[ Index ] |
PHP Cross Reference of phpwcms V1.4.7 _r403 (01.11.10) |
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************************* 3 Copyright notice 4 5 (c) 2002-2010 Oliver Georgi (oliver@phpwcms.de) // All rights reserved. 6 7 This script is part of PHPWCMS. The PHPWCMS web content management system is 8 free software; you can redistribute it and/or modify it under the terms of 9 the GNU General Public License as published by the Free Software Foundation; 10 either version 2 of the License, or (at your option) any later version. 11 12 The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html 13 A copy is found in the textfile GPL.txt and important notices to the license 14 from the author is found in LICENSE.txt distributed with these scripts. 15 16 This script is distributed in the hope that it will be useful, but WITHOUT ANY 17 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 18 PARTICULAR PURPOSE. See the GNU General Public License for more details. 19 20 This copyright notice MUST APPEAR in all copies of the script! 21 *************************************************************************************/ 22 23 // ---------------------------------------------------------------- 24 // obligate check for phpwcms constants 25 if (!defined('PHPWCMS_ROOT')) { 26 die("You Cannot Access This Script Directly, Have a Nice Day."); 27 } 28 // ---------------------------------------------------------------- 29 30 include_once (PHPWCMS_ROOT.'/include/inc_front/content/cnt_functions/cnt23.func.inc.php'); 31 32 // Form 33 $CNT_TMP .= '<a name="jumpForm'.$crow["acontent_id"].'" id="jumpForm'.$crow["acontent_id"].'"></a>'; 34 $CNT_TMP .= headline($crow["acontent_title"], $crow["acontent_subtitle"], $template_default["article"]); 35 $cnt_form = unserialize($crow["acontent_form"]); 36 37 // save default form tracking status 38 $default_formtracking_value = $phpwcms['form_tracking']; 39 // check form related form tracking status 40 if(isset($cnt_form['formtracking_off']) && $cnt_form['formtracking_off'] == 1) { 41 $phpwcms['form_tracking'] = 0; 42 } 43 44 $form_error_text = ''; 45 46 $form_cnt = $cnt_form['labelpos']== 2 ? $cnt_form['customform'] : ''; 47 48 // set sender email address 49 if(empty($cnt_form['sendertype']) || $cnt_form['sendertype'] == 'system') { 50 $cnt_form['sender'] = $phpwcms['SMTP_FROM_EMAIL']; 51 } elseif($cnt_form['sendertype'] == 'email' && !is_valid_email($cnt_form['sender'])) { 52 $cnt_form['sender'] = $phpwcms['SMTP_FROM_EMAIL']; 53 } 54 55 // basic sender name check 56 if(empty($cnt_form['sendernametype'])) { 57 58 $cnt_form['sendername'] = ''; 59 $cnt_form['sendernametype'] = ''; 60 61 } elseif($cnt_form['sendernametype'] == 'system') { 62 63 $cnt_form['sendername'] = $phpwcms['SMTP_FROM_NAME']; 64 65 } 66 67 if(empty($cnt_form['sendername'])) { 68 $cnt_form['sendername'] = ''; 69 } 70 if(empty($cnt_form["error_class"])) { 71 $cnt_form["error_class"] = 'error'; 72 } 73 74 // set enctype mode false (no upload) 75 $cnt_form['is_enctype'] = false; 76 77 /* 78 * Browse form fields 79 */ 80 if(isset($cnt_form["fields"]) && is_array($cnt_form["fields"]) && count($cnt_form["fields"])) { 81 82 $form_counter = 0; 83 $cnt_form['label_wrap'] = explode('|', $cnt_form['label_wrap']); 84 $cnt_form['label_wrap'][0] = !empty($cnt_form['label_wrap'][0]) ? trim($cnt_form['label_wrap'][0]) : ''; 85 $cnt_form['label_wrap'][1] = !empty($cnt_form['label_wrap'][1]) ? trim($cnt_form['label_wrap'][1]) : ''; 86 $form_field_hidden = ''; 87 88 $cnt_form['regx_pattern'] = array( 89 'A-Z' => '/^[A-Z]+$/', 90 'a-Z' => '/^[a-zA-Z]+$/', 91 'a-z' => '/^[a-z]+$/', 92 '0-9' => '/^[0-9]+$/', 93 'PHONE' => '/^[+]?([0-9]*[\.\s\-\(\)\/]|[0-9]+){3,24}$/', 94 'INT' => '/^[0-9\-\+]+$/', 95 'WORD' => '/^[\w]+$/', 96 'LETTER+SPACE' => '/^[a-z _\-\:]+$/i' 97 ); 98 99 if(!empty($_POST['cpID'.$crow["acontent_id"]]) && intval($_POST['cpID'.$crow["acontent_id"]]) == $crow["acontent_id"]) { 100 $POST_DO = true; 101 $POST_val = array(); 102 $cache_nosave = true; 103 } else { 104 $POST_DO = false; 105 } 106 107 // make spam check 108 if($POST_DO && !checkFormTrackingValue()) { 109 $POST_ERR['spamFormAlert'.time()] = '[span_class:spamFormAlert]Your IP '.getRemoteIP().' is not allowed to send form![/class]'; 110 } 111 112 foreach($cnt_form["fields"] as $key => $value) { 113 114 $form_field = ''; 115 $form_name = html_specialchars($cnt_form["fields"][$key]['name']); 116 $POST_name = $cnt_form["fields"][$key]['name']; 117 118 switch($cnt_form["fields"][$key]['type']) { 119 120 case 'text' : /* 121 * Text 122 */ 123 if($POST_DO && isset($_POST[$POST_name])) { 124 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 125 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 126 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 127 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 128 } else { 129 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 130 } 131 } 132 // 133 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" '; 134 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 135 if($cnt_form["fields"][$key]['size']) { 136 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 137 } 138 if($cnt_form["fields"][$key]['max']) { 139 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 140 } 141 if($cnt_form["fields"][$key]['class']) { 142 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 143 } 144 if($cnt_form["fields"][$key]['style']) { 145 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 146 } 147 $form_field .= ' />'; 148 break; 149 150 case 'captcha': /* 151 * Captcha 152 */ 153 if($POST_DO && isset($_POST[$POST_name])) { 154 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 155 include_once (PHPWCMS_ROOT.'/include/inc_ext/SOLMETRA_FormValidator/SPAF_FormValidator.class.php'); 156 $spaf_obj = new SPAF_FormValidator(); 157 if($spaf_obj->validRequest($POST_val[$POST_name])) { 158 $spaf_obj->destroy(); 159 } else { 160 $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? 'Captcha error' : $cnt_form["fields"][$key]['error']; 161 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 162 } 163 $cnt_form["fields"][$key]['value'] = ''; 164 } 165 // 166 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" value=""'; 167 if($cnt_form["fields"][$key]['size']) { 168 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 169 } 170 if($cnt_form["fields"][$key]['max']) { 171 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 172 } 173 if($cnt_form["fields"][$key]['class']) { 174 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 175 } 176 if($cnt_form["fields"][$key]['style']) { 177 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 178 } 179 $form_field .= ' />'; 180 break; 181 182 case 'recaptcha': /* 183 * reCAPTCHA 184 */ 185 include_once (PHPWCMS_ROOT.'/include/inc_ext/recaptcha/recaptchalib.php'); 186 187 $cnt_form['recaptcha'] = array( 188 'public_key' => empty($cnt_form["fields"][$key]['value']['public_key']) ? get_user_rc('pu') : $cnt_form["fields"][$key]['value']['public_key'], 189 'private_key' => empty($cnt_form["fields"][$key]['value']['private_key']) ? get_user_rc('pr') : $cnt_form["fields"][$key]['value']['private_key'], 190 'lang' => empty($cnt_form["fields"][$key]['value']['lang']) ? $phpwcms['default_lang'] : $cnt_form["fields"][$key]['value']['lang'], 191 'theme' => empty($cnt_form["fields"][$key]['value']['theme']) ? 'clear' : $cnt_form["fields"][$key]['value']['theme'], 192 'tabindex' => empty($cnt_form["fields"][$key]['value']['tabindex']) ? 0 : $cnt_form["fields"][$key]['value']['tabindex'], 193 'error' => NULL 194 ); 195 196 if($POST_DO && isset($_POST['recaptcha_response_field']) && isset($_POST['recaptcha_challenge_field'])) { 197 198 $cnt_form['recaptcha']['response'] = recaptcha_check_answer($cnt_form['recaptcha']['private_key'], $_SERVER["REMOTE_ADDR"], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); 199 200 if(!$cnt_form['recaptcha']['response']->is_valid) { 201 202 $cnt_form['recaptcha']['error'] = $cnt_form['recaptcha']['response']->error; 203 $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? $cnt_form['recaptcha']['error'] : $cnt_form["fields"][$key]['error']; 204 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 205 206 } 207 } 208 // 209 $form_field = '<div'; 210 if($cnt_form["fields"][$key]['class']) { 211 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 212 } 213 if($cnt_form["fields"][$key]['style']) { 214 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 215 } 216 $form_field .= '><script type="text/javascript">' . LF; 217 $form_field .= ' var RecaptchaOptions = {lang:"'.$cnt_form['recaptcha']['lang'].'",'; 218 $form_field .= 'theme:"'.$cnt_form['recaptcha']['theme'].'",tabindex:'.$cnt_form['recaptcha']['tabindex'] . '};' . LF; 219 $form_field .= '</script>'; 220 $form_field .= recaptcha_get_html($cnt_form['recaptcha']['public_key'], $cnt_form['recaptcha']['error']); 221 $form_field .= '</div>'; 222 223 break; 224 225 case 'special' : /* 226 * Special 227 */ 228 $cnt_form['special_attribute'] = array( 229 'default' => '', 230 'type' => 'MIX', 231 'dateformat' => 'm/d/Y', 232 'pattern' => '/.*?