', $form_field); break; case 'mathspam': /* * Math Spam Protect */ if($POST_DO) { $POST_val[$POST_name] = isset($_POST[$POST_name]) && trim(is_numeric($_POST[$POST_name])) ? intval($_POST[$POST_name]) : -1; $mathspam_result = $POST_val[$POST_name] * 123345 * strlen($phpwcms['db_user']); $mathspam_result = md5( PHPWCMS_URL . md5($phpwcms['db_pass']) . $mathspam_result ); $mathspam_default = isset($_POST[$POST_name.'_result']) ? trim($_POST[$POST_name.'_result']) : ''; if($mathspam_result != $mathspam_default || ($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] === ''))) { $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? 'Math spam protection error' : $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } } $form_field .= ''+', '-'=>'-', '*'=>'*', '/'=>':'); $mathspam_operation = array_rand($mathspam_calculations, 1); $mathspam_operator = $mathspam_calculations[ $mathspam_operation ]; $mathspam_number_1 = rand( $mathspam_operation === '/' ? 1 : 0 , 10); // fix divisions to avoid fractional results if($mathspam_operation === '/') { switch($mathspam_number_1) { case 1: $mathspam_number_2 = 1; break; case 2: $mathspam_number_2 = array_rand( array(1=>1, 2=>2), 1); break; case 3: $mathspam_number_2 = array_rand( array(1=>1, 3=>3), 1); break; case 4: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 4=>4), 1); break; case 5: $mathspam_number_2 = array_rand( array(1=>1, 5=>5), 1); break; case 6: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 3=>3, 6=>6), 1); break; case 7: $mathspam_number_2 = array_rand( array(1=>1, 7=>7), 1); break; case 8: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 4=>4, 8=>8), 1); break; case 9: $mathspam_number_2 = array_rand( array(1=>1, 3=>3, 9=>9), 1); break; case 10: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 5=>5, 10=>10), 1); break; } // avoid subtraction with results < 0 } elseif($mathspam_operation === '-') { $mathspam_number_2 = rand(0, $mathspam_number_1); } else { $mathspam_number_2 = rand(0, 10); } $mathspam_question = $cnt_form["fields"][$key]['value'][ $mathspam_operator ]; $mathspam_question .= ' ' . $mathspam_number_1 . ' '; $mathspam_question .= html_entities( $mathspam_operator ); //$mathspam_question .= '(%'.mt_rand(0,10000).')'; $mathspam_question .= ' ' . $mathspam_number_2 . ''; switch($mathspam_operation) { case '+': $mathspam_result = $mathspam_number_1 + $mathspam_number_2; break; case '-': $mathspam_result = $mathspam_number_1 - $mathspam_number_2; break; case '/': $mathspam_result = $mathspam_number_1 / $mathspam_number_2; break; case '*': $mathspam_result = $mathspam_number_1 * $mathspam_number_2; break; } $mathspam_result = intval($mathspam_result) * 123345 * strlen($phpwcms['db_user']); $mathspam_result = md5( PHPWCMS_URL . md5($phpwcms['db_pass']) . $mathspam_result ); // hidden field, contains the hashed result $form_field .= ''; $form_field .= ' '; $form_field .= trim( $cnt_form["fields"][$key]['value']['calc'] . ' ' . trim( $mathspam_question ) ); $form_field .