) && is_valid_email($POST_val[$POST_name])) { 441 $cnt_form['sender'] = $POST_val[$POST_name]; 442 } 443 } 444 // 445 446 $form_field .= '<select name="'.$form_name.'" id="'.$form_name.'"'; 447 if($cnt_form["fields"][$key]['class']) { 448 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 449 } 450 if($cnt_form["fields"][$key]['style']) { 451 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 452 } 453 $form_field .= '>' . LF; 454 455 // build country select menu 456 if($cnt_form["fields"][$key]['type'] == 'country') { 457 458 // check which language should be used and 459 // which country should be set as default 460 $form_value = parse_ini_str($cnt_form["fields"][$key]['value'], false); 461 if(isset($form_value['lang'])) { 462 $form_value['lang'] = preg_replace('/[^a-zA-Z]/', '', $form_value['lang']); 463 } else { 464 $form_value['lang'] = $phpwcms['default_lang']; 465 } 466 if(isset($form_value['default'])) { 467 $form_value['default'] = preg_replace('/[^a-zA-Z]/', '', $form_value['default']); 468 } else { 469 $form_value['default'] = '-'; 470 } 471 472 $option_value = substr( empty($POST_val[$POST_name]) ? $form_value['default'] : $POST_val[$POST_name] , 0, 2); 473 if(!empty($form_value['first'])) { 474 $form_field .= '<option value="">' . html_specialchars($form_value['first']) . '</option>' . LF; 475 } 476 $form_field .= list_country($option_value, $form_value['lang']); 477 478 479 // build value/option select menu 480 } else { 481 482 483 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 484 $form_value = array_map('trim', $form_value); 485 $form_value = array_diff($form_value, array('')); 486 if(count($form_value)) { 487 $form_optgroup = false; 488 foreach($form_value as $option_value) { 489 490 // search for OPTGROUP 491 if( strpos(strtoupper($option_value), 'OPTGROUP') === 0 ) { 492 $option_value = explode(' ', $option_value, 2); 493 if(isset($option_value[1]) ) { 494 $option_value = trim($option_value[1]); 495 $form_field .= '<optgroup label="'; 496 $form_field .= $option_value == '' ? 'Please select:' : html_specialchars($option_value); 497 $form_field .= '">'.LF; 498 $form_optgroup = true; 499 } 500 continue; 501 } elseif(strpos(strtoupper($option_value), '/OPTGROUP') === 0) { 502 if($form_optgroup == true) { 503 $form_field .= '</optgroup>'.LF; 504 $form_optgroup = false; 505 } 506 continue; 507 } 508 509 // check if select item has specila value and name 510 $option_value = explode('-|-', $option_value, 2); 511 $option_label = $option_value[0]; 512 $option_value = isset($option_value[1]) ? $option_value[1] : $option_label; 513 514 if(substr($option_label, -2) === ' -') { 515 $option_label = trim( substr($option_label, 0, strlen($option_label) -2) ); 516 } 517 $option_label = str_replace(' selected', '', $option_label); 518 519 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == $option_value) { 520 $option_value .= ' selected'; 521 } 522 523 $option_value = html_specialchars($option_value); 524 if(substr($option_value, -2) === ' -') { 525 $form_field .= '<option value=""'; 526 $option_value = trim( substr($option_value, 0, strlen($option_value) -2) ); 527 } elseif(strtolower(substr($option_value, -9)) != ' selected') { 528 $form_field .= '<option value="'.$option_value.'"'; 529 } else { 530 $option_value = str_replace(' selected', '', $option_value); 531 $form_field .= '<option value="'.$option_value.'" selected="selected"'; 532 } 533 $form_field .= '>'.html_specialchars($option_label)."</option>\n"; 534 } 535 if($form_optgroup == true) { 536 $form_field .= '</optgroup>'.LF; 537 } 538 } 539 540 } 541 $form_field .= '</select>'; 542 break; 543 544 case 'list' : /* 545 * Liste 546 */ 547 if($POST_DO && isset($_POST[$POST_name])) { 548 if(is_array($_POST[$POST_name])) { 549 $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); 550 $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); 551 if(!count($POST_val[$POST_name])) { 552 $POST_val[$POST_name] = false; 553 } 554 } else { 555 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 556 } 557 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 558 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 559 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 560 } else { 561 $cnt_form["fields"][$key]['value'] = str_replace(' selected', '', $cnt_form["fields"][$key]['value']); 562 } 563 } 564 // 565 $form_field .= '<select id="'.$form_name.'"'; 566 if($cnt_form["fields"][$key]['size']) { 567 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 568 } 569 if($cnt_form["fields"][$key]['max']) { 570 $form_field .= ' multiple'; 571 $form_field .= ' name="'.$form_name.'[]"'; 572 } else { 573 $form_field .= ' name="'.$form_name.'"'; 574 } 575 if($cnt_form["fields"][$key]['class']) { 576 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 577 } 578 if($cnt_form["fields"][$key]['style']) { 579 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 580 } 581 $form_field .= '>'.LF; 582 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 583 $form_value = array_map('trim', $form_value); 584 $form_value = array_diff($form_value, array('')); 585 if(count($form_value)) { 586 foreach($form_value as $option_value) { 587 588 // search for OPTGROUP 589 if( strpos(strtoupper($option_value), 'OPTGROUP') === 0 ) { 590 $option_value = explode(' ', $option_value, 2); 591 if(isset($option_value[1]) ) { 592 $option_value = trim($option_value[1]); 593 $form_field .= '<optgroup label="'; 594 $form_field .= $option_value == '' ? 'Please select:' : html_specialchars($option_value); 595 $form_field .= '">'.LF; 596 $form_optgroup = true; 597 } 598 continue; 599 } elseif(strpos(strtoupper($option_value), '/OPTGROUP') === 0) { 600 if($form_optgroup == true) { 601 $form_field .= '</optgroup>'.LF; 602 $form_optgroup = false; 603 } 604 continue; 605 } 606 607 608 // try to set given POST var as selected 609 if(isset($POST_val[$POST_name])) { 610 if(is_array($POST_val[$POST_name])) { 611 foreach($POST_val[$POST_name] as $postvar_value) { 612 if($postvar_value == $option_value) { 613 $option_value .= ' selected'; 614 } 615 } 616 } elseif ($POST_val[$POST_name] == $option_value) { 617 $option_value .= ' selected'; 618 } 619 } 620 621 $option_value = html_specialchars($option_value); 622 if(substr($option_value, -2) === ' -') { 623 $form_field .= '<option value=""'; 624 $option_value = trim( substr($option_value, 0, strlen($option_value) -2) ); 625 } elseif(substr($option_value, -9) != ' selected') { 626 $form_field .= '<option value="'.$option_value.'"'; 627 } else { 628 $option_value = str_replace(' selected', '', $option_value); 629 $form_field .= '<option value="'.$option_value.'" selected="selected"'; 630 } 631 $form_field .= '>'.$option_value."</option>\n"; 632 } 633 if($form_optgroup == true) { 634 $form_field .= '</optgroup>'.LF; 635 } 636 } 637 $form_field .