/' 233 ); 234 // 235 if($cnt_form["fields"][$key]['value']) { 236 $cnt_form['special_value'] = str_replace( array('"', "'", "\r'"), '', $cnt_form["fields"][$key]['value'] ); 237 $cnt_form['special_value'] = explode("\n", $cnt_form['special_value']); 238 $cnt_form["fields"][$key]['value'] = ''; 239 240 if(is_array($cnt_form['special_value']) && count($cnt_form['special_value'])) { 241 foreach($cnt_form['special_value'] as $cnt_form['special_key'] => $cnt_form['special_val']) { 242 $temp_array = explode('=', $cnt_form['special_val']); 243 switch($temp_array[0]) { 244 case 'default': $cnt_form['special_attribute']['default'] = isset($temp_array[1]) ? $temp_array[1] : ''; 245 break; 246 case 'type': $cnt_form['special_attribute']['type'] = isset($temp_array[1]) ? $temp_array[1] : 'MIX'; 247 break; 248 case 'dateformat': $cnt_form['special_attribute']['dateformat'] = isset($temp_array[1]) ? $temp_array[1] : 'm/d/Y'; 249 break; 250 case 'pattern': $cnt_form['special_attribute']['pattern'] = isset($temp_array[1]) ? $temp_array[1] : '/.*?/'; 251 break; 252 } 253 } 254 } 255 } 256 257 $cnt_form["fields"][$key]['value'] = isset($cnt_form['special_attribute']['default']) ? $cnt_form['special_attribute']['default'] : ''; 258 259 if($POST_DO && isset($_POST[$POST_name])) { 260 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 261 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 262 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 263 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 264 } else { 265 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 266 // try to check for special value 267 if(isset($cnt_form['special_attribute']['type'])) { 268 switch($cnt_form['special_attribute']['type']) { 269 270 case 'A-Z': 271 case 'a-Z': 272 case 'a-z': 273 case '0-9': 274 case 'WORD': 275 case 'LETTER+SPACE': 276 case 'PHONE': 277 case 'INT': if($cnt_form["fields"][$key]['value'] !== '' && !preg_match($cnt_form['regx_pattern'][ $cnt_form['special_attribute']['type'] ], $cnt_form["fields"][$key]['value'])) { 278 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 279 } /* else { $cnt_form["fields"][$key]['value'] = $cnt_form["fields"][$key]['value']; } */ 280 break; 281 282 case 'REGEX': if($cnt_form["fields"][$key]['value'] !== '' && !preg_match($cnt_form['special_attribute']['pattern'], $cnt_form["fields"][$key]['value'])) { 283 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 284 } 285 break; 286 287 case 'DEC': 288 case 'FLOAT': if($cnt_form["fields"][$key]['value'] !== '' && !is_float_ex($cnt_form["fields"][$key]['value'])) { 289 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 290 } 291 break; 292 293 case 'IDENT': if(isset($cnt_form['special_attribute']['default']) && 294 decode_entities($cnt_form['special_attribute']['default']) != decode_entities($cnt_form["fields"][$key]['value'])) { 295 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 296 } 297 break; 298 299 case 'DATE': if($cnt_form["fields"][$key]['value'] !== '' && isset($cnt_form['special_attribute']['dateformat']) && 300 !is_date($cnt_form["fields"][$key]['value'], $cnt_form['special_attribute']['dateformat'])) { 301 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 302 } 303 break; 304 } 305 } 306 } 307 } else { 308 309 if(isset($cnt_form['special_attribute']['default']) && isset($cnt_form['special_attribute']['type']) && 310 $cnt_form['special_attribute']['type'] == 'DATE' && $cnt_form['special_attribute']['default'] == 'NOW') { 311 echo 'ja'; 312 if(isset($cnt_form['special_attribute']['dateformat'])) { 313 $cnt_form["fields"][$key]['value'] = date($cnt_form['special_attribute']['dateformat']); 314 } else { 315 $cnt_form["fields"][$key]['value'] = date('m/d/Y'); 316 } 317 } 318 } 319 // 320 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" '; 321 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 322 if($cnt_form["fields"][$key]['size']) { 323 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 324 } 325 if($cnt_form["fields"][$key]['max']) { 326 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 327 } 328 if($cnt_form["fields"][$key]['class']) { 329 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 330 } 331 if($cnt_form["fields"][$key]['style']) { 332 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 333 } 334 $form_field .= ' />'; 335 break; 336 337 case 'email' : /* 338 * Email 339 */ 340 if($POST_DO && isset($_POST[$POST_name])) { 341 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 342 if(($cnt_form["fields"][$key]['required'] && !$POST_val[$POST_name]) || ($POST_val[$POST_name] && !is_valid_email($POST_val[$POST_name]))) { 343 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 344 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 345 } 346 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 347 } 348 // check if message should be delivered to email address of this field 349 if($POST_DO && ($cnt_form['targettype'] == 'emailfield_'.$POST_name) && empty($POST_ERR[$key]) && is_valid_email($cnt_form["fields"][$key]['value'])) { 350 if(empty($cnt_form['target'])) { 351 $cnt_form['target'] = $cnt_form["fields"][$key]['value']; 352 } else { 353 $cnt_form['target'] = $cnt_form["fields"][$key]['value'].';'.$cnt_form['target']; 354 } 355 } 356 // 357 // check if message should be sent by email address of this field 358 if($POST_DO && ($cnt_form['sendertype'] == 'emailfield_'.$POST_name) && empty($POST_ERR[$key]) && is_valid_email($cnt_form["fields"][$key]['value'])) { 359 $cnt_form['sender'] = $cnt_form["fields"][$key]['value']; 360 } 361 // 362 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" '; 363 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 364 if($cnt_form["fields"][$key]['size']) { 365 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 366 } 367 if($cnt_form["fields"][$key]['max']) { 368 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 369 } 370 if($cnt_form["fields"][$key]['class']) { 371 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 372 } 373 if($cnt_form["fields"][$key]['style']) { 374 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 375 } 376 $form_field .= ' />'; 377 break; 378 379 case 'textarea' : /* 380 * Textarea 381 */ 382 if($POST_DO && isset($_POST[$POST_name])) { 383 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 384 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 385 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 386 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 387 } else { 388 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 389 } 390 } 391 // 392 $form_field .= '<textarea name="'.$form_name.'" id="'.$form_name.'"'; 393 if($cnt_form["fields"][$key]['size']) { 394 $form_field .= ' cols="'.$cnt_form["fields"][$key]['size'].'"'; 395 } else { 396 $form_field .= ' cols="20"'; 397 } 398 if($cnt_form["fields"][$key]['max']) { 399 $form_field .= ' rows="'.$cnt_form["fields"][$key]['max'].'"'; 400 } 401 if($cnt_form["fields"][$key]['class']) { 402 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 403 } 404 if($cnt_form["fields"][$key]['style']) { 405 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 406 } 407 $form_field .= '>'.html_specialchars($cnt_form["fields"][$key]['value']).'</textarea>'; 408 break; 409 410 case 'hidden' : /* 411 * Hidden 412 */ 413 if($POST_DO && isset($_POST[$POST_name])) { 414 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 415 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 416 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 417 } else { 418 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 419 } 420 } 421 // 422 $form_field_hidden .= '<input type="hidden" name="'.$form_name.'" '; 423 $form_field_hidden .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'" />'; 424 break; 425 426 case 'password' : /* 427 * Password 428 */ 429 if($POST_DO && isset($_POST[$POST_name])) { 430 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 431 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 432 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 433 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 434 } else { 435 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 436 } 437 } 438 // 439 $form_field .= '<input type="password" name="'.$form_name.'" id="'.$form_name.'" '; 440 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 441 if($cnt_form["fields"][$key]['size']) { 442 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 443 } 444 if($cnt_form["fields"][$key]['max']) { 445 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 446 } 447 if($cnt_form["fields"][$key]['class']) { 448 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 449 } 450 if($cnt_form["fields"][$key]['style']) { 451 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 452 } 453 $form_field .= ' autocomplete="off" />'; 454 break; 455 456 case 'country': 457 case 'selectemail': 458 case 'select' : /* 459 * Select menu 460 */ 461 if($POST_DO && isset($_POST[$POST_name])) { 462 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 463 if($POST_val[$POST_name] != '' && $cnt_form["fields"][$key]['type'] == 'selectemail') { // decrypt 464 $POST_val[$POST_name] = decrypt(base64_decode($POST_val[$POST_name])); 465 } 466 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 467 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 468 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 469 } else { 470 $cnt_form["fields"][$key]['value'] = str_replace(' selected', '', $cnt_form["fields"][$key]['value']); 471 } 472 } 473 // 474 if($cnt_form["fields"][$key]['type'] == 'selectemail' && $POST_DO && empty($POST_ERR[$key]) ) { 475 476 // check if message should be delivered to email address of this field 477 if( ($cnt_form['targettype'] == 'emailfield_'.$POST_name) && is_valid_email($POST_val[$POST_name])) { 478 if(empty($cnt_form['target'])) { 479 $cnt_form['target'] = $POST_val[$POST_name]; 480 } else { 481 $cnt_form['target'] = $POST_val[$POST_name].';'.$cnt_form['target']; 482 } 483 } 484 // 485 // check if message should be sent by email address of this field 486 if( ($cnt_form['sendertype'] == 'emailfield_'.