= ''; break; case 'newsletter': /* * Newsletter */ $form_newletter_setting = array(); $form_newletter_setting['double_optin'] = 0; $form_value = array(); if($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { if(isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) { $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); if(!count($POST_val[$POST_name])) { $POST_val[$POST_name] = false; } } else { $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false; } if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); } else { $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); } if(isset($POST_val[$POST_name])) { $form_newletter_setting['selection'] = $POST_val[$POST_name]; } else { $form_newletter_setting['selection'] = false; } } // prepare default settings for newsletter field $form_value_default = convertStringToArray($cnt_form["fields"][$key]['value'], "\n", 'UNIQUE', false); foreach($form_value_default as $form_value_nl) { $form_value_nl = explode('=', $form_value_nl, 2); $form_value_nl[0] = trim($form_value_nl[0]); $form_value_nl[1] = empty($form_value_nl[1]) ? '' : trim($form_value_nl[1]); if(empty($form_value_nl[0]) || empty($form_value_nl[1])) { continue; } else { switch($form_value_nl[0]) { case 'all': $form_value[0] = $form_value_nl[1]; break; case 'email_field': $form_newletter_setting['email_field'] = $form_value_nl[1]; break; case 'name_field': $form_newletter_setting['name_field'] = $form_value_nl[1]; break; case 'sender_email': $form_newletter_setting['sender_email'] = $form_value_nl[1]; break; case 'sender_name': $form_newletter_setting['sender_name'] = $form_value_nl[1]; break; case 'url_subscribe': $form_newletter_setting['url_subscribe'] = $form_value_nl[1]; break; case 'url_unsubscribe': $form_newletter_setting['url_unsubscribe'] = $form_value_nl[1]; break; case 'subject': $form_newletter_setting['subject'] = $form_value_nl[1]; break; case 'double_optin': $form_newletter_setting['double_optin'] = intval($form_value_nl[1]) ? 1 : 0; break; default: if( ($form_value_nl[0] = intval($form_value_nl[0])) ) { $query = _dbGet('phpwcms_subscription', '*', 'subscription_id='.$form_value_nl[0].' AND subscription_active=1'); if(isset($query[0])) { if($form_value_nl[1] == '') { $form_value_nl[1] = $query[0]['subscription_name']; } $form_value[ $form_value_nl[0] ] = $form_value_nl[1]; } else { continue; } } else { continue; } } } } $form_newletter_setting['subscriptions'] = $form_value; if($cnt_form["fields"][$key]['class']) { $form_field .= ''; } else { $checkbox_class = ''; } if($cnt_form["fields"][$key]['style']) { $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; } else { $checkbox_style = ''; } // list of checkboxes $checkbox_counter = 0; $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '
' : ' '; foreach($form_value as $checkbox_key => $checkbox_value) { if(isset($POST_val[$POST_name]) && is_array($POST_val[$POST_name])) { foreach($POST_val[$POST_name] as $postvar_value) { if($postvar_value == $checkbox_key) { $checkbox_key .= ' checked'; } } } if($checkbox_counter) { $form_field .= $checkbox_spacer; } $form_field .= ''; } else { $checkbox_key = str_replace(' checked', '', $checkbox_key); $checkbox_value = str_replace(' checked', '', $checkbox_value); $form_field .= 'value="' . $checkbox_key . '" checked="checked" />'; } $form_field .= ''; $checkbox_counter++; } $form_field .= $checkbox_class; break; } // try to find correct sender name if($POST_DO && $cnt_form['sendernametype'] == 'formfield_'.$POST_name) { $cnt_form['sendername'] = cleanUpForEmailHeader($cnt_form["fields"][$key]['value']); } // try to build correct subject if($POST_DO && isset($cnt_form['subjectselect']) && $cnt_form['subjectselect'] == 'formfield_'.$POST_name) { $cnt_form['subject'] .= ' '.cleanUpForEmailHeader($POST_val[$POST_name]); $cnt_form['subject'] = trim($cnt_form['subject']); } // Build the form elements if($form_field && $cnt_form["fields"][$key]['type'] != 'hidden') { if($cnt_form['labelpos'] == 2) { // custom form template $POST_name_quoted = preg_quote($POST_name, '/'); if(empty($POST_ERR[$key])) { // if error for field empty $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\].