= '</select>'; 638 break; 639 640 case 'checkbox' : /* 641 * Checkbox 642 */ 643 if($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { 644 if(isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) { 645 $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); 646 $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); 647 if(!count($POST_val[$POST_name])) { 648 $POST_val[$POST_name] = ''; 649 } 650 } else { 651 $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : ''; 652 } 653 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 654 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 655 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 656 } else { 657 $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); 658 } 659 } 660 // 661 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 662 $form_value = array_map('trim', $form_value); 663 $form_value = array_diff($form_value, array('')); 664 if($cnt_form["fields"][$key]['class']) { 665 $form_field .= '<div class="'.$cnt_form["fields"][$key]['class'].'">'; 666 $checkbox_class = '</div>'; 667 } else { 668 $checkbox_class = ''; 669 } 670 if($cnt_form["fields"][$key]['style']) { 671 $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; 672 } else { 673 $checkbox_style = ''; 674 } 675 if(count($form_value) == 1 || count($form_value) == 0 || !$form_value) { 676 // only 1 checkbox 677 $checkbox_value = is_array($form_value) ? implode('', $form_value) : $form_value; 678 $checkbox_value = trim($checkbox_value); 679 680 $checkbox_value = explode('-|-', $checkbox_value, 2); 681 $checkbox_label = $checkbox_value[0]; 682 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 683 684 $checkbox_label = str_replace(' checked', '', $checkbox_label); 685 686 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == ($checkbox_value ? $checkbox_value : $form_name)) { 687 $checkbox_value .= ' checked'; 688 } 689 $checkbox_value = $checkbox_value ? html_specialchars($checkbox_value) : $form_name; 690 $form_field .= '<input type="checkbox" name="'.$form_name.'" id="'.$form_name.'" '; 691 if(substr($checkbox_value, -8) != ' checked') { 692 $form_field .= 'value="' . $checkbox_value . '" />'; 693 } else { 694 $checkbox_value = str_replace(' checked', '', $checkbox_value); 695 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 696 } 697 $form_field .= '<label for="'.$form_name.'"'; 698 $form_field .= $checkbox_style; 699 $form_field .= '>'. $checkbox_label .'</label>'; 700 701 } else { 702 // list of checkboxes 703 $checkbox_counter = 0; 704 $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '<br />' : ' '; 705 foreach($form_value as $checkbox_value) { 706 707 $checkbox_value = explode('-|-', $checkbox_value, 2); 708 $checkbox_label = $checkbox_value[0]; 709 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 710 711 $checkbox_label = str_replace(' checked', '', $checkbox_label); 712 713 if(isset($POST_val[$POST_name]) && is_array($POST_val[$POST_name])) { 714 foreach($POST_val[$POST_name] as $postvar_value) { 715 if($postvar_value == $checkbox_value) { 716 $checkbox_value .= ' checked'; 717 } 718 } 719 } 720 721 $checkbox_value = html_specialchars(trim($checkbox_value)); 722 if($checkbox_counter) { 723 $form_field .= $checkbox_spacer; 724 } 725 $form_field .= '<input type="checkbox" name="'.$form_name.'[]" id="'.$form_name.$checkbox_counter.'" '; 726 if(substr($checkbox_value, -8) != ' checked') { 727 $form_field .= 'value="' . $checkbox_value . '" />'; 728 } else { 729 $checkbox_value = str_replace(' checked', '', $checkbox_value); 730 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 731 } 732 $form_field .= '<label for="'.$form_name.$checkbox_counter.'"'; 733 $form_field .= $checkbox_style; 734 $form_field .= '>'. $checkbox_label .'</label>'; 735 $checkbox_counter++; 736 } 737 } 738 $form_field .= $checkbox_class; 739 break; 740 741 case 'radio' : /* 742 * Radiobutton 743 */ 744 if($POST_DO && ( $cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { 745 $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false; 746 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 747 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 748 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 749 } else { 750 $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); 751 } 752 } 753 // 754 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 755 $form_value = array_map('trim', $form_value); 756 $form_value = array_diff($form_value, array('')); 757 if($cnt_form["fields"][$key]['class']) { 758 $form_field .= '<div class="'.$cnt_form["fields"][$key]['class'].'">'; 759 $checkbox_class = '</div>'; 760 } else { 761 $checkbox_class = ''; 762 } 763 if($cnt_form["fields"][$key]['style']) { 764 $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; 765 } else { 766 $checkbox_style = ''; 767 } 768 if(count($form_value) == 1 || count($form_value) == 0 || !$form_value) { 769 // only 1 checkbox 770 $checkbox_value = is_array($form_value) ? implode('', $form_value) : $form_value; 771 $checkbox_value = trim($checkbox_value); 772 773 $checkbox_value = explode('-|-', $checkbox_value, 2); 774 $checkbox_label = $checkbox_value[0]; 775 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 776 777 $checkbox_label = str_replace(' checked', '', $checkbox_label); 778 779 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == ($checkbox_value ? $checkbox_value : $form_name)) { 780 $checkbox_value .= ' checked'; 781 } 782 $checkbox_value = $checkbox_value ? html_specialchars($checkbox_value) : $form_name; 783 $form_field .= '<input type="radio" name="'.$form_name.'" id="'.$form_name.'" '; 784 if(substr($checkbox_value, -8) != ' checked') { 785 $form_field .= 'value="' . $checkbox_value . '" />'; 786 } else { 787 $checkbox_value = str_replace(' checked', '', $checkbox_value); 788 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 789 } 790 $form_field .= '<label for="'.$form_name.'"'; 791 $form_field .= $checkbox_style; 792 $form_field .= '>'. $checkbox_label .'</label>'; 793 794 } else { 795 // list of checkboxes 796 $checkbox_counter = 0; 797 $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '<br />' : ' '; 798 foreach($form_value as $checkbox_value) { 799 800 $checkbox_value = explode('-|-', $checkbox_value, 2); 801 $checkbox_label = $checkbox_value[0]; 802 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 803 804 $checkbox_label = str_replace(' checked', '', $checkbox_label); 805 806 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == $checkbox_value) { 807 $checkbox_value .= ' checked'; 808 } 809 $checkbox_value = html_specialchars(trim($checkbox_value)); 810 if($checkbox_counter) { 811 $form_field .= $checkbox_spacer; 812 } 813 $form_field .= '<input type="radio" name="'.$form_name.'" id="'.$form_name.$checkbox_counter.'" '; 814 if(substr($checkbox_value, -8) != ' checked') { 815 $form_field .= 'value="' . $checkbox_value . '" />'; 816 } else { 817 $checkbox_value = str_replace(' checked', '', $checkbox_value); 818 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 819 } 820 $form_field .= '<label for="'.$form_name.$checkbox_counter.'"'; 821 $form_field .= $checkbox_style; 822 $form_field .= '>'. $checkbox_label .'</label>'; 823 $checkbox_counter++; 824 } 825 } 826 $form_field .