$POST_name) && is_valid_email($POST_val[$POST_name])) { 487 $cnt_form['sender'] = $POST_val[$POST_name]; 488 } 489 } 490 // 491 492 $form_field .= '<select name="'.$form_name.'" id="'.$form_name.'"'; 493 if($cnt_form["fields"][$key]['class']) { 494 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 495 } 496 if($cnt_form["fields"][$key]['style']) { 497 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 498 } 499 $form_field .= '>' . LF; 500 501 // build country select menu 502 if($cnt_form["fields"][$key]['type'] == 'country') { 503 504 // check which language should be used and 505 // which country should be set as default 506 $form_value = parse_ini_str($cnt_form["fields"][$key]['value'], false); 507 if(isset($form_value['lang'])) { 508 $form_value['lang'] = preg_replace('/[^a-zA-Z]/', '', $form_value['lang']); 509 } else { 510 $form_value['lang'] = $phpwcms['default_lang']; 511 } 512 if(isset($form_value['default'])) { 513 $form_value['default'] = preg_replace('/[^a-zA-Z]/', '', $form_value['default']); 514 } else { 515 $form_value['default'] = '-'; 516 } 517 518 $option_value = substr( empty($POST_val[$POST_name]) ? $form_value['default'] : $POST_val[$POST_name] , 0, 2); 519 if(!empty($form_value['first'])) { 520 $form_field .= '<option value="">' . html_specialchars($form_value['first']) . '</option>' . LF; 521 } 522 $form_field .= list_country($option_value, $form_value['lang']); 523 524 525 // build value/option select menu 526 } else { 527 528 529 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 530 $form_value = array_map('trim', $form_value); 531 $form_value = array_diff($form_value, array('')); 532 if(count($form_value)) { 533 $form_optgroup = false; 534 foreach($form_value as $option_value) { 535 536 // search for OPTGROUP 537 if( strpos(strtoupper($option_value), 'OPTGROUP') === 0 ) { 538 $option_value = explode(' ', $option_value, 2); 539 if(isset($option_value[1]) ) { 540 $option_value = trim($option_value[1]); 541 $form_field .= '<optgroup label="'; 542 $form_field .= $option_value == '' ? 'Please select:' : html_specialchars($option_value); 543 $form_field .= '">'.LF; 544 $form_optgroup = true; 545 } 546 continue; 547 } elseif(strpos(strtoupper($option_value), '/OPTGROUP') === 0) { 548 if($form_optgroup == true) { 549 $form_field .= '</optgroup>'.LF; 550 $form_optgroup = false; 551 } 552 continue; 553 } 554 555 // check if select item has specila value and name 556 $option_value = explode('-|-', $option_value, 2); 557 $option_label = $option_value[0]; 558 $option_value = isset($option_value[1]) ? $option_value[1] : $option_label; 559 560 if(substr($option_label, -2) === ' -') { 561 $option_label = trim( substr($option_label, 0, strlen($option_label) -2) ); 562 } 563 $option_label = str_replace(' selected', '', $option_label); 564 565 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == $option_value) { 566 $option_value .= ' selected'; 567 } 568 569 $option_value = html_specialchars($option_value); 570 if(substr($option_value, -2) === ' -') { 571 $form_field .= '<option value=""'; 572 $option_value = trim( substr($option_value, 0, strlen($option_value) -2) ); 573 } elseif(strtolower(substr($option_value, -9)) != ' selected') { 574 $form_field .= '<option value="'.($cnt_form["fields"][$key]['type'] == 'selectemail' ? base64_encode(encrypt($option_value)) : $option_value).'"'; 575 } else { 576 $option_value = str_replace(' selected', '', $option_value); 577 $form_field .= '<option value="'.($cnt_form["fields"][$key]['type'] == 'selectemail' ? base64_encode(encrypt($option_value)) : $option_value).'" selected="selected"'; 578 } 579 $form_field .= '>'.html_specialchars($option_label)."</option>\n"; 580 } 581 if($form_optgroup == true) { 582 $form_field .= '</optgroup>'.LF; 583 } 584 } 585 586 } 587 $form_field .= '</select>'; 588 break; 589 590 case 'list' : /* 591 * Liste 592 */ 593 if($POST_DO && isset($_POST[$POST_name])) { 594 if(is_array($_POST[$POST_name])) { 595 $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); 596 $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); 597 if(!count($POST_val[$POST_name])) { 598 $POST_val[$POST_name] = false; 599 } 600 } else { 601 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 602 } 603 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 604 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 605 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 606 } else { 607 $cnt_form["fields"][$key]['value'] = str_replace(' selected', '', $cnt_form["fields"][$key]['value']); 608 } 609 } 610 // 611 $form_field .= '<select id="'.$form_name.'"'; 612 if($cnt_form["fields"][$key]['size']) { 613 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 614 } 615 if($cnt_form["fields"][$key]['max']) { 616 $form_field .= ' multiple'; 617 $form_field .= ' name="'.$form_name.'[]"'; 618 } else { 619 $form_field .= ' name="'.$form_name.'"'; 620 } 621 if($cnt_form["fields"][$key]['class']) { 622 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 623 } 624 if($cnt_form["fields"][$key]['style']) { 625 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 626 } 627 $form_field .= '>'.LF; 628 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 629 $form_value = array_map('trim', $form_value); 630 $form_value = array_diff($form_value, array('')); 631 if(count($form_value)) { 632 foreach($form_value as $option_value) { 633 634 // search for OPTGROUP 635 if( strpos(strtoupper($option_value), 'OPTGROUP') === 0 ) { 636 $option_value = explode(' ', $option_value, 2); 637 if(isset($option_value[1]) ) { 638 $option_value = trim($option_value[1]); 639 $form_field .= '<optgroup label="'; 640 $form_field .= $option_value == '' ? 'Please select:' : html_specialchars($option_value); 641 $form_field .= '">'.LF; 642 $form_optgroup = true; 643 } 644 continue; 645 } elseif(strpos(strtoupper($option_value), '/OPTGROUP') === 0) { 646 if($form_optgroup == true) { 647 $form_field .= '</optgroup>'.LF; 648 $form_optgroup = false; 649 } 650 continue; 651 } 652 653 654 // try to set given POST var as selected 655 if(isset($POST_val[$POST_name])) { 656 if(is_array($POST_val[$POST_name])) { 657 foreach($POST_val[$POST_name] as $postvar_value) { 658 if($postvar_value == $option_value) { 659 $option_value .= ' selected'; 660 } 661 } 662 } elseif ($POST_val[$POST_name] == $option_value) { 663 $option_value .= ' selected'; 664 } 665 } 666 667 $option_value = html_specialchars($option_value); 668 if(substr($option_value, -2) === ' -') { 669 $form_field .= '<option value=""'; 670 $option_value = trim( substr($option_value, 0, strlen($option_value) -2) ); 671 } elseif(substr($option_value, -9) != ' selected') { 672 $form_field .= '<option value="'.$option_value.'"'; 673 } else { 674 $option_value = str_replace(' selected', '', $option_value); 675 $form_field .= '<option value="'.$option_value.'" selected="selected"'; 676 } 677 $form_field .= '>'.$option_value."</option>\n"; 678 } 679 if($form_optgroup == true) { 680 $form_field .= '</optgroup>'.LF; 681 } 682 } 683 $form_field .= '</select>'; 684 break; 685 686 case 'checkbox' : /* 687 * Checkbox 688 */ 689 if($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { 690 if(isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) { 691 $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); 692 $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); 693 if(!count($POST_val[$POST_name])) { 694 $POST_val[$POST_name] = ''; 695 } 696 } else { 697 $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : ''; 698 } 699 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 700 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 701 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 702 } else { 703 $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); 704 } 705 } 706 // 707 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 708 $form_value = array_map('trim', $form_value); 709 $form_value = array_diff($form_value, array('')); 710 if($cnt_form["fields"][$key]['class']) { 711 $form_field .= '<div class="'.$cnt_form["fields"][$key]['class'].'">'; 712 $checkbox_class = '</div>'; 713 } else { 714 $checkbox_class = ''; 715 } 716 if($cnt_form["fields"][$key]['style']) { 717 $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; 718 } else { 719 $checkbox_style = ''; 720 } 721 if(count($form_value) == 1 || count($form_value) == 0 || !$form_value) { 722 // only 1 checkbox 723 $checkbox_value = is_array($form_value) ? implode('', $form_value) : $form_value; 724 $checkbox_value = trim($checkbox_value); 725 726 $checkbox_value = explode('-|-', $checkbox_value, 2); 727 $checkbox_label = $checkbox_value[0]; 728 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 729 730 $checkbox_label = str_replace(' checked', '', $checkbox_label); 731 732 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == ($checkbox_value ? $checkbox_value : $form_name)) { 733 $checkbox_value .= ' checked'; 734 } 735 $checkbox_value = $checkbox_value ? html_specialchars($checkbox_value) : $form_name; 736 $form_field .= '<input type="checkbox" name="'.$form_name.'" id="'.$form_name.'" '; 737 if(substr($checkbox_value, -8) != ' checked') { 738 $form_field .= 'value="' . $checkbox_value . '" />'; 739 } else { 740 $checkbox_value = str_replace(' checked', '', $checkbox_value); 741 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 742 } 743 $form_field .= '<label for="'.$form_name.'"'; 744 $form_field .= $checkbox_style; 745 $form_field .= '>'. $checkbox_label .'