*?\[\/IF_ERROR\]/s', '', $form_cnt); $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\](.*?)\[\/ELSE_ERROR\]/s', '$1', $form_cnt); $form_cnt = str_replace('{ERROR:'.$POST_name.'}', '', $form_cnt); } else { // field error available $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\](.*?)\[\/IF_ERROR\]/s', '$1', $form_cnt); $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\].*?\[\/ELSE_ERROR\]/s', '', $form_cnt); $form_cnt = str_replace('{ERROR:'.$POST_name.'}', html_specialchars($POST_ERR[$key]), $form_cnt); } $form_cnt = str_replace('{'.$POST_name.'}', $form_field, $form_cnt); $form_cnt = str_replace('{LABEL:'.$POST_name.'}', html_specialchars($cnt_form["fields"][$key]['label']), $form_cnt); } else { // default table if($cnt_form["fields"][$key]['type'] == 'reset' && strpos($form_cnt, '###RESET###')) { $form_cnt = str_replace('###RESET###', $form_field, $form_cnt); } else { if($cnt_form["fields"][$key]['required']) { $cnt_form['labelClass'] = 'formLabelRequired'; $cnt_form['labelReqMark'] = $cnt_form["cform_reqmark"]; } else { $cnt_form['labelClass'] = 'formLabel'; $cnt_form['labelReqMark'] = ''; } if($cnt_form['labelpos'] == 0) { // label: field if($cnt_form["fields"][$key]['type'] != 'break') { $form_cnt .= "\n".''; if($cnt_form["fields"][$key]['label'] != '') { $form_cnt .= $cnt_form['label_wrap'][0]; $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); $form_cnt .= $cnt_form['labelReqMark']; $form_cnt .= $cnt_form['label_wrap'][1]; } else { $form_cnt .= ' '; } $form_cnt .= "\n"; $form_cnt .= ''.$form_field."\n\n"; } else { // colspan for break $form_cnt .= ''.$form_field."\n"; } } else { // label: // field if($cnt_form["fields"][$key]['label'] != '') { $form_cnt .= ''.$cnt_form['label_wrap'][0]; $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); $form_cnt .= $cnt_form['labelReqMark']; $form_cnt .= $cnt_form['label_wrap'][1]."\n"; } $form_cnt .= ''.$form_field."\n"; } } } } $form_counter++; } // check against custom PHP function used to validate form if($POST_DO && !empty($cnt_form['cform_function_validate']) && is_string($cnt_form['cform_function_validate'])) { $cnt_form['validate'] = explode('[', trim($cnt_form['cform_function_validate'], ']')); $cnt_form_validate_function = trim($cnt_form['validate'][0]); if($cnt_form_validate_function && function_exists($cnt_form_validate_function)) { $cnt_form_validate_fields = NULL; if(isset($cnt_form['validate'][1])) { $cnt_form_validate_fields = trim($cnt_form['validate'][1]); if($cnt_form_validate_fields) { $cnt_form_validate_fields = convertStringToArray($cnt_form_validate_fields); if(empty($cnt_form_validate_fields) || !count($cnt_form_validate_fields)) { $cnt_form_validate_fields = NULL; } } } $cnt_form_validate_function($POST_val, $cnt_form_validate_fields); } } } if(!empty($POST_DO) && empty($POST_ERR)) { $POST_attach = array(); $POST_savedb = array(); // now prepare form values for sending or storing if(isset($POST_val) && is_array($POST_val) && count($POST_val)) { // fallback solution for older forms which do not know // separate email template for "copy to" recipient if(!isset($cnt_form['template_equal'])) { $cnt_form['template_equal'] = 1; } foreach($POST_val as $POST_key => $POST_keyval) { $POST_valurl = ''; if(isset($cnt_form["copyto"]) && $cnt_form["copyto"] == $POST_key) { $cnt_form["copyto"] = $POST_keyval; } if(is_array($POST_keyval) && !isset($POST_keyval['folder'])) { // check if this is an array - but no upload value $POST_keyval = implode(', ', $POST_keyval); } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { // check if this is an array - and is an upload value $POST_valurl = PHPWCMS_URL.