= $checkbox_class; 827 break; 828 829 case 'upload' : /* 830 * Upload 831 */ 832 if($cnt_form["fields"][$key]['value']) { 833 $cnt_form['upload_value'] = str_replace('"', '', $cnt_form["fields"][$key]['value']); 834 $cnt_form['upload_value'] = str_replace("'", '',$cnt_form['upload_value']); 835 $cnt_form['upload_value'] = str_replace("\r'", '',$cnt_form['upload_value']); 836 $cnt_form['upload_value'] = explode("\n", $cnt_form['upload_value']); 837 if(is_array($cnt_form['upload_value']) && count($cnt_form['upload_value'])) { 838 foreach($cnt_form['upload_value'] as $cnt_form['upload_key'] => $cnt_form['upload_val']) { 839 $temp_array = explode('=', $cnt_form['upload_val']); 840 unset($cnt_form['upload_value'][$cnt_form['upload_key']]); 841 if(!empty($temp_array[0]) && !empty($temp_array[1])) { 842 $cnt_form['upload_value'][$temp_array[0]] = $temp_array[1]; 843 } 844 } 845 } 846 } 847 if(empty($cnt_form['upload_value']['folder'])) { 848 $cnt_form['upload_value']['folder'] = 'content/form/'; 849 } 850 if(empty($cnt_form['upload_value']['attachment'])) { 851 $cnt_form['upload_value']['attachment'] = 0; 852 } 853 if(empty($cnt_form['upload_value']['exclude'])) { 854 $cnt_form['upload_value']['exclude'] = 'php,asp,php3,php4,php5,aspx,cfm,js'; 855 } 856 // 857 if($POST_DO && isset($_FILES[$POST_name])) { 858 $POST_val[$POST_name]['folder'] = $cnt_form['upload_value']['folder']; 859 $POST_val[$POST_name]['attachment'] = $cnt_form['upload_value']['attachment']; 860 $POST_val[$POST_name]['name'] = ''; 861 $cnt_form['upload_value']['exclude'] = str_replace(' ', '', $cnt_form['upload_value']['exclude']); 862 $cnt_form['upload_value']['exclude'] = str_replace('.', '', $cnt_form['upload_value']['exclude']); 863 $cnt_form['upload_value']['exclude'] = explode(',', $cnt_form['upload_value']['exclude']); 864 $cnt_form['upload_value']['exclude'] = array_diff($cnt_form['upload_value']['exclude'], array('')); 865 $cnt_form['upload_value']['exclude'] = implode('|', $cnt_form['upload_value']['exclude']); 866 $cnt_form['upload_value']['exclude'] = strtolower($cnt_form['upload_value']['exclude']); 867 $cnt_form['upload_value']['regexp'] = '/(.'.$cnt_form['upload_value']['exclude'].')$/'; 868 if($cnt_form["fields"][$key]['required'] && empty($_FILES[$POST_name]['name'])) { 869 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 870 $POST_ERR[$key] = str_replace('{MAXLENGTH}', '', $POST_ERR[$key]); 871 $POST_ERR[$key] = str_replace('{FILESIZE}', fsize(0, ' '), $POST_ERR[$key]); 872 $POST_ERR[$key] = str_replace('{FILENAME}', '"n.a."', $POST_ERR[$key]); 873 $POST_ERR[$key] = str_replace('{FILEEXT}', '"n.a."', $POST_ERR[$key]); 874 } elseif(!empty($_FILES[$POST_name]['name'])) { 875 $cnt_form['upload_value']['filename'] = time().'_'.$_FILES[$POST_name]['name']; 876 if( (!empty($cnt_form['upload_value']['maxlength']) && $_FILES[$POST_name]['size'] > intval($cnt_form['upload_value']['maxlength'])) 877 || preg_match($cnt_form['upload_value']['regexp'], strtolower($_FILES[$POST_name]['name'])) 878 || !@move_uploaded_file($_FILES[$POST_name]['tmp_name'], 879 PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$cnt_form['upload_value']['filename']) 880 ) { 881 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 882 $POST_ERR[$key] = str_replace('{MAXLENGTH}', empty($cnt_form['upload_value']['maxlength']) ? '' : fsize($cnt_form['upload_value']['maxlength'], ' '), $POST_ERR[$key]); 883 $POST_ERR[$key] = str_replace('{FILESIZE}', fsize(empty($_FILES[$POST_name]['size']) ? 0 : $_FILES[$POST_name]['size'], ' '), $POST_ERR[$key]); 884 $POST_ERR[$key] = str_replace('{FILENAME}', empty($_FILES[$POST_name]['name']) || trim($_FILES[$POST_name]['name'])=='' ? '"n.a."' : $_FILES[$POST_name]['name'], $POST_ERR[$key]); 885 $POST_ERR[$key] = str_replace('{FILEEXT}', '.'.str_replace('|', ', .', str_replace(',', ', .', $cnt_form['upload_value']['exclude'])), $POST_ERR[$key]); 886 } else { 887 $POST_val[$POST_name]['name'] = $cnt_form['upload_value']['filename']; 888 } 889 } 890 if(isset($POST_ERR[$key])) { 891 @unlink($_FILES[$POST_name]['tmp_name']); 892 @unlink(PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$cnt_form['upload_value']['filename']); 893 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 894 } 895 } 896 // 897 $form_field .= '<input type="file" name="'.$form_name.'" id="'.$form_name.'"'; 898 if(!empty($cnt_form['upload_value']['accept']) ) { 899 $form_field .= ' accept="'.$cnt_form['upload_value']['accept'].'"'; 900 } 901 if($cnt_form["fields"][$key]['size']) { 902 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 903 } 904 if($cnt_form["fields"][$key]['max']) { 905 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 906 } elseif (!empty($cnt_form['upload_value']['maxlength'])) { 907 $form_field .= ' maxlength="'.$cnt_form['upload_value']['maxlength'].'"'; 908 } 909 if($cnt_form["fields"][$key]['class']) { 910 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 911 } 912 if($cnt_form["fields"][$key]['style']) { 913 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 914 } 915 $form_field .= ' title="'; 916 if($cnt_form['upload_value']['maxlength']) { 917 $form_field .= 'max. '.fsize($cnt_form['upload_value']['maxlength'],' ',1); 918 } 919 $form_field .= '" />'; 920 unset($cnt_form['upload_value']); 921 922 // enable enctype attribute 923 $cnt_form['is_enctype'] = true; 924 break; 925 926 case 'submit' : /* 927 * Submit 928 */ 929 if(strpos(strtolower($cnt_form["fields"][$key]['value']), 'src=') === false) { 930 $form_field .= '<input type="submit" name="'.$form_name.'" id="'.$form_name.'" '; 931 if($cnt_form["fields"][$key]['value'] != '') { 932 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 933 } 934 if($cnt_form["fields"][$key]['class']) { 935 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 936 } 937 if($cnt_form["fields"][$key]['style']) { 938 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 939 } 940 $form_field .= ' />###RESET###'; 941 } else { 942 $form_field .= '<input type="image" name="'.$form_name.'" id="'.$form_name.'" '; 943 $form_field .= $cnt_form["fields"][$key]['value']; 944 if($cnt_form["fields"][$key]['class']) { 945 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 946 } 947 if($cnt_form["fields"][$key]['style']) { 948 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 949 } 950 $form_field .= ' />###RESET###'; 951 } 952 break; 953 954 955 case 'reset' : /* 956 * Reset 957 */ 958 if(strpos(strtolower($cnt_form["fields"][$key]['value']), 'src=') === false) { 959 $form_field .= '<input type="reset" name="'.$form_name.'" id="'.$form_name.'" '; 960 if($cnt_form["fields"][$key]['value'] != '') { 961 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 962 } 963 if($cnt_form["fields"][$key]['class']) { 964 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 965 } 966 if($cnt_form["fields"][$key]['style']) { 967 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 968 } 969 $form_field .= ' />'; 970 } else { 971 $form_field .= '<img name="'.$form_name.'" id="'.$form_name.'" '; 972 $form_field .