</label>'; 746 747 } else { 748 // list of checkboxes 749 $checkbox_counter = 0; 750 $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '<br />' : ' '; 751 foreach($form_value as $checkbox_value) { 752 753 $checkbox_value = explode('-|-', $checkbox_value, 2); 754 $checkbox_label = $checkbox_value[0]; 755 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 756 757 $checkbox_label = str_replace(' checked', '', $checkbox_label); 758 759 if(isset($POST_val[$POST_name]) && is_array($POST_val[$POST_name])) { 760 foreach($POST_val[$POST_name] as $postvar_value) { 761 if($postvar_value == $checkbox_value) { 762 $checkbox_value .= ' checked'; 763 } 764 } 765 } 766 767 $checkbox_value = html_specialchars(trim($checkbox_value)); 768 if($checkbox_counter) { 769 $form_field .= $checkbox_spacer; 770 } 771 $form_field .= '<input type="checkbox" name="'.$form_name.'[]" id="'.$form_name.$checkbox_counter.'" '; 772 if(substr($checkbox_value, -8) != ' checked') { 773 $form_field .= 'value="' . $checkbox_value . '" />'; 774 } else { 775 $checkbox_value = str_replace(' checked', '', $checkbox_value); 776 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 777 } 778 $form_field .= '<label for="'.$form_name.$checkbox_counter.'"'; 779 $form_field .= $checkbox_style; 780 $form_field .= '>'. $checkbox_label .'</label>'; 781 $checkbox_counter++; 782 } 783 } 784 $form_field .= $checkbox_class; 785 break; 786 787 case 'radio' : /* 788 * Radiobutton 789 */ 790 if($POST_DO && ( $cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { 791 $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false; 792 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 793 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 794 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 795 } else { 796 $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); 797 } 798 } 799 // 800 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 801 $form_value = array_map('trim', $form_value); 802 $form_value = array_diff($form_value, array('')); 803 if($cnt_form["fields"][$key]['class']) { 804 $form_field .= '<div class="'.$cnt_form["fields"][$key]['class'].'">'; 805 $checkbox_class = '</div>'; 806 } else { 807 $checkbox_class = ''; 808 } 809 if($cnt_form["fields"][$key]['style']) { 810 $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; 811 } else { 812 $checkbox_style = ''; 813 } 814 if(count($form_value) == 1 || count($form_value) == 0 || !$form_value) { 815 // only 1 checkbox 816 $checkbox_value = is_array($form_value) ? implode('', $form_value) : $form_value; 817 $checkbox_value = trim($checkbox_value); 818 819 $checkbox_value = explode('-|-', $checkbox_value, 2); 820 $checkbox_label = $checkbox_value[0]; 821 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 822 823 $checkbox_label = str_replace(' checked', '', $checkbox_label); 824 825 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == ($checkbox_value ? $checkbox_value : $form_name)) { 826 $checkbox_value .= ' checked'; 827 } 828 $checkbox_value = $checkbox_value ? html_specialchars($checkbox_value) : $form_name; 829 $form_field .= '<input type="radio" name="'.$form_name.'" id="'.$form_name.'" '; 830 if(substr($checkbox_value, -8) != ' checked') { 831 $form_field .= 'value="' . $checkbox_value . '" />'; 832 } else { 833 $checkbox_value = str_replace(' checked', '', $checkbox_value); 834 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 835 } 836 $form_field .= '<label for="'.$form_name.'"'; 837 $form_field .= $checkbox_style; 838 $form_field .= '>'. $checkbox_label .'</label>'; 839 840 } else { 841 // list of checkboxes 842 $checkbox_counter = 0; 843 $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '<br />' : ' '; 844 foreach($form_value as $checkbox_value) { 845 846 $checkbox_value = explode('-|-', $checkbox_value, 2); 847 $checkbox_label = $checkbox_value[0]; 848 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 849 850 $checkbox_label = str_replace(' checked', '', $checkbox_label); 851 852 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == $checkbox_value) { 853 $checkbox_value .= ' checked'; 854 } 855 $checkbox_value = html_specialchars(trim($checkbox_value)); 856 if($checkbox_counter) { 857 $form_field .= $checkbox_spacer; 858 } 859 $form_field .= '<input type="radio" name="'.$form_name.'" id="'.$form_name.$checkbox_counter.'" '; 860 if(substr($checkbox_value, -8) != ' checked') { 861 $form_field .= 'value="' . $checkbox_value . '" />'; 862 } else { 863 $checkbox_value = str_replace(' checked', '', $checkbox_value); 864 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 865 } 866 $form_field .= '<label for="'.$form_name.$checkbox_counter.'"'; 867 $form_field .= $checkbox_style; 868 $form_field .= '>'. $checkbox_label .'</label>'; 869 $checkbox_counter++; 870 } 871 } 872 $form_field .= $checkbox_class; 873 break; 874 875 case 'upload' : /* 876 * Upload 877 */ 878 if($cnt_form["fields"][$key]['value']) { 879 $cnt_form['upload_value'] = str_replace('"', '', $cnt_form["fields"][$key]['value']); 880 $cnt_form['upload_value'] = str_replace("'", '',$cnt_form['upload_value']); 881 $cnt_form['upload_value'] = str_replace("\r'", '',$cnt_form['upload_value']); 882 $cnt_form['upload_value'] = explode("\n", $cnt_form['upload_value']); 883 if(is_array($cnt_form['upload_value']) && count($cnt_form['upload_value'])) { 884 foreach($cnt_form['upload_value'] as $cnt_form['upload_key'] => $cnt_form['upload_val']) { 885 $temp_array = explode('=', $cnt_form['upload_val']); 886 unset($cnt_form['upload_value'][$cnt_form['upload_key']]); 887 if(!empty($temp_array[0]) && !empty($temp_array[1])) { 888 $cnt_form['upload_value'][$temp_array[0]] = $temp_array[1]; 889 } 890 } 891 } 892 } 893 if(empty($cnt_form['upload_value']['folder'])) { 894 $cnt_form['upload_value']['folder'] = 'content/form/'; 895 } 896 if(empty($cnt_form['upload_value']['attachment'])) { 897 $cnt_form['upload_value']['attachment'] = 0; 898 } 899 if(empty($cnt_form['upload_value']['exclude'])) { 900 $cnt_form['upload_value']['exclude'] = 'php,asp,php3,php4,php5,aspx,cfm,js'; 901 } 902 // 903 if($POST_DO && isset($_FILES[$POST_name])) { 904 $POST_val[$POST_name]['folder'] = $cnt_form['upload_value']['folder']; 905 $POST_val[$POST_name]['attachment'] = $cnt_form['upload_value']['attachment']; 906 $POST_val[$POST_name]['name'] = ''; 907 $cnt_form['upload_value']['exclude'] = str_replace(' ', '', $cnt_form['upload_value']['exclude']); 908 $cnt_form['upload_value']['exclude'] = str_replace('.', '', $cnt_form['upload_value']['exclude']); 909 $cnt_form['upload_value']['exclude'] = explode(',', $cnt_form['upload_value']['exclude']); 910 $cnt_form['upload_value']['exclude'] = array_diff($cnt_form['upload_value']['exclude'], array('')); 911 $cnt_form['upload_value']['exclude'] = implode('|', $cnt_form['upload_value']['exclude']); 912 $cnt_form['upload_value']['exclude'] = strtolower($cnt_form['upload_value']['exclude']); 913 $cnt_form['upload_value']['regexp'] = '/(.'.$cnt_form['upload_value']['exclude'].')$/'; 914 if($cnt_form["fields"][$key]['required'] && empty($_FILES[$POST_name]['name'])) { 915 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 916 $POST_ERR[$key] = str_replace('{MAXLENGTH}', '', $POST_ERR[$key]); 917 $POST_ERR[$key] = str_replace('{FILESIZE}', fsize(0, ' '), $POST_ERR[$key]); 918 $POST_ERR[$key] = str_replace('{FILENAME}', '"n.a."', $POST_ERR[$key]); 919 $POST_ERR[$key] = str_replace('{FILEEXT}', '"n.a."', $POST_ERR[$key]); 920 } elseif(!empty($_FILES[$POST_name]['name'])) { 921 $cnt_form['upload_value']['filename'] = time().'_'.$_FILES[$POST_name]['name']; 922 if( (!empty($cnt_form['upload_value']['maxlength']) && $_FILES[$POST_name]['size'] > intval($cnt_form['upload_value']['maxlength'])) 923 || preg_match($cnt_form['upload_value']['regexp'], strtolower($_FILES[$POST_name]['name'])) 924 || !@move_uploaded_file($_FILES[$POST_name]['tmp_name'], 925 PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$cnt_form['upload_value']['filename']) 926 ) { 927 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 928 $POST_ERR[$key] = str_replace('{MAXLENGTH}', empty($cnt_form['upload_value']['maxlength']) ? '' : fsize($cnt_form['upload_value']['maxlength'], ' '), $POST_ERR[$key]); 929 $POST_ERR[$key] = str_replace('{FILESIZE}', fsize(empty($_FILES[$POST_name]['size']) ? 0 : $_FILES[$POST_name]['size'], ' '), $POST_ERR[$key]); 930 $POST_ERR[$key] = str_replace('{FILENAME}', empty($_FILES[$POST_name]['name']) || trim($_FILES[$POST_name]['name'])=='' ? '"n.a."' : $_FILES[$POST_name]['name'], $POST_ERR[$key]); 931 $POST_ERR[$key] = str_replace('{FILEEXT}', '.'.str_replace('|', ', .', str_replace(',', ', .', $cnt_form['upload_value']['exclude'])), $POST_ERR[$key]); 932 } else { 933 $POST_val[$POST_name]['name'] = $cnt_form['upload_value']['filename']; 934 } 935 } 936 if(isset($POST_ERR[$key])) { 937 @unlink($_FILES[$POST_name]['tmp_name']); 938 @unlink(PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$cnt_form['upload_value']['filename']); 939 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 940 } 941 } 942 // 943 $form_field .= '<input type="file" name="'.$form_name.'" id="'.$form_name.'"'; 944 if(!empty($cnt_form['upload_value']['accept']) ) { 945 $form_field .= ' accept="'.$cnt_form['upload_value']['accept'].'"'; 946 } 947 if($cnt_form["fields"][$key]['size']) { 948 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 949 } 950 if($cnt_form["fields"][$key]['max']) { 951 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 952 } elseif (!empty($cnt_form['upload_value']['maxlength'])) { 953 $form_field .= ' maxlength="'.$cnt_form['upload_value']['maxlength'].'"'; 954 } 955 if($cnt_form["fields"][$key]['class']) { 956 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 957 } 958 if($cnt_form["fields"][$key]['style']) { 959 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 960 } 961 $form_field .