$POST_keyval['folder'].'/'.rawurlencode($POST_keyval['name']); if(isset($POST_keyval['attachment']) && $POST_keyval['attachment']) { $POST_attach[] = PHPWCMS_ROOT.'/'.$POST_keyval['folder'].'/'.$POST_keyval['name']; } if(!$cnt_form['template_format']) { $POST_keyval = $POST_valurl; } } // prepare for storing in database if(!empty($cnt_form['savedb'])) { $POST_savedb[$POST_key] = empty($POST_valurl) ? $POST_keyval : $POST_valurl; } // first check copy to email template related things if( !$cnt_form['template_equal'] ) { if($cnt_form['template_format_copy'] == 1) { //HTML if(is_string($POST_keyval)) { $POST_keyval_copy = html_specialchars($POST_keyval); } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { $POST_keyval_copy = ''.html_specialchars($POST_keyval['name']).''; } } else { $POST_keyval_copy = $POST_keyval; } // replace tags in email form $cnt_form['template_copy'] = str_replace('{'. $POST_key . '}', $POST_keyval_copy, $cnt_form['template_copy']); } if($cnt_form['template_format']) { //HTML if(is_string($POST_keyval)) { $POST_keyval = html_specialchars($POST_keyval); } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { $POST_keyval = ''.html_specialchars($POST_keyval['name']).''; } $cnt_form['is_html_entity'] = true; } else { // remember the HTML entity status $cnt_form['is_html_entity'] = false; } // replace tags in email form $cnt_form['template'] = str_replace('{'. $POST_key . '}', $POST_keyval, $cnt_form['template']); //replace tags in the success form but not for redirect. if($cnt_form["onsuccess_redirect"] !== 1) { // check if it is htmlentity if(!$cnt_form['is_html_entity'] && $cnt_form["onsuccess_redirect"] === 2) { $POST_keyval = html_specialchars($POST_keyval); } $cnt_form["onsuccess"] = str_replace('{'. $POST_key . '}', $POST_keyval, $cnt_form["onsuccess"]); } } $cnt_form['fe_current_url'] = PHPWCMS_URL . 'index.php' . returnGlobalGET_QueryString('rawurlencode'); $cnt_form['template'] = str_replace('{FORM_URL}', $cnt_form['fe_current_url'], $cnt_form['template']); $cnt_form['template'] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form['template']); $cnt_form['template'] = preg_replace('/\{DATE:(.*?)\}/e', 'date("$1")', $cnt_form['template']); if( !$cnt_form['template_equal'] ) { $cnt_form['template_copy'] = str_replace('{FORM_URL}', $cnt_form['fe_current_url'], $cnt_form['template_copy']); $cnt_form['template_copy'] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form['template_copy']); $cnt_form['template_copy'] = preg_replace('/\{DATE:(.*?)\}/e', 'date("$1")', $cnt_form['template_copy']); $cnt_form['template_copy'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['template_copy']); } if($cnt_form["onsuccess_redirect"] !