= $cnt_form["fields"][$key]['value']; 973 if($cnt_form["fields"][$key]['class']) { 974 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 975 } 976 if($cnt_form["fields"][$key]['style']) { 977 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 978 } 979 $form_field .= ' border="0" onclick="document.phpwcmsForm'.$crow["acontent_id"].'.reset();" />'; 980 } 981 break; 982 983 case 'break' : /* 984 * Break 985 */ 986 if($cnt_form["fields"][$key]['style'] || $cnt_form["fields"][$key]['class']) { 987 $form_field .= '<div id="'.$form_name.'"'; 988 if($cnt_form["fields"][$key]['class']) { 989 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 990 } 991 if($cnt_form["fields"][$key]['style']) { 992 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 993 } 994 $form_field .= '>'; 995 $form_field .= $cnt_form["fields"][$key]['value']; 996 $form_field .= '</div>'; 997 } else { 998 $form_field .= $cnt_form["fields"][$key]['value']; 999 } 1000 break; 1001 1002 case 'breaktext': /* 1003 * Breaktext 1004 */ 1005 if($cnt_form["fields"][$key]['style'] || $cnt_form["fields"][$key]['class']) { 1006 $form_field .= '<span id="'.$form_name.'"'; 1007 if($cnt_form["fields"][$key]['class']) { 1008 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1009 } 1010 if($cnt_form["fields"][$key]['style']) { 1011 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1012 } 1013 $form_field .= '>'; 1014 $form_field .= nl2br(html_specialchars($cnt_form["fields"][$key]['value'])); 1015 $form_field .= '</span>'; 1016 } else { 1017 $form_field .= nl2br(html_specialchars($cnt_form["fields"][$key]['value'])); 1018 } 1019 break; 1020 1021 case 'captchaimg': /* 1022 * Captcha Images 1023 */ 1024 if(empty($cnt_form["fields"][$key]['value']) && ($cnt_form["fields"][$key]['style'] || $cnt_form["fields"][$key]['class'])) { 1025 $form_field .= '<div id="'.$form_name.'"'; 1026 if($cnt_form["fields"][$key]['class']) { 1027 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1028 } 1029 if($cnt_form["fields"][$key]['style']) { 1030 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1031 } 1032 $form_field .= '>{CAPTCHA}</div>'; 1033 } elseif(!empty($cnt_form["fields"][$key]['value'])) { 1034 $form_field .= $cnt_form["fields"][$key]['value']; 1035 } else { 1036 $form_field .= '{CAPTCHA}'; 1037 } 1038 $form_field = str_replace('{CAPTCHA}', '<img src="img/captcha.php?regen=y&'.time().'" alt="Captcha" border="0" />', $form_field); 1039 break; 1040 1041 case 'mathspam': /* 1042 * Math Spam Protect 1043 */ 1044 if($POST_DO) { 1045 1046 $POST_val[$POST_name] = isset($_POST[$POST_name]) && trim(is_numeric($_POST[$POST_name])) ? intval($_POST[$POST_name]) : -1; 1047 1048 $mathspam_result = $POST_val[$POST_name] * 123345 * strlen($phpwcms['db_user']); 1049 $mathspam_result = md5( PHPWCMS_URL . md5($phpwcms['db_pass']) . $mathspam_result ); 1050 1051 $mathspam_default = isset($_POST[$POST_name.'_result']) ? trim($_POST[$POST_name.'_result']) : ''; 1052 1053 if($mathspam_result != $mathspam_default || ($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] === ''))) { 1054 $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? 'Math spam protection error' : $cnt_form["fields"][$key]['error']; 1055 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 1056 } 1057 } 1058 1059 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" value=""'; 1060 if($cnt_form["fields"][$key]['size']) { 1061 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 1062 } 1063 if($cnt_form["fields"][$key]['max']) { 1064 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 1065 } 1066 if($cnt_form["fields"][$key]['class']) { 1067 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1068 } 1069 if($cnt_form["fields"][$key]['style']) { 1070 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1071 } 1072 $form_field .= ' />'; 1073 1074 // calculate the result and the question 1075 $mathspam_calculations = array('+'=>'+', '-'=>'-', '*'=>'*', '/'=>':'); 1076 $mathspam_operation = array_rand($mathspam_calculations, 1); 1077 $mathspam_operator = $mathspam_calculations[ $mathspam_operation ]; 1078 $mathspam_number_1 = rand( $mathspam_operation === '/' ? 1 : 0 , 10); 1079 1080 // fix divisions to avoid fractional results 1081 if($mathspam_operation === '/') { 1082 1083 switch($mathspam_number_1) { 1084 1085 case 1: $mathspam_number_2 = 1; 1086 break; 1087 1088 case 2: $mathspam_number_2 = array_rand( array(1=>1, 2=>2), 1); 1089 break; 1090 1091 case 3: $mathspam_number_2 = array_rand( array(1=>1, 3=>3), 1); 1092 break; 1093 1094 case 4: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 4=>4), 1); 1095 break; 1096 1097 case 5: $mathspam_number_2 = array_rand( array(1=>1, 5=>5), 1); 1098 break; 1099 1100 case 6: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 3=>3, 6=>6), 1); 1101 break; 1102 1103 case 7: $mathspam_number_2 = array_rand( array(1=>1, 7=>7), 1); 1104 break; 1105 1106 case 8: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 4=>4, 8=>8), 1); 1107 break; 1108 1109 case 9: $mathspam_number_2 = array_rand( array(1=>1, 3=>3, 9=>9), 1); 1110 break; 1111 1112 case 10: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 5=>5, 10=>10), 1); 1113 break; 1114 1115 } 1116 1117 // avoid subtraction with results < 0 1118 } elseif($mathspam_operation === '-') { 1119 1120 $mathspam_number_2 = rand(0, $mathspam_number_1); 1121 1122 } else { 1123 1124 $mathspam_number_2 = rand(0, 10); 1125 1126 } 1127 1128 $mathspam_question = $cnt_form["fields"][$key]['value'][ $mathspam_operator ]; 1129 $mathspam_question .= ' <span class="calc">' . $mathspam_number_1 . ' '; 1130 $mathspam_question .= html_entities( $mathspam_operator ); 1131 //$mathspam_question .= '<i style="display:none;">(%'.mt_rand(0,10000).')</i>'; 1132 $mathspam_question .= ' ' . $mathspam_number_2 . '</span>'; 1133 1134 switch($mathspam_operation) { 1135 1136 case '+': $mathspam_result = $mathspam_number_1 + $mathspam_number_2; break; 1137 case '-': $mathspam_result = $mathspam_number_1 - $mathspam_number_2; break; 1138 case '/': $mathspam_result = $mathspam_number_1 / $mathspam_number_2; break; 1139 case '*': $mathspam_result = $mathspam_number_1 * $mathspam_number_2; break; 1140 1141 } 1142 $mathspam_result = intval($mathspam_result) * 123345 * strlen($phpwcms['db_user']); 1143 $mathspam_result = md5( PHPWCMS_URL . md5($phpwcms['db_pass']) . $mathspam_result ); 1144 1145 // hidden field, contains the hashed result 1146 $form_field .= '<input type="hidden" name="'.$form_name.'_result" value="'.$mathspam_result.'" />'; 1147 1148 $form_field .= ' <span class="mathspam">'; 1149 $form_field .= trim( $cnt_form["fields"][$key]['value']['calc'] . ' ' . trim( $mathspam_question ) ); 1150 $form_field .