= ' title="'; 962 if($cnt_form['upload_value']['maxlength']) { 963 $form_field .= 'max. '.fsize($cnt_form['upload_value']['maxlength'],' ',1); 964 } 965 $form_field .= '" />'; 966 unset($cnt_form['upload_value']); 967 968 // enable enctype attribute 969 $cnt_form['is_enctype'] = true; 970 break; 971 972 case 'submit' : /* 973 * Submit 974 */ 975 if(strpos(strtolower($cnt_form["fields"][$key]['value']), 'src=') === false) { 976 $form_field .= '<input type="submit" name="'.$form_name.'" id="'.$form_name.'" '; 977 if($cnt_form["fields"][$key]['value'] != '') { 978 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 979 } 980 if($cnt_form["fields"][$key]['class']) { 981 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 982 } 983 if($cnt_form["fields"][$key]['style']) { 984 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 985 } 986 $form_field .= ' />###RESET###'; 987 } else { 988 $form_field .= '<input type="image" name="'.$form_name.'" id="'.$form_name.'" '; 989 $form_field .= $cnt_form["fields"][$key]['value']; 990 if($cnt_form["fields"][$key]['class']) { 991 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 992 } 993 if($cnt_form["fields"][$key]['style']) { 994 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 995 } 996 $form_field .= ' />###RESET###'; 997 } 998 break; 999 1000 1001 case 'reset' : /* 1002 * Reset 1003 */ 1004 if(strpos(strtolower($cnt_form["fields"][$key]['value']), 'src=') === false) { 1005 $form_field .= '<input type="reset" name="'.$form_name.'" id="'.$form_name.'" '; 1006 if($cnt_form["fields"][$key]['value'] != '') { 1007 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 1008 } 1009 if($cnt_form["fields"][$key]['class']) { 1010 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1011 } 1012 if($cnt_form["fields"][$key]['style']) { 1013 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1014 } 1015 $form_field .= ' />'; 1016 } else { 1017 $form_field .= '<img name="'.$form_name.'" id="'.$form_name.'" '; 1018 $form_field .= $cnt_form["fields"][$key]['value']; 1019 if($cnt_form["fields"][$key]['class']) { 1020 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1021 } 1022 if($cnt_form["fields"][$key]['style']) { 1023 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1024 } 1025 $form_field .= ' border="0" onclick="document.phpwcmsForm'.$crow["acontent_id"].'.reset();" />'; 1026 } 1027 break; 1028 1029 case 'break' : /* 1030 * Break 1031 */ 1032 if($cnt_form["fields"][$key]['style'] || $cnt_form["fields"][$key]['class']) { 1033 $form_field .= '<div id="'.$form_name.'"'; 1034 if($cnt_form["fields"][$key]['class']) { 1035 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1036 } 1037 if($cnt_form["fields"][$key]['style']) { 1038 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1039 } 1040 $form_field .= '>'; 1041 $form_field .= $cnt_form["fields"][$key]['value']; 1042 $form_field .= '</div>'; 1043 } else { 1044 $form_field .= $cnt_form["fields"][$key]['value']; 1045 } 1046 break; 1047 1048 case 'breaktext': /* 1049 * Breaktext 1050 */ 1051 if($cnt_form["fields"][$key]['style'] || $cnt_form["fields"][$key]['class']) { 1052 $form_field .= '<span id="'.$form_name.'"'; 1053 if($cnt_form["fields"][$key]['class']) { 1054 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1055 } 1056 if($cnt_form["fields"][$key]['style']) { 1057 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1058 } 1059 $form_field .= '>'; 1060 $form_field .= nl2br(html_specialchars($cnt_form["fields"][$key]['value'])); 1061 $form_field .= '</span>'; 1062 } else { 1063 $form_field .= nl2br(html_specialchars($cnt_form["fields"][$key]['value'])); 1064 } 1065 break; 1066 1067 case 'captchaimg': /* 1068 * Captcha Images 1069 */ 1070 if(empty($cnt_form["fields"][$key]['value']) && ($cnt_form["fields"][$key]['style'] || $cnt_form["fields"][$key]['class'])) { 1071 $form_field .= '<div id="'.$form_name.'"'; 1072 if($cnt_form["fields"][$key]['class']) { 1073 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1074 } 1075 if($cnt_form["fields"][$key]['style']) { 1076 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1077 } 1078 $form_field .= '>{CAPTCHA}</div>'; 1079 } elseif(!empty($cnt_form["fields"][$key]['value'])) { 1080 $form_field .= $cnt_form["fields"][$key]['value']; 1081 } else { 1082 $form_field .= '{CAPTCHA}'; 1083 } 1084 $form_field = str_replace('{CAPTCHA}', '<img src="img/captcha.php?regen=y&'.time().'" alt="Captcha" border="0" />', $form_field); 1085 break; 1086 1087 case 'mathspam': /* 1088 * Math Spam Protect 1089 */ 1090 if($POST_DO) { 1091 1092 $POST_val[$POST_name] = isset($_POST[$POST_name]) && trim(is_numeric($_POST[$POST_name])) ? intval($_POST[$POST_name]) : -1; 1093 1094 $mathspam_result = $POST_val[$POST_name] * 123345 * strlen($phpwcms['db_user']); 1095 $mathspam_result = md5( PHPWCMS_URL . md5($phpwcms['db_pass']) . $mathspam_result ); 1096 1097 $mathspam_default = isset($_POST[$POST_name.'_result']) ? trim($_POST[$POST_name.'_result']) : ''; 1098 1099 if($mathspam_result != $mathspam_default || ($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] === ''))) { 1100 $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? 'Math spam protection error' : $cnt_form["fields"][$key]['error']; 1101 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 1102 } 1103 } 1104 1105 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" value=""'; 1106 if($cnt_form["fields"][$key]['size']) { 1107 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 1108 } 1109 if($cnt_form["fields"][$key]['max']) { 1110 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 1111 } 1112 if($cnt_form["fields"][$key]['class']) { 1113 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1114 } 1115 if($cnt_form["fields"][$key]['style']) { 1116 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1117 } 1118 $form_field .= ' />'; 1119 1120 // calculate the result and the question 1121 $mathspam_calculations = array('+'=>'+', '-'=>'-', '*'=>'*', '/'=>':'); 1122 $mathspam_operation = array_rand($mathspam_calculations, 1); 1123 $mathspam_operator = $mathspam_calculations[ $mathspam_operation ]; 1124 $mathspam_number_1 = rand( $mathspam_operation === '/' ? 1 : 0 , 10); 1125 1126 // fix divisions to avoid fractional results 1127 if($mathspam_operation === '/') { 1128 1129 switch($mathspam_number_1) { 1130 1131 case 1: $mathspam_number_2 = 1; 1132 break; 1133 1134 case 2: $mathspam_number_2 = array_rand( array(1=>1, 2=>2), 1); 1135 break; 1136 1137 case 3: $mathspam_number_2 = array_rand( array(1=>1, 3=>3), 1); 1138 break; 1139 1140 case 4: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 4=>4), 1); 1141 break; 1142 1143 case 5: $mathspam_number_2 = array_rand( array(1=>1, 5=>5), 1); 1144 break; 1145 1146 case 6: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 3=>3, 6=>6), 1); 1147 break; 1148 1149 case 7: $mathspam_number_2 = array_rand( array(1=>1, 7=>7), 1); 1150 break; 1151 1152 case 8: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 4=>4, 8=>8), 1); 1153 break; 1154 1155 case 9: $mathspam_number_2 = array_rand( array(1=>1, 3=>3, 9=>9), 1); 1156 break; 1157 1158 case 10: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 5=>5, 10=>10), 1); 1159 break; 1160 1161 } 1162 1163 // avoid subtraction with results < 0 1164 } elseif($mathspam_operation === '-') { 1165 1166 $mathspam_number_2 = rand(0, $mathspam_number_1); 1167 1168 } else { 1169 1170 $mathspam_number_2 = rand(0, 10); 1171 1172 } 1173 1174 $mathspam_question = $cnt_form["fields"][$key]['value'][ $mathspam_operator ]; 1175 $mathspam_question .= ' <span class="calc">' . $mathspam_number_1 . ' '; 1176 $mathspam_question .= html_entities( $mathspam_operator ); 1177 //$mathspam_question .= '<i style="display:none;">(%'.mt_rand(0,10000).')</i>'; 1178 $mathspam_question .= ' ' . $mathspam_number_2 . '</span>'; 1179 1180 switch($mathspam_operation) { 1181 1182 case '+': $mathspam_result = $mathspam_number_1 + $mathspam_number_2; break; 1183 case '-': $mathspam_result = $mathspam_number_1 - $mathspam_number_2; break; 1184 case '/': $mathspam_result = $mathspam_number_1 / $mathspam_number_2; break; 1185 case '*': $mathspam_result = $mathspam_number_1 * $mathspam_number_2; break; 1186 1187 } 1188 $mathspam_result = intval($mathspam_result) * 123345 * strlen($phpwcms['db_user']); 1189 $mathspam_result = md5( PHPWCMS_URL . md5($phpwcms['db_pass']) . $mathspam_result ); 1190 1191 // hidden field, contains the hashed result 1192 $form_field .= '<input type="hidden" name="'.$form_name.'_result" value="'.$mathspam_result.'" />'; 1193 1194 $form_field .= ' <span class="mathspam">'; 1195 $form_field .= trim( $cnt_form["fields"][$key]['value']['calc'] . ' ' . trim( $mathspam_question ) ); 1196 $form_field .