== 1) { $cnt_form["onsuccess"] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form["onsuccess"]); $cnt_form['onsuccess'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['onsuccess']); } $cnt_form['template'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['template']); // check if "copy to" email template is equal recipient // email template and set it the same if($cnt_form['template_equal'] == 1) { $cnt_form['template_format_copy'] = $cnt_form['template_format']; $cnt_form['template_copy'] = $cnt_form['template']; } // storing in database moved to 2nd POST_ERR if section } // get email addresses of recipients and senders $cnt_form["target"] = convertStringToArray($cnt_form["target"], ';'); if(empty($cnt_form["subject"])) { $cnt_form["alt_subj"] = str_replace('http://', '', $phpwcms['site']); $cnt_form["alt_subj"] = substr($cnt_form["alt_subj"], 0, trim($phpwcms['site'], '/')); $cnt_form["subject"] = 'Webform: '.$cnt_form["alt_subj"]; } // check for BCC Addresses $cnt_form['cc'] = empty($cnt_form['cc']) ? array() : convertStringToArray($cnt_form['cc'], ';'); // first try to send copy message if(!empty($cnt_form['sendcopy']) && !empty($cnt_form["copyto"]) && is_valid_email($cnt_form["copyto"])) { $cnt_form['cc'][] = $cnt_form["copyto"]; $cnt_form['fromEmail'] = $cnt_form["copyto"]; } // check for unique recipients (target) and sender (fromEmail) if(!empty($cnt_form['checktofrom'])) { foreach($cnt_form["target"] as $value) { if(strtolower($cnt_form['fromEmail']) == strtolower($value)) { $POST_ERR[] = 'Sender’s email must be different from recipient’s email'; break; } } } } // do $POST_ERR test again to handle possible duplicates // in case 'checktofrom' = 1 if(!empty($POST_DO) && empty($POST_ERR)) { // check if there are form values which should be saved in db if(count($POST_savedb)) { $POST_savedb_sql = 'INSERT INTO '.DB_PREPEND.'phpwcms_formresult '; $POST_savedb_sql .= '(formresult_pid, formresult_ip, formresult_content) VALUES ('; $POST_savedb_sql .= $crow['acontent_id'].", '".aporeplace(getRemoteIP())."', '"; $POST_savedb_sql .= aporeplace(serialize($POST_savedb)) . "')"; $POST_savedb_sql = _dbQuery($POST_savedb_sql, 'INSERT'); } // send mail, include phpmailer class require_once ('include/inc_ext/phpmailer/class.phpmailer.php'); // now run all CC -> but sent as full email to each CC recipient if(count($cnt_form['cc'])) { $mail = new PHPMailer(); $mail->Mailer = $phpwcms['SMTP_MAILER']; $mail->Host = $phpwcms['SMTP_HOST']; $mail->Port = $phpwcms['SMTP_PORT']; if($phpwcms['SMTP_AUTH']) { $mail->SMTPAuth = 1; $mail->Username = $phpwcms['SMTP_USER']; $mail->Password = $phpwcms['SMTP_PASS']; } $mail->CharSet = $phpwcms["charset"]; if(isset($cnt_form['function_cc']) && function_exists($cnt_form['function_cc'])) { @$cnt_form['function_cc']($POST_savedb, $cnt_form, $mail); } $mail->IsHTML($cnt_form['template_format_copy']); $mail->Subject = $cnt_form["subject"]; $mail->Body = $cnt_form['template_copy']; if(!$mail->SetLanguage($phpwcms['default_lang'], '')) { $mail->SetLanguage('en'); } $mail->From = $cnt_form['sender']; $mail->FromName = $cnt_form['sendername']; $mail->Sender = $cnt_form['sender']; $cnt_form["copytoError"] = array(); foreach($cnt_form['cc'] as $cc_email) { $mail->AddAddress($cc_email); if(!$mail->Send()) { $cnt_form["copytoError"][] = html_specialchars($cc_email.' ('.$mail->ErrorInfo.')'); } $mail->ClearAddresses(); } if(count($cnt_form["copytoError"])) { $cnt_form["copytoError"] = implode('