= '</span>'; 1151 break; 1152 1153 case 'newsletter': /* 1154 * Newsletter 1155 */ 1156 1157 $form_newletter_setting = array(); 1158 $form_newletter_setting['double_optin'] = 0; 1159 $form_value = array(); 1160 1161 if($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { 1162 if(isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) { 1163 $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); 1164 $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); 1165 if(!count($POST_val[$POST_name])) { 1166 $POST_val[$POST_name] = false; 1167 } 1168 } else { 1169 $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false; 1170 } 1171 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 1172 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 1173 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 1174 } else { 1175 $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); 1176 } 1177 1178 if(isset($POST_val[$POST_name])) { 1179 $form_newletter_setting['selection'] = $POST_val[$POST_name]; 1180 } else { 1181 $form_newletter_setting['selection'] = false; 1182 } 1183 1184 } 1185 // prepare default settings for newsletter field 1186 $form_value_default = convertStringToArray($cnt_form["fields"][$key]['value'], "\n", 'UNIQUE', false); 1187 foreach($form_value_default as $form_value_nl) { 1188 1189 $form_value_nl = explode('=', $form_value_nl, 2); 1190 $form_value_nl[0] = trim($form_value_nl[0]); 1191 $form_value_nl[1] = empty($form_value_nl[1]) ? '' : trim($form_value_nl[1]); 1192 1193 if(empty($form_value_nl[0]) || empty($form_value_nl[1])) { 1194 1195 continue; 1196 1197 } else { 1198 1199 switch($form_value_nl[0]) { 1200 1201 case 'all': $form_value[0] = $form_value_nl[1]; break; 1202 case 'email_field': $form_newletter_setting['email_field'] = $form_value_nl[1]; break; 1203 case 'name_field': $form_newletter_setting['name_field'] = $form_value_nl[1]; break; 1204 case 'sender_email': $form_newletter_setting['sender_email'] = $form_value_nl[1]; break; 1205 case 'sender_name': $form_newletter_setting['sender_name'] = $form_value_nl[1]; break; 1206 case 'url_subscribe': $form_newletter_setting['url_subscribe'] = $form_value_nl[1]; break; 1207 case 'url_unsubscribe': $form_newletter_setting['url_unsubscribe'] = $form_value_nl[1]; break; 1208 case 'subject': $form_newletter_setting['subject'] = $form_value_nl[1]; break; 1209 case 'double_optin': $form_newletter_setting['double_optin'] = intval($form_value_nl[1]) ? 1 : 0; break; 1210 1211 default: 1212 if( ($form_value_nl[0] = intval($form_value_nl[0])) ) { 1213 $query = _dbGet('phpwcms_subscription', '*', 'subscription_id='.$form_value_nl[0].' AND subscription_active=1'); 1214 if(isset($query[0])) { 1215 if($form_value_nl[1] == '') { 1216 $form_value_nl[1] = $query[0]['subscription_name']; 1217 } 1218 $form_value[ $form_value_nl[0] ] = $form_value_nl[1]; 1219 } else { 1220 continue; 1221 } 1222 } else { 1223 continue; 1224 } 1225 } 1226 } 1227 } 1228 1229 $form_newletter_setting['subscriptions'] = $form_value; 1230 1231 if($cnt_form["fields"][$key]['class']) { 1232 $form_field .= '<div class="'.$cnt_form["fields"][$key]['class'].'">'; 1233 $checkbox_class = '</div>'; 1234 } else { 1235 $checkbox_class = ''; 1236 } 1237 if($cnt_form["fields"][$key]['style']) { 1238 $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1239 } else { 1240 $checkbox_style = ''; 1241 } 1242 // list of checkboxes 1243 $checkbox_counter = 0; 1244 $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '<br />' : ' '; 1245 foreach($form_value as $checkbox_key => $checkbox_value) { 1246 1247 if(isset($POST_val[$POST_name]) && is_array($POST_val[$POST_name])) { 1248 foreach($POST_val[$POST_name] as $postvar_value) { 1249 if($postvar_value == $checkbox_key) { 1250 $checkbox_key .= ' checked'; 1251 } 1252 } 1253 } 1254 1255 if($checkbox_counter) { 1256 $form_field .= $checkbox_spacer; 1257 } 1258 $form_field .= '<input type="checkbox" name="'.$form_name.'[]" id="'.$form_name.$checkbox_counter.'" '; 1259 if(substr($checkbox_key, -8) != ' checked' && substr($checkbox_value, -8) != ' checked') { 1260 $form_field .= 'value="' . $checkbox_key . '" />'; 1261 } else { 1262 $checkbox_key = str_replace(' checked', '', $checkbox_key); 1263 $checkbox_value = str_replace(' checked', '', $checkbox_value); 1264 $form_field .= 'value="' . $checkbox_key . '" checked="checked" />'; 1265 } 1266 $form_field .= '<label for="'.$form_name.$checkbox_counter.'"'; 1267 $form_field .= $checkbox_style; 1268 $form_field .= '>'.$checkbox_value .'</label>'; 1269 $checkbox_counter++; 1270 } 1271 $form_field .= $checkbox_class; 1272 break; 1273 1274 1275 } 1276 1277 // try to find correct sender name 1278 if($POST_DO && $cnt_form['sendernametype'] == 'formfield_'.$POST_name) { 1279 1280 $cnt_form['sendername'] = cleanUpForEmailHeader($cnt_form["fields"][$key]['value']); 1281 1282 } 1283 // try to build correct subject 1284 if($POST_DO && isset($cnt_form['subjectselect']) && $cnt_form['subjectselect'] == 'formfield_'.$POST_name) { 1285 1286 $cnt_form['subject'] .= ' '.cleanUpForEmailHeader($POST_val[$POST_name]); 1287 $cnt_form['subject'] = trim($cnt_form['subject']); 1288 1289 } 1290 1291 // Build the form elements 1292 1293 if($form_field && $cnt_form["fields"][$key]['type'] != 'hidden') { 1294 1295 1296 if($cnt_form['labelpos'] == 2) { 1297 1298 // custom form template 1299 $POST_name_quoted = preg_quote($POST_name, '/'); 1300 1301 if(empty($POST_ERR[$key])) { 1302 // if error for field empty 1303 $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\].*?\[\/IF_ERROR\]/s', '', $form_cnt); 1304 $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\](.*?)\[\/ELSE_ERROR\]/s', '$1', $form_cnt); 1305 $form_cnt = str_replace('{ERROR:'.$POST_name.'}', '', $form_cnt); 1306 } else { 1307 // field error available 1308 $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\](.*?)\[\/IF_ERROR\]/s', '$1', $form_cnt); 1309 $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\].*?\[\/ELSE_ERROR\]/s', '', $form_cnt); 1310 $form_cnt = str_replace('{ERROR:'.$POST_name.'}', html_specialchars($POST_ERR[$key]), $form_cnt); 1311 } 1312 1313 $form_cnt = str_replace('{'.$POST_name.'}', $form_field, $form_cnt); 1314 $form_cnt = str_replace('{LABEL:'.$POST_name.'}', html_specialchars($cnt_form["fields"][$key]['label']), $form_cnt); 1315 1316 } else { 1317 1318 // default table 1319 1320 if($cnt_form["fields"][$key]['type'] == 'reset' && strpos($form_cnt, '###RESET###')) { 1321 1322 $form_cnt = str_replace('###RESET###', $form_field, $form_cnt); 1323 1324 } else { 1325 1326 if($cnt_form["fields"][$key]['required']) { 1327 $cnt_form['labelClass'] = 'formLabelRequired'; 1328 $cnt_form['labelReqMark'] = $cnt_form["cform_reqmark"]; 1329 } else { 1330 $cnt_form['labelClass'] = 'formLabel'; 1331 $cnt_form['labelReqMark'] = ''; 1332 } 1333 1334 if($cnt_form['labelpos'] == 0) { 1335 // label: field 1336 if($cnt_form["fields"][$key]['type'] != 'break') { 1337 $form_cnt .= "<tr>\n".'<td class="'.$cnt_form['labelClass'].'">'; 1338 if($cnt_form["fields"][$key]['label'] != '') { 1339 $form_cnt .= $cnt_form['label_wrap'][0]; 1340 $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); 1341 $form_cnt .= $cnt_form['labelReqMark']; 1342 $form_cnt .= $cnt_form['label_wrap'][1]; 1343 } else { 1344 $form_cnt .= ' '; 1345 } 1346 $form_cnt .= "</td>\n"; 1347 $form_cnt .= '<td class="formField">'.$form_field."</td>\n</tr>\n"; 1348 } else { 1349 // colspan for break 1350 $form_cnt .= '<tr><td colspan="2">'.$form_field."