= '</span>'; 1197 break; 1198 1199 case 'newsletter': /* 1200 * Newsletter 1201 */ 1202 1203 $form_newletter_setting = array(); 1204 $form_newletter_setting['double_optin'] = 0; 1205 $form_value = array(); 1206 1207 if($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { 1208 if(isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) { 1209 $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); 1210 $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); 1211 if(!count($POST_val[$POST_name])) { 1212 $POST_val[$POST_name] = false; 1213 } 1214 } else { 1215 $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false; 1216 } 1217 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 1218 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 1219 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 1220 } else { 1221 $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); 1222 } 1223 1224 if(isset($POST_val[$POST_name])) { 1225 $form_newletter_setting['selection'] = $POST_val[$POST_name]; 1226 } else { 1227 $form_newletter_setting['selection'] = false; 1228 } 1229 1230 } 1231 // prepare default settings for newsletter field 1232 $form_value_default = convertStringToArray($cnt_form["fields"][$key]['value'], "\n", 'UNIQUE', false); 1233 foreach($form_value_default as $form_value_nl) { 1234 1235 $form_value_nl = explode('=', $form_value_nl, 2); 1236 $form_value_nl[0] = trim($form_value_nl[0]); 1237 $form_value_nl[1] = empty($form_value_nl[1]) ? '' : trim($form_value_nl[1]); 1238 1239 if(empty($form_value_nl[0]) || empty($form_value_nl[1])) { 1240 1241 continue; 1242 1243 } else { 1244 1245 switch($form_value_nl[0]) { 1246 1247 case 'all': $form_value[0] = $form_value_nl[1]; break; 1248 case 'email_field': $form_newletter_setting['email_field'] = $form_value_nl[1]; break; 1249 case 'name_field': $form_newletter_setting['name_field'] = $form_value_nl[1]; break; 1250 case 'sender_email': $form_newletter_setting['sender_email'] = $form_value_nl[1]; break; 1251 case 'sender_name': $form_newletter_setting['sender_name'] = $form_value_nl[1]; break; 1252 case 'url_subscribe': $form_newletter_setting['url_subscribe'] = $form_value_nl[1]; break; 1253 case 'url_unsubscribe': $form_newletter_setting['url_unsubscribe'] = $form_value_nl[1]; break; 1254 case 'subject': $form_newletter_setting['subject'] = $form_value_nl[1]; break; 1255 case 'double_optin': $form_newletter_setting['double_optin'] = intval($form_value_nl[1]) ? 1 : 0; break; 1256 1257 default: 1258 if( ($form_value_nl[0] = intval($form_value_nl[0])) ) { 1259 $query = _dbGet('phpwcms_subscription', '*', 'subscription_id='.$form_value_nl[0].' AND subscription_active=1'); 1260 if(isset($query[0])) { 1261 if($form_value_nl[1] == '') { 1262 $form_value_nl[1] = $query[0]['subscription_name']; 1263 } 1264 $form_value[ $form_value_nl[0] ] = $form_value_nl[1]; 1265 } else { 1266 continue; 1267 } 1268 } else { 1269 continue; 1270 } 1271 } 1272 } 1273 } 1274 1275 $form_newletter_setting['subscriptions'] = $form_value; 1276 1277 if($cnt_form["fields"][$key]['class']) { 1278 $form_field .= '<div class="'.$cnt_form["fields"][$key]['class'].'">'; 1279 $checkbox_class = '</div>'; 1280 } else { 1281 $checkbox_class = ''; 1282 } 1283 if($cnt_form["fields"][$key]['style']) { 1284 $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1285 } else { 1286 $checkbox_style = ''; 1287 } 1288 // list of checkboxes 1289 $checkbox_counter = 0; 1290 $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '<br />' : ' '; 1291 foreach($form_value as $checkbox_key => $checkbox_value) { 1292 1293 if(isset($POST_val[$POST_name]) && is_array($POST_val[$POST_name])) { 1294 foreach($POST_val[$POST_name] as $postvar_value) { 1295 if($postvar_value == $checkbox_key) { 1296 $checkbox_key .= ' checked'; 1297 } 1298 } 1299 } 1300 1301 if($checkbox_counter) { 1302 $form_field .= $checkbox_spacer; 1303 } 1304 $form_field .= '<input type="checkbox" name="'.$form_name.'[]" id="'.$form_name.$checkbox_counter.'" '; 1305 if(substr($checkbox_key, -8) != ' checked' && substr($checkbox_value, -8) != ' checked') { 1306 $form_field .= 'value="' . $checkbox_key . '" />'; 1307 } else { 1308 $checkbox_key = str_replace(' checked', '', $checkbox_key); 1309 $checkbox_value = str_replace(' checked', '', $checkbox_value); 1310 $form_field .= 'value="' . $checkbox_key . '" checked="checked" />'; 1311 } 1312 $form_field .= '<label for="'.$form_name.$checkbox_counter.'"'; 1313 $form_field .= $checkbox_style; 1314 $form_field .= '>'.$checkbox_value .'</label>'; 1315 $checkbox_counter++; 1316 } 1317 $form_field .= $checkbox_class; 1318 break; 1319 1320 1321 } 1322 1323 // try to find correct sender name 1324 if($POST_DO && $cnt_form['sendernametype'] == 'formfield_'.$POST_name) { 1325 1326 $cnt_form['sendername'] = cleanUpForEmailHeader($cnt_form["fields"][$key]['value']); 1327 1328 } 1329 // try to build correct subject 1330 if($POST_DO && isset($cnt_form['subjectselect']) && $cnt_form['subjectselect'] == 'formfield_'.$POST_name) { 1331 1332 $cnt_form['subject'] .= ' '.cleanUpForEmailHeader($POST_val[$POST_name]); 1333 $cnt_form['subject'] = trim($cnt_form['subject']); 1334 1335 } 1336 1337 // Build the form elements 1338 1339 if($form_field && $cnt_form["fields"][$key]['type'] != 'hidden') { 1340 1341 1342 if($cnt_form['labelpos'] == 2) { 1343 1344 // custom form template 1345 $POST_name_quoted = preg_quote($POST_name, '/'); 1346 1347 if(empty($POST_ERR[$key])) { 1348 // if error for field empty 1349 $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\].*?\[\/IF_ERROR\]/s', '', $form_cnt); 1350 $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\](.*?)\[\/ELSE_ERROR\]/s', '$1', $form_cnt); 1351 $form_cnt = str_replace('{ERROR:'.$POST_name.'}', '', $form_cnt); 1352 } else { 1353 // field error available 1354 $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\](.*?)\[\/IF_ERROR\]/s', '$1', $form_cnt); 1355 $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\].*?\[\/ELSE_ERROR\]/s', '', $form_cnt); 1356 $form_cnt = str_replace('{ERROR:'.$POST_name.'}', html_specialchars($POST_ERR[$key]), $form_cnt); 1357 } 1358 1359 $form_cnt = str_replace('{'.$POST_name.'}', $form_field, $form_cnt); 1360 $form_cnt = str_replace('{LABEL:'.$POST_name.'}', html_specialchars($cnt_form["fields"][$key]['label']), $form_cnt); 1361 1362 } else { 1363 1364 // default table 1365 1366 if($cnt_form["fields"][$key]['type'] == 'reset' && strpos($form_cnt, '###RESET###')) { 1367 1368 $form_cnt = str_replace('###RESET###', $form_field, $form_cnt); 1369 1370 } else { 1371 1372 if($cnt_form["fields"][$key]['required']) { 1373 $cnt_form['labelClass'] = 'formLabelRequired'; 1374 $cnt_form['labelReqMark'] = $cnt_form["cform_reqmark"]; 1375 } else { 1376 $cnt_form['labelClass'] = 'formLabel'; 1377 $cnt_form['labelReqMark'] = ''; 1378 } 1379 1380 if($cnt_form['labelpos'] == 0) { 1381 // label: field 1382 if($cnt_form["fields"][$key]['type'] != 'break') { 1383 $form_cnt .= "<tr>\n".'<td class="'.$cnt_form['labelClass'].'">'; 1384 if($cnt_form["fields"][$key]['label'] != '') { 1385 $form_cnt .= $cnt_form['label_wrap'][0]; 1386 $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); 1387 $form_cnt .= $cnt_form['labelReqMark']; 1388 $form_cnt .= $cnt_form['label_wrap'][1]; 1389 } else { 1390 $form_cnt .= ' '; 1391 } 1392 $form_cnt .= "</td>\n"; 1393 $form_cnt .= '<td class="formField">'.$form_field."</td>\n</tr>\n"; 1394 } else { 1395 // colspan for break 1396 $form_cnt .= '<tr><td colspan="2">'.$form_field."</td></tr>\n"; 1397 } 1398 } else { 1399 // label: 1400 // field 1401 if($cnt_form["fields"][$key]['label'] != '') { 1402 $form_cnt .= '<tr><td class="'.$cnt_form['labelClass'].'">'.$cnt_form['label_wrap'][0]; 1403 $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); 1404 $form_cnt .= $cnt_form['labelReqMark']; 1405 $form_cnt .= $cnt_form['label_wrap'][1]."</td></tr>\n"; 1406 } 1407 $form_cnt .= '<tr><td class="formField">'.$form_field."</td></tr>\n"; 1408 } 1409 } 1410 1411 } 1412 } 1413 1414 $form_counter++; 1415 } 1416 1417 // check against custom PHP function used to validate form 1418 if($POST_DO && !empty($cnt_form['cform_function_validate']) && is_string($cnt_form['cform_function_validate'])) { 1419 1420 $cnt_form['validate'] = explode('[', trim($cnt_form['cform_function_validate'], ']')); 1421 $cnt_form_validate_function = trim($cnt_form['validate'][0]); 1422 1423 if($cnt_form_validate_function && function_exists($cnt_form_validate_function)) { 1424 1425 $cnt_form_validate_fields = NULL; 1426 1427 if(isset($cnt_form['validate'][1])) { 1428 $cnt_form_validate_fields = trim($cnt_form['validate'][1]); 1429 if($cnt_form_validate_fields) { 1430 $cnt_form_validate_fields = convertStringToArray($cnt_form_validate_fields); 1431 if(empty($cnt_form_validate_fields) || !count($cnt_form_validate_fields)) { 1432 $cnt_form_validate_fields = NULL; 1433 } 1434 } 1435 } 1436 1437 $cnt_form_validate_function($POST_val, $cnt_form_validate_fields); 1438 1439 } 1440 1441 } 1442 } 1443 1444 if(!empty($POST_DO) && empty($POST_ERR)) { 1445 1446 $POST_attach = array(); 1447 $POST_savedb = array(); 1448 1449 // now prepare form values for sending or storing 1450 if(isset($POST_val) && is_array($POST_val) && count($POST_val)) { 1451 1452 // fallback solution for older forms which do not know 1453 // separate email template for "copy to" recipient 1454 if(!isset($cnt_form['template_equal'])) { 1455 $cnt_form['template_equal'] = 1; 1456 } 1457 1458 foreach($POST_val as $POST_key => $POST_keyval) { 1459 1460 $POST_valurl = ''; 1461 1462 if(isset($cnt_form["copyto"]) && $cnt_form["copyto"] == $POST_key) { 1463 $cnt_form["copyto"] = $POST_keyval; 1464 } 1465 1466 if(is_array($POST_keyval) && !isset($POST_keyval['folder'])) { 1467 // check if this is an array - but no upload value 1468 $POST_keyval = implode(', ', $POST_keyval); 1469 1470 } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { 1471 // check if this is an array - and is an upload value 1472 $POST_valurl = PHPWCMS_URL.$POST_keyval['folder'].'/'.rawurlencode($POST_keyval['name']); 1473 if(isset($POST_keyval['attachment']) && $POST_keyval['attachment']) { 1474 $POST_attach[] = PHPWCMS_ROOT.'/'.$POST_keyval['folder'].'/'.$POST_keyval['name']; 1475 } 1476 if(!$cnt_form['template_format']) { 1477 $POST_keyval = $POST_valurl; 1478 } 1479 } 1480 1481 // prepare for storing in database 1482 if(!empty($cnt_form['savedb'])) { 1483 1484 $POST_savedb[$POST_key] = empty($POST_valurl) ? $POST_keyval : $POST_valurl; 1485 1486 } 1487 1488 1489 // first check copy to email template related things 1490 if( !