', $cnt_form["copytoError"]); } else { unset($cnt_form["copytoError"]); } unset($mail); } // now send original message $mail = new PHPMailer(); $mail->Mailer = $phpwcms['SMTP_MAILER']; $mail->Host = $phpwcms['SMTP_HOST']; $mail->Port = $phpwcms['SMTP_PORT']; if($phpwcms['SMTP_AUTH']) { $mail->SMTPAuth = 1; $mail->Username = $phpwcms['SMTP_USER']; $mail->Password = $phpwcms['SMTP_PASS']; } $mail->CharSet = $phpwcms["charset"]; if(isset($cnt_form['function_to']) && function_exists($cnt_form['function_to'])) { @$cnt_form['function_to']($POST_savedb, $cnt_form, $mail); } $mail->IsHTML($cnt_form['template_format']); $mail->Subject = $cnt_form["subject"]; $mail->Body = $cnt_form['template']; if(!$mail->SetLanguage($phpwcms['default_lang'], '')) { $mail->SetLanguage('en'); } if(empty($cnt_form["fromEmail"])) { $cnt_form["fromEmail"] = $phpwcms['SMTP_FROM_EMAIL']; } $mail->From = $cnt_form['sender']; $mail->FromName = $cnt_form['sendername']; $mail->Sender = $cnt_form['sender']; if(!empty($cnt_form["target"]) && is_array($cnt_form["target"]) && count($cnt_form["target"])) { foreach($cnt_form["target"] as $e_value) { $mail->AddAddress(trim($e_value)); } } else { // use default email address $mail->AddAddress($phpwcms['SMTP_FROM_EMAIL']); } if(count($POST_attach)) { foreach($POST_attach as $attach_file) { $mail->AddAttachment($attach_file); } } if(!$mail->Send()) { $CNT_TMP .= '

'.html_specialchars($mail->ErrorInfo).'

'; } else { // check if user should be registered for newsletter if(isset($form_newletter_setting['selection']) && count($form_newletter_setting['selection'])) { // first check if neccessary form field is valid email if(isset($POST_val[ $form_newletter_setting['email_field'] ]) && is_valid_email($POST_val[ $form_newletter_setting['email_field'] ])) { // ok now I know we can store email as newsletter recipient $form_newletter_setting['email_field'] = $POST_val[ $form_newletter_setting['email_field'] ]; // now try to find fields to build recipient's name, if empty name is same as email if(!empty($form_newletter_setting['name_field'])) { // split by "+" $form_newletter_setting['name_field_tmp'] = explode('+', $form_newletter_setting['name_field']); $form_newletter_setting['name_field'] = ''; foreach($form_newletter_setting['name_field_tmp'] as $form_value_nl) { // empty - continue if(empty($form_value_nl)) continue; // now check if field name exists and build corresponding name value if(empty($POST_val[ trim($form_value_nl) ])) { $form_newletter_setting['name_field'] .= $form_value_nl; } else { $form_value_nl = trim($form_value_nl); $form_newletter_setting['name_field'] .= $POST_val[ $form_value_nl ]; } } $form_newletter_setting['name_field'] = trim($form_newletter_setting['name_field']); } if(empty($form_newletter_setting['name_field'])) { $form_newletter_setting['name_field'] = $form_newletter_setting['email_field']; } $form_newletter_setting['hash'] = preg_replace('/[^a-z0-9]/i', '', shortHash( $form_newletter_setting['email_field'].time() ) ); // create SQL query to populate recipient into recipients db $form_newletter_setting['sql'] = 'INSERT INTO '.DB_PREPEND.'phpwcms_address '; $form_newletter_setting['sql'] .= '(address_key, address_email, address_name, address_verified, '; $form_newletter_setting['sql'] .= 'address_subscription, address_url1, address_url2) VALUES ('; $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['hash'])."', "; $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['email_field'])."', "; $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['name_field'])."', "; $form_newletter_setting['sql'] .= (empty($form_newletter_setting['double_optin']) ? 1 : 0) .", "; $form_newletter_setting['sql'] .= "'".aporeplace(serialize($form_newletter_setting['selection']))."', "; $form_newletter_setting['sql'] .= "'".aporeplace(empty($form_newletter_setting['url_subscribe']) ? '' : $form_newletter_setting['url_subscribe'])."', "; $form_newletter_setting['sql'] .