</td></tr>\n"; 1351 } 1352 } else { 1353 // label: 1354 // field 1355 if($cnt_form["fields"][$key]['label'] != '') { 1356 $form_cnt .= '<tr><td class="'.$cnt_form['labelClass'].'">'.$cnt_form['label_wrap'][0]; 1357 $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); 1358 $form_cnt .= $cnt_form['labelReqMark']; 1359 $form_cnt .= $cnt_form['label_wrap'][1]."</td></tr>\n"; 1360 } 1361 $form_cnt .= '<tr><td class="formField">'.$form_field."</td></tr>\n"; 1362 } 1363 } 1364 1365 } 1366 } 1367 1368 $form_counter++; 1369 } 1370 } 1371 1372 if(!empty($POST_DO) && empty($POST_ERR)) { 1373 1374 $POST_attach = array(); 1375 $POST_savedb = array(); 1376 1377 // now prepare form values for sending or storing 1378 if(isset($POST_val) && is_array($POST_val) && count($POST_val)) { 1379 1380 // fallback solution for older forms which do not know 1381 // separate email template for "copy to" recipient 1382 if(!isset($cnt_form['template_equal'])) { 1383 $cnt_form['template_equal'] = 1; 1384 } 1385 1386 foreach($POST_val as $POST_key => $POST_keyval) { 1387 1388 $POST_valurl = ''; 1389 1390 if(isset($cnt_form["copyto"]) && $cnt_form["copyto"] == $POST_key) { 1391 $cnt_form["copyto"] = $POST_keyval; 1392 } 1393 1394 if(is_array($POST_keyval) && !isset($POST_keyval['folder'])) { 1395 // check if this is an array - but no upload value 1396 $POST_keyval = implode(', ', $POST_keyval); 1397 1398 } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { 1399 // check if this is an array - and is an upload value 1400 $POST_valurl = PHPWCMS_URL.$POST_keyval['folder'].'/'.rawurlencode($POST_keyval['name']); 1401 if(isset($POST_keyval['attachment']) && $POST_keyval['attachment']) { 1402 $POST_attach[] = PHPWCMS_ROOT.'/'.$POST_keyval['folder'].'/'.$POST_keyval['name']; 1403 } 1404 if(!$cnt_form['template_format']) { 1405 $POST_keyval = $POST_valurl; 1406 } 1407 } 1408 1409 // prepare for storing in database 1410 if(!empty($cnt_form['savedb'])) { 1411 1412 $POST_savedb[$POST_key] = empty($POST_valurl) ? $POST_keyval : $POST_valurl; 1413 1414 } 1415 1416 1417 // first check copy to email template related things 1418 if( !$cnt_form['template_equal'] ) { 1419 1420 if($cnt_form['template_format_copy'] == 1) { //HTML 1421 1422 if(is_string($POST_keyval)) { 1423 $POST_keyval_copy = html_specialchars($POST_keyval); 1424 } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { 1425 $POST_keyval_copy = '<a href="'.$POST_valurl.'" target="_blank">'.html_specialchars($POST_keyval['name']).'</a>'; 1426 } 1427 1428 } else { 1429 1430 $POST_keyval_copy = $POST_keyval; 1431 1432 } 1433 1434 // replace tags in email form 1435 $cnt_form['template_copy'] = str_replace('{'. $POST_key . '}', $POST_keyval_copy, $cnt_form['template_copy']); 1436 1437 } 1438 1439 if($cnt_form['template_format']) { //HTML 1440 1441 if(is_string($POST_keyval)) { 1442 $POST_keyval = html_specialchars($POST_keyval); 1443 } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { 1444 $POST_keyval = '<a href="'.$POST_valurl.'" target="_blank">'.html_specialchars($POST_keyval['name']).'</a>'; 1445 } 1446 1447 $cnt_form['is_html_entity'] = true; 1448 1449 } else { 1450 1451 // remember the HTML entity status 1452 $cnt_form['is_html_entity'] = false; 1453 1454 } 1455 1456 // replace tags in email form 1457 $cnt_form['template'] = str_replace('{'. $POST_key . '}', $POST_keyval, $cnt_form['template']); 1458 1459 //replace tags in the success form but not for redirect. 1460 if($cnt_form["onsuccess_redirect"] !== 1) { 1461 1462 // check if it is htmlentity 1463 if(!$cnt_form['is_html_entity'] && $cnt_form["onsuccess_redirect"] === 2) { 1464 $POST_keyval = html_specialchars($POST_keyval); 1465 } 1466 $cnt_form["onsuccess"] = str_replace('{'. $POST_key . '}', $POST_keyval, $cnt_form["onsuccess"]); 1467 1468 } 1469 1470 } 1471 1472 $cnt_form['fe_current_url'] = PHPWCMS_URL . 'index.php' . returnGlobalGET_QueryString('rawurlencode'); 1473 1474 $cnt_form['template'] = str_replace('{FORM_URL}', $cnt_form['fe_current_url'], $cnt_form['template']); 1475 $cnt_form['template'] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form['template']); 1476 $cnt_form['template'] = preg_replace('/\{DATE:(.*?)\}/e', 'date("$1")', $cnt_form['template']); 1477 1478 if( !$cnt_form['template_equal'] ) { 1479 1480 $cnt_form['template_copy'] = str_replace('{FORM_URL}', $cnt_form['fe_current_url'], $cnt_form['template_copy']); 1481 $cnt_form['template_copy'] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form['template_copy']); 1482 $cnt_form['template_copy'] = preg_replace('/\{DATE:(.*?)\}/e', 'date("$1")', $cnt_form['template_copy']); 1483 $cnt_form['template_copy'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['template_copy']); 1484 1485 } 1486 1487 if($cnt_form["onsuccess_redirect"] !== 1) { 1488 1489 $cnt_form["onsuccess"] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form["onsuccess"]); 1490 $cnt_form['onsuccess'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['onsuccess']); 1491 1492 } 1493 1494 $cnt_form['template'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['template']); 1495 1496 // check if "copy to" email template is equal recipient 1497 // email template and set it the same 1498 if($cnt_form['template_equal'] == 1) { 1499 1500 $cnt_form['template_format_copy'] = $cnt_form['template_format']; 1501 $cnt_form['template_copy'] = $cnt_form['template']; 1502 1503 } 1504 1505 // storing in database moved to 2nd POST_ERR if section 1506 1507 } 1508 1509 1510 // get email addresses of recipients and senders 1511 1512 $cnt_form["target"] = convertStringToArray($cnt_form["target"], ';'); 1513 if(empty($cnt_form["subject"])) { 1514 $cnt_form["alt_subj"] = str_replace('http://', '', $phpwcms['site']); 1515 $cnt_form["alt_subj"] = substr($cnt_form["alt_subj"], 0, trim($phpwcms['site'], '/')); 1516 $cnt_form["subject"] = 'Webform: '.$cnt_form["alt_subj"]; 1517 } 1518 1519 // check for BCC Addresses 1520 $cnt_form['cc'] = empty($cnt_form['cc']) ? array() : convertStringToArray($cnt_form['cc'], ';'); 1521 1522 1523 // first try to send copy message 1524 if(!empty($cnt_form['sendcopy']) && !empty($cnt_form["copyto"]) && is_valid_email($cnt_form["copyto"])) { 1525 $cnt_form['cc'][] = $cnt_form["copyto"]; 1526 $cnt_form['fromEmail'] = $cnt_form["copyto"]; 1527 } 1528 1529 // check for unique recipients (target) and sender (fromEmail) 1530 if(!empty($cnt_form['checktofrom'])) { 1531 1532 foreach($cnt_form["target"] as $value) { 1533 1534 if(strtolower($cnt_form['fromEmail']) == strtolower($value)) { 1535 1536 $POST_ERR[] = 'Sender’s email must be different from recipient’s email'; 1537 break; 1538 } 1539 1540 } 1541 1542 } 1543 1544 } 1545 1546 // do $POST_ERR test again to handle possible duplicates 1547 // in case 'checktofrom' = 1 1548 if(!empty($POST_DO) && empty($POST_ERR)) { 1549 1550 // check if there are form values which should be saved in db 1551 if(count($POST_savedb)) { 1552 1553 $POST_savedb_sql = 'INSERT INTO '.DB_PREPEND.'phpwcms_formresult '; 1554 $POST_savedb_sql .= '(formresult_pid, formresult_ip, formresult_content) VALUES ('; 1555 $POST_savedb_sql .