$cnt_form['template_equal'] ) { 1491 1492 if($cnt_form['template_format_copy'] == 1) { //HTML 1493 1494 if(is_string($POST_keyval)) { 1495 $POST_keyval_copy = html_specialchars($POST_keyval); 1496 } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { 1497 $POST_keyval_copy = '<a href="'.$POST_valurl.'" target="_blank">'.html_specialchars($POST_keyval['name']).'</a>'; 1498 } 1499 1500 } else { 1501 1502 $POST_keyval_copy = $POST_keyval; 1503 1504 } 1505 1506 // replace tags in email form 1507 $cnt_form['template_copy'] = str_replace('{'. $POST_key . '}', $POST_keyval_copy, $cnt_form['template_copy']); 1508 1509 } 1510 1511 if($cnt_form['template_format']) { //HTML 1512 1513 if(is_string($POST_keyval)) { 1514 $POST_keyval = html_specialchars($POST_keyval); 1515 } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { 1516 $POST_keyval = '<a href="'.$POST_valurl.'" target="_blank">'.html_specialchars($POST_keyval['name']).'</a>'; 1517 } 1518 1519 $cnt_form['is_html_entity'] = true; 1520 1521 } else { 1522 1523 // remember the HTML entity status 1524 $cnt_form['is_html_entity'] = false; 1525 1526 } 1527 1528 // replace tags in email form 1529 $cnt_form['template'] = str_replace('{'. $POST_key . '}', $POST_keyval, $cnt_form['template']); 1530 1531 //replace tags in the success form but not for redirect. 1532 if($cnt_form["onsuccess_redirect"] !== 1) { 1533 1534 // check if it is htmlentity 1535 if(!$cnt_form['is_html_entity'] && $cnt_form["onsuccess_redirect"] === 2) { 1536 $POST_keyval = html_specialchars($POST_keyval); 1537 } 1538 $cnt_form["onsuccess"] = str_replace('{'. $POST_key . '}', $POST_keyval, $cnt_form["onsuccess"]); 1539 1540 } 1541 1542 } 1543 1544 $cnt_form['fe_current_url'] = PHPWCMS_URL . 'index.php' . returnGlobalGET_QueryString('rawurlencode'); 1545 1546 $cnt_form['template'] = str_replace('{FORM_URL}', $cnt_form['fe_current_url'], $cnt_form['template']); 1547 $cnt_form['template'] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form['template']); 1548 $cnt_form['template'] = preg_replace('/\{DATE:(.*?)\}/e', 'date("$1")', $cnt_form['template']); 1549 1550 if( !$cnt_form['template_equal'] ) { 1551 1552 $cnt_form['template_copy'] = str_replace('{FORM_URL}', $cnt_form['fe_current_url'], $cnt_form['template_copy']); 1553 $cnt_form['template_copy'] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form['template_copy']); 1554 $cnt_form['template_copy'] = preg_replace('/\{DATE:(.*?)\}/e', 'date("$1")', $cnt_form['template_copy']); 1555 $cnt_form['template_copy'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['template_copy']); 1556 1557 } 1558 1559 if($cnt_form["onsuccess_redirect"] !== 1) { 1560 1561 $cnt_form["onsuccess"] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form["onsuccess"]); 1562 $cnt_form['onsuccess'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['onsuccess']); 1563 1564 } 1565 1566 $cnt_form['template'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['template']); 1567 1568 // check if "copy to" email template is equal recipient 1569 // email template and set it the same 1570 if($cnt_form['template_equal'] == 1) { 1571 1572 $cnt_form['template_format_copy'] = $cnt_form['template_format']; 1573 $cnt_form['template_copy'] = $cnt_form['template']; 1574 1575 } 1576 1577 // storing in database moved to 2nd POST_ERR if section 1578 1579 } 1580 1581 1582 // get email addresses of recipients and senders 1583 1584 $cnt_form["target"] = convertStringToArray($cnt_form["target"], ';'); 1585 if(empty($cnt_form["subject"])) { 1586 $cnt_form["alt_subj"] = str_replace('http://', '', $phpwcms['site']); 1587 $cnt_form["alt_subj"] = substr($cnt_form["alt_subj"], 0, trim($phpwcms['site'], '/')); 1588 $cnt_form["subject"] = 'Webform: '.$cnt_form["alt_subj"]; 1589 } 1590 1591 // check for BCC Addresses 1592 $cnt_form['cc'] = empty($cnt_form['cc']) ? array() : convertStringToArray($cnt_form['cc'], ';'); 1593 1594 1595 // first try to send copy message 1596 if(!empty($cnt_form['sendcopy']) && !empty($cnt_form["copyto"]) && is_valid_email($cnt_form["copyto"])) { 1597 $cnt_form['cc'][] = $cnt_form["copyto"]; 1598 $cnt_form['fromEmail'] = $cnt_form["copyto"]; 1599 } 1600 1601 // check for unique recipients (target) and sender (fromEmail) 1602 if(!empty($cnt_form['checktofrom'])) { 1603 1604 foreach($cnt_form["target"] as $value) { 1605 1606 if(strtolower($cnt_form['fromEmail']) == strtolower($value)) { 1607 1608 $POST_ERR[] = 'Sender’s email must be different from recipient’s email'; 1609 break; 1610 } 1611 1612 } 1613 1614 } 1615 1616 } 1617 1618 // do $POST_ERR test again to handle possible duplicates 1619 // in case 'checktofrom' = 1 1620 if(!empty($POST_DO) && empty($POST_ERR)) { 1621 1622 // check if there are form values which should be saved in db 1623 if(count($POST_savedb)) { 1624 1625 $POST_savedb_sql = 'INSERT INTO '.DB_PREPEND.'phpwcms_formresult '; 1626 $POST_savedb_sql .= '(formresult_pid, formresult_ip, formresult_content) VALUES ('; 1627 $POST_savedb_sql .= $crow['acontent_id'].", '".aporeplace(getRemoteIP())."', '"; 1628 $POST_savedb_sql .= aporeplace(serialize($POST_savedb)) . "')"; 1629 $POST_savedb_sql = _dbQuery($POST_savedb_sql, 'INSERT'); 1630 1631 } 1632 1633 1634 // send mail, include phpmailer class 1635 require_once ('include/inc_ext/phpmailer/class.phpmailer.php'); 1636 1637 // now run all CC -> but sent as full email to each CC recipient 1638 if(count($cnt_form['cc'])) { 1639 1640 $mail = new PHPMailer(); 1641 $mail->Mailer = $phpwcms['SMTP_MAILER']; 1642 $mail->Host = $phpwcms['SMTP_HOST']; 1643 $mail->Port = $phpwcms['SMTP_PORT']; 1644 if($phpwcms['SMTP_AUTH']) { 1645 $mail->SMTPAuth = 1; 1646 $mail->Username = $phpwcms['SMTP_USER']; 1647 $mail->Password = $phpwcms['SMTP_PASS']; 1648 } 1649 $mail->CharSet = $phpwcms["charset"]; 1650 1651 if(isset($cnt_form['function_cc']) && function_exists($cnt_form['function_cc'])) { 1652 @$cnt_form['function_cc']($POST_savedb, $cnt_form, $mail); 1653 } 1654 1655 $mail->IsHTML($cnt_form['template_format_copy']); 1656 $mail->Subject = $cnt_form["subject"]; 1657 $mail->Body = $cnt_form['template_copy']; 1658 if(!$mail->SetLanguage($phpwcms['default_lang'], '')) { 1659 $mail->SetLanguage('en'); 1660 } 1661 1662 $mail->From = $cnt_form['sender']; 1663 $mail->FromName = $cnt_form['sendername']; 1664 $mail->Sender = $cnt_form['sender']; 1665 1666 $cnt_form["copytoError"] = array(); 1667 1668 foreach($cnt_form['cc'] as $cc_email) { 1669 1670 $mail->AddAddress($cc_email); 1671 1672 if(!$mail->Send()) { 1673 $cnt_form["copytoError"][] = html_specialchars($cc_email.' ('.$mail->ErrorInfo.')'); 1674 } 1675 1676 $mail->ClearAddresses(); 1677 1678 } 1679 1680 if(count($cnt_form["copytoError"])) { 1681 $cnt_form["copytoError"] = implode('<br />', $cnt_form["copytoError"]); 1682 } else { 1683 unset($cnt_form["copytoError"]); 1684 } 1685 1686 unset($mail); 1687 } 1688 1689 // now send original message 1690 $mail = new PHPMailer(); 1691 $mail->Mailer = $phpwcms['SMTP_MAILER']; 1692 $mail->Host = $phpwcms['SMTP_HOST']; 1693 $mail->Port = $phpwcms['SMTP_PORT']; 1694 if($phpwcms['SMTP_AUTH']) { 1695 $mail->SMTPAuth = 1; 1696 $mail->Username = $phpwcms['SMTP_USER']; 1697 $mail->Password = $phpwcms['SMTP_PASS']; 1698 } 1699 $mail->CharSet = $phpwcms["charset"]; 1700 1701 if(isset($cnt_form['function_to']) && function_exists($cnt_form['function_to'])) { 1702 @$cnt_form['function_to']($POST_savedb, $cnt_form, $mail); 1703 } 1704 1705 $mail->IsHTML($cnt_form['template_format']); 1706 $mail->Subject = $cnt_form["subject"]; 1707 $mail->Body = $cnt_form['template']; 1708 1709 if(!$mail->SetLanguage($phpwcms['default_lang'], '')) { 1710 $mail->SetLanguage('en'); 1711 } 1712 if(empty($cnt_form["fromEmail"])) { 1713 $cnt_form["fromEmail"] = $phpwcms['SMTP_FROM_EMAIL']; 1714 } 1715 $mail->From = $cnt_form['sender']; 1716 $mail->FromName = $cnt_form['sendername']; 1717 $mail->Sender = $cnt_form['sender']; 1718 1719 if(!empty($cnt_form["target"]) && is_array($cnt_form["target"]) && count($cnt_form["target"])) { 1720 1721 foreach($cnt_form["target"] as $e_value) { 1722 $mail->AddAddress(trim($e_value)); 1723 } 1724 1725 } else { 1726 // use default email address 1727 $mail->AddAddress($phpwcms['SMTP_FROM_EMAIL']); 1728 } 1729 1730 if(count($POST_attach)) { 1731 foreach($POST_attach as $attach_file) { 1732 $mail->AddAttachment($attach_file); 1733 } 1734 } 1735 1736 if(!$mail->Send()) { 1737 $CNT_TMP .= '<p>'.html_specialchars($mail->ErrorInfo).'</p>'; 1738 } else { 1739 1740 // check if user should be registered for newsletter 1741 if(isset($form_newletter_setting['selection']) && count($form_newletter_setting['selection'])) { 1742 1743 // first check if neccessary form field is valid email 1744 if(isset($POST_val[ $form_newletter_setting['email_field'] ]) && is_valid_email($POST_val[ $form_newletter_setting['email_field'] ])) { 1745 1746 // ok now I know we can store email as newsletter recipient 1747 $form_newletter_setting['email_field'] = $POST_val[ $form_newletter_setting['email_field'] ]; 1748 1749 // now try to find fields to build recipient's name, if empty name is same as email 1750 if(!empty($form_newletter_setting['name_field'])) { 1751 1752 // split by "+" 1753 $form_newletter_setting['name_field_tmp'] = explode('+', $form_newletter_setting['name_field']); 1754 $form_newletter_setting['name_field'] = ''; 1755 foreach($form_newletter_setting['name_field_tmp'] as $form_value_nl) { 1756 1757 // empty - continue 1758 if(empty($form_value_nl)) continue; 1759 1760 // now check if field name exists and build corresponding name value 1761 if(empty($POST_val[ trim($form_value_nl) ])) { 1762 $form_newletter_setting['name_field'] .