= "'".aporeplace(empty($form_newletter_setting['url_unsubscribe']) ? '' : $form_newletter_setting['url_unsubscribe'])."'"; $form_newletter_setting['sql'] .= ')'; // save recipient in db and send verify message in case of double opt-in $form_newletter_setting['query_result'] = @_dbQuery($form_newletter_setting['sql'], 'INSERT'); // now send opt-in email if(!empty($form_newletter_setting['double_optin'])) { if(empty($cnt_form['verifyemail'])) { $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE.'inc_cntpart/newsletter/email/default.opt-in.txt'); if(empty($cnt_form['verifyemail'])) { $cnt_form['verifyemail'] = 'Hi {NEWSLETTER_NAME},'.LF.LF.'Someone (presumably you) on {SITE}'.LF.'subscribed to these newsletters:'.LF; $cnt_form['verifyemail'] .= '{SUBSCRIPTIONS}'.LF.LF.'The following email was requested for subscription'.LF.'{NEWSLETTER_EMAIL}'.LF.LF; $cnt_form['verifyemail'] .= 'If you requested this subscription, visit the following URL'.LF.'{NEWSLETTER_VERIFY}'.LF.'to verify and activate it.'.LF.LF; $cnt_form['verifyemail'] .= 'Ignore the message or visit the following URL'.LF.'{NEWSLETTER_DELETE}'.LF.'and nothing will happen.'.LF.LF.LF; $cnt_form['verifyemail'] .= 'With best regards'.LF.'Webmaster'.LF.LF.'--'.LF.'{DATE:m/d/Y H:i:s}, IP: {IP}'.LF; } } $form_newletter_setting['hash'] = rawurlencode($form_newletter_setting['hash']); $form_newletter_setting['selection_text'] = array(); foreach($form_newletter_setting['selection'] as $form_value_nl) { $form_newletter_setting['subscr_text'][] = '[X] '.$form_newletter_setting['subscriptions'][$form_value_nl]; } if($form_newletter_setting['email_field'] == $form_newletter_setting['name_field']) $form_newletter_setting['name_field'] = ''; $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_NAME}', $form_newletter_setting['name_field'], $cnt_form['verifyemail']); $cnt_form['verifyemail'] = str_replace('{SUBSCRIPTIONS}', implode(LF, $form_newletter_setting['subscr_text']), $cnt_form['verifyemail']); $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_EMAIL}', $form_newletter_setting['email_field'], $cnt_form['verifyemail']); $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_VERIFY}', PHPWCMS_URL.'verify.php?s='.$form_newletter_setting['hash'], $cnt_form['verifyemail']); $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_DELETE}', PHPWCMS_URL.'verify.php?u='.$form_newletter_setting['hash'], $cnt_form['verifyemail']); $cnt_form['verifyemail'] = replaceGlobalRT($cnt_form['verifyemail']); if(empty($form_newletter_setting['sender_email'])) $form_newletter_setting['sender_email'] = $cnt_form['sender']; if(empty($form_newletter_setting['sender_name'])) $form_newletter_setting['sender_name'] = $cnt_form['sendername']; // now send verification email @sendEmail(array( 'recipient' => $form_newletter_setting['email_field'], 'toName' => $form_newletter_setting['name_field'], 'subject' => $form_newletter_setting['subject'], 'text' => $cnt_form['verifyemail'], 'from' => $form_newletter_setting['sender_email'], 'fromName' => $form_newletter_setting['sender_name'], 'sender' => $form_newletter_setting['sender_email'] )); } } } if($cnt_form["onsuccess_redirect"] === 1) { // redirect on success headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onsuccess"])); } elseif($cnt_form["onsuccess"]) { // success $CNT_TMP .= '' : '>'; if($cnt_form["onsuccess_redirect"] === 0) { $CNT_TMP .= '

'.nl2br(html_specialchars($cnt_form["onsuccess"])).'

'; } else { $CNT_TMP .= $cnt_form["onsuccess"]; } $CNT_TMP .= '