= $crow['acontent_id'].", '".aporeplace(getRemoteIP())."', '"; 1556 $POST_savedb_sql .= aporeplace(serialize($POST_savedb)) . "')"; 1557 $POST_savedb_sql = _dbQuery($POST_savedb_sql, 'INSERT'); 1558 1559 } 1560 1561 1562 // send mail, include phpmailer class 1563 require_once ('include/inc_ext/phpmailer/class.phpmailer.php'); 1564 1565 // now run all CC -> but sent as full email to each CC recipient 1566 if(count($cnt_form['cc'])) { 1567 1568 $mail = new PHPMailer(); 1569 $mail->Mailer = $phpwcms['SMTP_MAILER']; 1570 $mail->Host = $phpwcms['SMTP_HOST']; 1571 $mail->Port = $phpwcms['SMTP_PORT']; 1572 if($phpwcms['SMTP_AUTH']) { 1573 $mail->SMTPAuth = 1; 1574 $mail->Username = $phpwcms['SMTP_USER']; 1575 $mail->Password = $phpwcms['SMTP_PASS']; 1576 } 1577 $mail->CharSet = $phpwcms["charset"]; 1578 1579 if(isset($cnt_form['function_cc']) && function_exists($cnt_form['function_cc'])) { 1580 @$cnt_form['function_cc']($POST_savedb, $cnt_form, $mail); 1581 } 1582 1583 $mail->IsHTML($cnt_form['template_format_copy']); 1584 $mail->Subject = $cnt_form["subject"]; 1585 $mail->Body = $cnt_form['template_copy']; 1586 if(!$mail->SetLanguage($phpwcms['default_lang'], '')) { 1587 $mail->SetLanguage('en'); 1588 } 1589 1590 $mail->From = $cnt_form['sender']; 1591 $mail->FromName = $cnt_form['sendername']; 1592 $mail->Sender = $cnt_form['sender']; 1593 1594 $cnt_form["copytoError"] = array(); 1595 1596 foreach($cnt_form['cc'] as $cc_email) { 1597 1598 $mail->AddAddress($cc_email); 1599 1600 if(!$mail->Send()) { 1601 $cnt_form["copytoError"][] = html_specialchars($cc_email.' ('.$mail->ErrorInfo.')'); 1602 } 1603 1604 $mail->ClearAddresses(); 1605 1606 } 1607 1608 if(count($cnt_form["copytoError"])) { 1609 $cnt_form["copytoError"] = implode('<br />', $cnt_form["copytoError"]); 1610 } else { 1611 unset($cnt_form["copytoError"]); 1612 } 1613 1614 unset($mail); 1615 } 1616 1617 // now send original message 1618 $mail = new PHPMailer(); 1619 $mail->Mailer = $phpwcms['SMTP_MAILER']; 1620 $mail->Host = $phpwcms['SMTP_HOST']; 1621 $mail->Port = $phpwcms['SMTP_PORT']; 1622 if($phpwcms['SMTP_AUTH']) { 1623 $mail->SMTPAuth = 1; 1624 $mail->Username = $phpwcms['SMTP_USER']; 1625 $mail->Password = $phpwcms['SMTP_PASS']; 1626 } 1627 $mail->CharSet = $phpwcms["charset"]; 1628 1629 if(isset($cnt_form['function_to']) && function_exists($cnt_form['function_to'])) { 1630 @$cnt_form['function_to']($POST_savedb, $cnt_form, $mail); 1631 } 1632 1633 $mail->IsHTML($cnt_form['template_format']); 1634 $mail->Subject = $cnt_form["subject"]; 1635 $mail->Body = $cnt_form['template']; 1636 1637 if(!$mail->SetLanguage($phpwcms['default_lang'], '')) { 1638 $mail->SetLanguage('en'); 1639 } 1640 if(empty($cnt_form["fromEmail"])) { 1641 $cnt_form["fromEmail"] = $phpwcms['SMTP_FROM_EMAIL']; 1642 } 1643 $mail->From = $cnt_form['sender']; 1644 $mail->FromName = $cnt_form['sendername']; 1645 $mail->Sender = $cnt_form['sender']; 1646 1647 if(!empty($cnt_form["target"]) && is_array($cnt_form["target"]) && count($cnt_form["target"])) { 1648 1649 foreach($cnt_form["target"] as $e_value) { 1650 $mail->AddAddress(trim($e_value)); 1651 } 1652 1653 } else { 1654 // use default email address 1655 $mail->AddAddress($phpwcms['SMTP_FROM_EMAIL']); 1656 } 1657 1658 if(count($POST_attach)) { 1659 foreach($POST_attach as $attach_file) { 1660 $mail->AddAttachment($attach_file); 1661 } 1662 } 1663 1664 if(!$mail->Send()) { 1665 $CNT_TMP .= '<p>'.html_specialchars($mail->ErrorInfo).'</p>'; 1666 } else { 1667 1668 // check if user should be registered for newsletter 1669 if(isset($form_newletter_setting['selection']) && count($form_newletter_setting['selection'])) { 1670 1671 // first check if neccessary form field is valid email 1672 if(isset($POST_val[ $form_newletter_setting['email_field'] ]) && is_valid_email($POST_val[ $form_newletter_setting['email_field'] ])) { 1673 1674 // ok now I know we can store email as newsletter recipient 1675 $form_newletter_setting['email_field'] = $POST_val[ $form_newletter_setting['email_field'] ]; 1676 1677 // now try to find fields to build recipient's name, if empty name is same as email 1678 if(!empty($form_newletter_setting['name_field'])) { 1679 1680 // split by "+" 1681 $form_newletter_setting['name_field_tmp'] = explode('+', $form_newletter_setting['name_field']); 1682 $form_newletter_setting['name_field'] = ''; 1683 foreach($form_newletter_setting['name_field_tmp'] as $form_value_nl) { 1684 1685 // empty - continue 1686 if(empty($form_value_nl)) continue; 1687 1688 // now check if field name exists and build corresponding name value 1689 if(empty($POST_val[ trim($form_value_nl) ])) { 1690 $form_newletter_setting['name_field'] .= $form_value_nl; 1691 } else { 1692 $form_value_nl = trim($form_value_nl); 1693 $form_newletter_setting['name_field'] .= $POST_val[ $form_value_nl ]; 1694 } 1695 1696 } 1697 $form_newletter_setting['name_field'] = trim($form_newletter_setting['name_field']); 1698 1699 } 1700 1701 if(empty($form_newletter_setting['name_field'])) { 1702 $form_newletter_setting['name_field'] = $form_newletter_setting['email_field']; 1703 } 1704 1705 $form_newletter_setting['hash'] = shortHash( $form_newletter_setting['email_field'].time() ); 1706 1707 // create SQL query to populate recipient into recipients db 1708 $form_newletter_setting['sql'] = 'INSERT INTO '.DB_PREPEND.'phpwcms_address '; 1709 $form_newletter_setting['sql'] .= '(address_key, address_email, address_name, address_verified, '; 1710 $form_newletter_setting['sql'] .= 'address_subscription, address_url1, address_url2) VALUES ('; 1711 $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['hash'])."', "; 1712 $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['email_field'])."', "; 1713 $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['name_field'])."', "; 1714 $form_newletter_setting['sql'] .= (empty($form_newletter_setting['double_optin']) ? 1 : 0) .", "; 1715 $form_newletter_setting['sql'] .= "'".aporeplace(serialize($form_newletter_setting['selection']))."', "; 1716 $form_newletter_setting['sql'] .= "'".aporeplace(empty($form_newletter_setting['url_subscribe']) ? '' : $form_newletter_setting['url_subscribe'])."', "; 1717 $form_newletter_setting['sql'] .= "'".aporeplace(empty($form_newletter_setting['url_unsubscribe']) ? '' : $form_newletter_setting['url_unsubscribe'])."'"; 1718 $form_newletter_setting['sql'] .= ')'; 1719 1720 // save recipient in db and send verify message in case of double opt-in 1721 $form_newletter_setting['query_result'] = @_dbQuery($form_newletter_setting['sql'], 'INSERT'); 1722 1723 // now send opt-in email 1724 if(!empty($form_newletter_setting['double_optin'])) { 1725 1726 if(empty($cnt_form['verifyemail'])) { 1727 $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE.'inc_cntpart/newsletter/email/default.opt-in.txt'); 1728 if(empty($cnt_form['verifyemail'])) { 1729 $cnt_form['verifyemail'] = 'Hi {NEWSLETTER_NAME},'.LF.LF.'Someone (presumably you) on {SITE}'.LF.'subscribed to these newsletters:'.LF; 1730 $cnt_form['verifyemail'] .= '{SUBSCRIPTIONS}'.LF.LF.'The following email was requested for subscription'.LF.'