= $form_value_nl; 1763 } else { 1764 $form_value_nl = trim($form_value_nl); 1765 $form_newletter_setting['name_field'] .= $POST_val[ $form_value_nl ]; 1766 } 1767 1768 } 1769 $form_newletter_setting['name_field'] = trim($form_newletter_setting['name_field']); 1770 1771 } 1772 1773 if(empty($form_newletter_setting['name_field'])) { 1774 $form_newletter_setting['name_field'] = $form_newletter_setting['email_field']; 1775 } 1776 1777 $form_newletter_setting['hash'] = preg_replace('/[^a-z0-9]/i', '', shortHash( $form_newletter_setting['email_field'].time() ) ); 1778 1779 // create SQL query to populate recipient into recipients db 1780 $form_newletter_setting['sql'] = 'INSERT INTO '.DB_PREPEND.'phpwcms_address '; 1781 $form_newletter_setting['sql'] .= '(address_key, address_email, address_name, address_verified, '; 1782 $form_newletter_setting['sql'] .= 'address_subscription, address_url1, address_url2) VALUES ('; 1783 $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['hash'])."', "; 1784 $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['email_field'])."', "; 1785 $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['name_field'])."', "; 1786 $form_newletter_setting['sql'] .= (empty($form_newletter_setting['double_optin']) ? 1 : 0) .", "; 1787 $form_newletter_setting['sql'] .= "'".aporeplace(serialize($form_newletter_setting['selection']))."', "; 1788 $form_newletter_setting['sql'] .= "'".aporeplace(empty($form_newletter_setting['url_subscribe']) ? '' : $form_newletter_setting['url_subscribe'])."', "; 1789 $form_newletter_setting['sql'] .= "'".aporeplace(empty($form_newletter_setting['url_unsubscribe']) ? '' : $form_newletter_setting['url_unsubscribe'])."'"; 1790 $form_newletter_setting['sql'] .= ')'; 1791 1792 // save recipient in db and send verify message in case of double opt-in 1793 $form_newletter_setting['query_result'] = @_dbQuery($form_newletter_setting['sql'], 'INSERT'); 1794 1795 // now send opt-in email 1796 if(!empty($form_newletter_setting['double_optin'])) { 1797 1798 if(empty($cnt_form['verifyemail'])) { 1799 $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE.'inc_cntpart/newsletter/email/default.opt-in.txt'); 1800 if(empty($cnt_form['verifyemail'])) { 1801 $cnt_form['verifyemail'] = 'Hi {NEWSLETTER_NAME},'.LF.LF.'Someone (presumably you) on {SITE}'.LF.'subscribed to these newsletters:'.LF; 1802 $cnt_form['verifyemail'] .= '{SUBSCRIPTIONS}'.LF.LF.'The following email was requested for subscription'.LF.'{NEWSLETTER_EMAIL}'.LF.LF; 1803 $cnt_form['verifyemail'] .= 'If you requested this subscription, visit the following URL'.LF.'{NEWSLETTER_VERIFY}'.LF.'to verify and activate it.'.LF.LF; 1804 $cnt_form['verifyemail'] .= 'Ignore the message or visit the following URL'.LF.'{NEWSLETTER_DELETE}'.LF.'and nothing will happen.'.LF.LF.LF; 1805 $cnt_form['verifyemail'] .= 'With best regards'.LF.'Webmaster'.LF.LF.'--'.LF.'{DATE:m/d/Y H:i:s}, IP: {IP}'.LF; 1806 } 1807 } 1808 1809 $form_newletter_setting['hash'] = rawurlencode($form_newletter_setting['hash']); 1810 1811 $form_newletter_setting['selection_text'] = array(); 1812 foreach($form_newletter_setting['selection'] as $form_value_nl) { 1813 $form_newletter_setting['subscr_text'][] = '[X] '.$form_newletter_setting['subscriptions'][$form_value_nl]; 1814 } 1815 1816 if($form_newletter_setting['email_field'] == $form_newletter_setting['name_field']) $form_newletter_setting['name_field'] = ''; 1817 1818 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_NAME}', $form_newletter_setting['name_field'], $cnt_form['verifyemail']); 1819 $cnt_form['verifyemail'] = str_replace('{SUBSCRIPTIONS}', implode(LF, $form_newletter_setting['subscr_text']), $cnt_form['verifyemail']); 1820 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_EMAIL}', $form_newletter_setting['email_field'], $cnt_form['verifyemail']); 1821 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_VERIFY}', PHPWCMS_URL.'verify.php?s='.$form_newletter_setting['hash'], $cnt_form['verifyemail']); 1822 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_DELETE}', PHPWCMS_URL.'verify.php?u='.$form_newletter_setting['hash'], $cnt_form['verifyemail']); 1823 $cnt_form['verifyemail'] = replaceGlobalRT($cnt_form['verifyemail']); 1824 1825 if(empty($form_newletter_setting['sender_email'])) $form_newletter_setting['sender_email'] = $cnt_form['sender']; 1826 if(empty($form_newletter_setting['sender_name'])) $form_newletter_setting['sender_name'] = $cnt_form['sendername']; 1827 1828 // now send verification email 1829 @sendEmail(array( 'recipient' => $form_newletter_setting['email_field'], 1830 'toName' => $form_newletter_setting['name_field'], 1831 'subject' => $form_newletter_setting['subject'], 1832 'text' => $cnt_form['verifyemail'], 1833 'from' => $form_newletter_setting['sender_email'], 1834 'fromName' => $form_newletter_setting['sender_name'], 1835 'sender' => $form_newletter_setting['sender_email'] )); 1836 1837 } 1838 1839 } 1840 1841 } 1842 1843 if($cnt_form["onsuccess_redirect"] === 1) { 1844 // redirect on success 1845 headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onsuccess"])); 1846 1847 } elseif($cnt_form["onsuccess"]) { 1848 // success 1849 1850 $CNT_TMP .= '<div'; 1851 $CNT_TMP .= $cnt_form["class"] ? ' class="'.$cnt_form["class"].'">' : '>'; 1852 1853 if($cnt_form["onsuccess_redirect"] === 0) { 1854 $CNT_TMP .= '<p>'.nl2br(html_specialchars($cnt_form["onsuccess"])).'</p>'; 1855 } else { 1856 $CNT_TMP .= $cnt_form["onsuccess"]; 1857 } 1858 $CNT_TMP .= '</div>'; 1859 } 1860 1861 } 1862 if(!empty($cnt_form["copytoError"])) { 1863 $CNT_TMP .= '<p>'.$cnt_form["copytoError"].'</p>'; 1864 } 1865 1866 unset($mail); 1867 1868 $form_cnt = ''; 1869 1870 } elseif(isset($POST_ERR)) { 1871 // do on POST_ERROR 1872 1873 if(isset($_FILES)) { 1874 foreach($_FILES as $file_key => $file_val) { 1875 @unlink($_FILES[$file_key]['tmp_name']); 1876 } 1877 if(isset($POST_val) && count($POST_val)) { 1878 foreach($POST_val as $file_key => $file_val) { 1879 @unlink(PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$POST_val[$file_key]['name']); 1880 } 1881 } 1882 } 1883 1884 if($cnt_form["onerror_redirect"] === 1) { 1885 1886 headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onerror"])); 1887 1888 } else { 1889 1890 if($cnt_form["onerror"]) { 1891 1892 if($cnt_form["onerror_redirect"] === 0) { 1893 $form_error_text = '<p>'.nl2br(html_specialchars($cnt_form["onerror"])).'</p>'; 1894 } else { 1895 $form_error_text = $cnt_form["onerror"]; 1896 } 1897 } 1898 1899 $POST_ERR = array_diff( $POST_ERR , array('') ); 1900 $POST_ERR = array_map( 'html_specialchars', $POST_ERR ); 1901 if($cnt_form['labelpos'] != 2 && count( $POST_ERR ) ) { 1902 $form_error = "<tr>\n"; 1903 if($cnt_form['labelpos'] == 0) { // label: field 1904 $form_error .= '<td class="'.$cnt_form['labelClass'].'">'." </td>\n"; 1905 } 1906 $form_error .= '<td'.(!empty($cnt_form["error_class"]) ? ' class="'.$cnt_form["error_class"].'"' : '').'>'; 1907 $form_error .= implode("<br />", $POST_ERR); 1908 $form_error .= "</td>\n</tr>\n"; 1909 1910 $form_cnt = $form_error.$form_cnt; 1911 unset($form_error); 1912 } 1913 1914 } 1915 1916 } else { 1917 1918 // form was not send yet 1919 // display startup text 1920 1921 if(!empty($cnt_form['startup'])) { 1922 1923 if(empty($cnt_form['startup_html'])) { 1924 1925 $CNT_TMP .= LF . '<p>'.nl2br(html_specialchars($cnt_form['startup'])).'</p>' . LF; 1926 1927 } else { 1928 1929 $CNT_TMP .= LF . $cnt_form['startup'] . LF; 1930 1931 } 1932 1933 } 1934 } 1935 1936 1937 if($form_cnt) { 1938 $form_cnt = str_replace('###RESET###', '', $form_cnt); 1939 $cnt_form["class_close"] = ''; 1940 if($cnt_form["class"]) { 1941 $CNT_TMP .= '<div class="'.$cnt_form["class"].'">'; 1942 $cnt_form["class_close"] = '</div>'; 1943 $cnt_form['class'] = ' class="form-'.$cnt_form["class"].'"'; 1944 } else { 1945 $cnt_form['class'] = ''; 1946 } 1947 $CNT_TMP .= $form_error_text; 1948 $CNT_TMP .= '<form name="phpwcmsForm'.$crow["acontent_id"].'" id="phpwcmsForm'.$crow["acontent_id"].'"'.$cnt_form['class']; 1949 $CNT_TMP .= ' action="'.rel_url().'#jumpForm'.$crow["acontent_id"].'" method="post"'; 1950 $CNT_TMP .= $cnt_form['is_enctype'] ? ' enctype="multipart/form-data">' : '>'; 1951 1952 if($cnt_form['labelpos'] == 2) { 1953 1954 if(isset($POST_ERR) && count($POST_ERR)) { 1955 $form_cnt = preg_replace('/\[IF_ERROR\](.*?)\[\/IF_ERROR\]/s', '$1', $form_cnt); 1956 $form_cnt = preg_replace('/\[ELSE_ERROR\].*?\[\/ELSE_ERROR\]/s', '', $form_cnt); 1957 } else { 1958 $form_cnt = preg_replace('/\[IF_ERROR\].*?\[\/IF_ERROR\]/s', '', $form_cnt); 1959 $form_cnt = preg_replace('/\[ELSE_ERROR\](.*?)\[\/ELSE_ERROR\]/s', '$1', $form_cnt); 1960 } 1961 $CNT_TMP .= "\n". $form_cnt ."\n"; 1962 } else { 1963 $CNT_TMP .= '<table cellspacing="0" cellpadding="0" border="0">'; 1964 $CNT_TMP .= "\n".$form_cnt.'</table>'; 1965 } 1966 1967 $CNT_TMP .= LF . '<div><input type="hidden" name="cpID'.$crow["acontent_id"].'" value="'.$crow["acontent_id"].'" />'; 1968 $CNT_TMP .= $form_field_hidden; 1969 $CNT_TMP .= getFormTrackingValue(); //hidden form tracking field 1970 $CNT_TMP .= '</div>' . LF . '</form>'.$cnt_form["class_close"]; 1971 } 1972 1973 unset( $form, $form_cnt, $form_cnt_2, $form_field, $form_field_hidden, $form_counter, $form_error_text, $POST_ERR ); 1974 1975 // reset form tracking status to default value 1976 $phpwcms['form_tracking'] = $default_formtracking_value; 1977 1978 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Nov 16 22:51:00 2010 | Cross-referenced by PHPXref 0.7 |