{NEWSLETTER_EMAIL}'.LF.LF; 1731 $cnt_form['verifyemail'] .= 'If you requested this subscription, visit the following URL'.LF.'{NEWSLETTER_VERIFY}'.LF.'to verify and activate it.'.LF.LF; 1732 $cnt_form['verifyemail'] .= 'Ignore the message or visit the following URL'.LF.'{NEWSLETTER_DELETE}'.LF.'and nothing will happen.'.LF.LF.LF; 1733 $cnt_form['verifyemail'] .= 'With best regards'.LF.'Webmaster'.LF.LF.'--'.LF.'{DATE:m/d/Y H:i:s}, IP: {IP}'.LF; 1734 } 1735 } 1736 1737 $form_newletter_setting['hash'] = rawurlencode($form_newletter_setting['hash']); 1738 1739 $form_newletter_setting['selection_text'] = array(); 1740 foreach($form_newletter_setting['selection'] as $form_value_nl) { 1741 $form_newletter_setting['subscr_text'][] = '[X] '.$form_newletter_setting['subscriptions'][$form_value_nl]; 1742 } 1743 1744 if($form_newletter_setting['email_field'] == $form_newletter_setting['name_field']) $form_newletter_setting['name_field'] = ''; 1745 1746 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_NAME}', $form_newletter_setting['name_field'], $cnt_form['verifyemail']); 1747 $cnt_form['verifyemail'] = str_replace('{SUBSCRIPTIONS}', implode(LF, $form_newletter_setting['subscr_text']), $cnt_form['verifyemail']); 1748 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_EMAIL}', $form_newletter_setting['email_field'], $cnt_form['verifyemail']); 1749 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_VERIFY}', PHPWCMS_URL.'verify.php?s='.$form_newletter_setting['hash'], $cnt_form['verifyemail']); 1750 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_DELETE}', PHPWCMS_URL.'verify.php?u='.$form_newletter_setting['hash'], $cnt_form['verifyemail']); 1751 $cnt_form['verifyemail'] = replaceGlobalRT($cnt_form['verifyemail']); 1752 1753 if(empty($form_newletter_setting['sender_email'])) $form_newletter_setting['sender_email'] = $cnt_form['sender']; 1754 if(empty($form_newletter_setting['sender_name'])) $form_newletter_setting['sender_name'] = $cnt_form['sendername']; 1755 1756 // now send verification email 1757 @sendEmail(array( 'recipient' => $form_newletter_setting['email_field'], 1758 'toName' => $form_newletter_setting['name_field'], 1759 'subject' => $form_newletter_setting['subject'], 1760 'text' => $cnt_form['verifyemail'], 1761 'from' => $form_newletter_setting['sender_email'], 1762 'fromName' => $form_newletter_setting['sender_name'], 1763 'sender' => $form_newletter_setting['sender_email'] )); 1764 1765 } 1766 1767 } 1768 1769 } 1770 1771 if($cnt_form["onsuccess_redirect"] === 1) { 1772 // redirect on success 1773 headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onsuccess"])); 1774 1775 } elseif($cnt_form["onsuccess"]) { 1776 // success 1777 1778 $CNT_TMP .= '<div'; 1779 $CNT_TMP .= $cnt_form["class"] ? ' class="'.$cnt_form["class"].'">' : '>'; 1780 1781 if($cnt_form["onsuccess_redirect"] === 0) { 1782 $CNT_TMP .= '<p>'.nl2br(html_specialchars($cnt_form["onsuccess"])).'</p>'; 1783 } else { 1784 $CNT_TMP .= $cnt_form["onsuccess"]; 1785 } 1786 $CNT_TMP .= '</div>'; 1787 } 1788 1789 } 1790 if(!empty($cnt_form["copytoError"])) { 1791 $CNT_TMP .= '<p>'.$cnt_form["copytoError"].'</p>'; 1792 } 1793 1794 unset($mail); 1795 1796 $form_cnt = ''; 1797 1798 } elseif(isset($POST_ERR)) { 1799 // do on POST_ERROR 1800 1801 if(isset($_FILES)) { 1802 foreach($_FILES as $file_key => $file_val) { 1803 @unlink($_FILES[$file_key]['tmp_name']); 1804 } 1805 if(isset($POST_val) && count($POST_val)) { 1806 foreach($POST_val as $file_key => $file_val) { 1807 @unlink(PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$POST_val[$file_key]['name']); 1808 } 1809 } 1810 } 1811 1812 if($cnt_form["onerror_redirect"] === 1) { 1813 1814 headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onerror"])); 1815 1816 } else { 1817 1818 if($cnt_form["onerror"]) { 1819 1820 if($cnt_form["onerror_redirect"] === 0) { 1821 $form_error_text = '<p>'.nl2br(html_specialchars($cnt_form["onerror"])).'</p>'; 1822 } else { 1823 $form_error_text = $cnt_form["onerror"]; 1824 } 1825 } 1826 1827 $POST_ERR = array_diff( $POST_ERR , array('') ); 1828 $POST_ERR = array_map( 'html_specialchars', $POST_ERR ); 1829 if($cnt_form['labelpos'] != 2 && count( $POST_ERR ) ) { 1830 $form_error = "<tr>\n"; 1831 if($cnt_form['labelpos'] == 0) { // label: field 1832 $form_error .= '<td class="'.$cnt_form['labelClass'].'">'." </td>\n"; 1833 } 1834 $form_error .= '<td'.(!empty($cnt_form["error_class"]) ? ' class="'.$cnt_form["error_class"].'"' : '').'>'; 1835 $form_error .= implode("<br />", $POST_ERR); 1836 $form_error .= "</td>\n</tr>\n"; 1837 1838 $form_cnt = $form_error.$form_cnt; 1839 unset($form_error); 1840 } 1841 1842 } 1843 1844 } else { 1845 1846 // form was not send yet 1847 // display startup text 1848 1849 if(!empty($cnt_form['startup'])) { 1850 1851 if(empty($cnt_form['startup_html'])) { 1852 1853 $CNT_TMP .= LF . '<p>'.nl2br(html_specialchars($cnt_form['startup'])).'</p>' . LF; 1854 1855 } else { 1856 1857 $CNT_TMP .= LF . $cnt_form['startup'] . LF; 1858 1859 } 1860 1861 } 1862 } 1863 1864 1865 if($form_cnt) { 1866 $form_cnt = str_replace('###RESET###', '', $form_cnt); 1867 $cnt_form["class_close"] = ''; 1868 if($cnt_form["class"]) { 1869 $CNT_TMP .= '<div class="'.$cnt_form["class"].'">'; 1870 $cnt_form["class_close"] = '</div>'; 1871 $cnt_form['class'] = ' class="form-'.$cnt_form["class"].'"'; 1872 } else { 1873 $cnt_form['class'] = ''; 1874 } 1875 $CNT_TMP .= $form_error_text; 1876 $CNT_TMP .= '<form name="phpwcmsForm'.$crow["acontent_id"].'" id="phpwcmsForm'.$crow["acontent_id"].'"'.$cnt_form['class']; 1877 $CNT_TMP .= ' action="'.FE_CURRENT_URL.'#jumpForm'.$crow["acontent_id"].'" method="post"'; 1878 $CNT_TMP .= $cnt_form['is_enctype'] ? ' enctype="multipart/form-data">' : '>'; 1879 1880 if($cnt_form['labelpos'] == 2) { 1881 1882 if(isset($POST_ERR) && count($POST_ERR)) { 1883 $form_cnt = preg_replace('/\[IF_ERROR\](.*?)\[\/IF_ERROR\]/s', '$1', $form_cnt); 1884 $form_cnt = preg_replace('/\[ELSE_ERROR\].*?\[\/ELSE_ERROR\]/s', '', $form_cnt); 1885 } else { 1886 $form_cnt = preg_replace('/\[IF_ERROR\].*?\[\/IF_ERROR\]/s', '', $form_cnt); 1887 $form_cnt = preg_replace('/\[ELSE_ERROR\](.*?)\[\/ELSE_ERROR\]/s', '$1', $form_cnt); 1888 } 1889 $CNT_TMP .= "\n". $form_cnt ."\n"; 1890 } else { 1891 $CNT_TMP .= '<table cellspacing="0" cellpadding="0" border="0">'; 1892 $CNT_TMP .= "\n".$form_cnt.'</table>'; 1893 } 1894 1895 $CNT_TMP .= LF . '<div><input type="hidden" name="cpID'.$crow["acontent_id"].'" value="'.$crow["acontent_id"].'" />'; 1896 $CNT_TMP .= $form_field_hidden; 1897 $CNT_TMP .= getFormTrackingValue(); //hidden form tracking field 1898 $CNT_TMP .= '</div>' . LF . '</form>'.$cnt_form["class_close"]; 1899 } 1900 1901 unset( $form, $form_cnt, $form_cnt_2, $form_field, $form_field_hidden, $form_counter, $form_error_text, $POST_ERR ); 1902 1903 // reset form tracking status to default value 1904 $phpwcms['form_tracking'] = $default_formtracking_value; 1905 1906 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Dec 30 05:55:15 2009 | Cross-referenced by PHPXref 0.7 |