| [ Index ] |
PHP Cross Reference of phpwcms V1.5.0 _r431 (28.01.12) |
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************************* 3 Copyright notice 4 5 (c) 2002-2012 Oliver Georgi <oliver@phpwcms.de> // All rights reserved. 6 7 This script is part of PHPWCMS. The PHPWCMS web content management system is 8 free software; you can redistribute it and/or modify it under the terms of 9 the GNU General Public License as published by the Free Software Foundation; 10 either version 2 of the License, or (at your option) any later version. 11 12 The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html 13 A copy is found in the textfile GPL.txt and important notices to the license 14 from the author is found in LICENSE.txt distributed with these scripts. 15 16 This script is distributed in the hope that it will be useful, but WITHOUT ANY 17 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 18 PARTICULAR PURPOSE. See the GNU General Public License for more details. 19 20 This copyright notice MUST APPEAR in all copies of the script! 21 *************************************************************************************/ 22 23 // ---------------------------------------------------------------- 24 // obligate check for phpwcms constants 25 if (!defined('PHPWCMS_ROOT')) { 26 die("You Cannot Access This Script Directly, Have a Nice Day."); 27 } 28 // ---------------------------------------------------------------- 29 30 include_once (PHPWCMS_ROOT.'/include/inc_front/content/cnt_functions/cnt23.func.inc.php'); 31 32 // Form 33 $cnt_form = unserialize($crow["acontent_form"]); 34 35 if(empty($cnt_form['anchor_off'])) { 36 $CNT_TMP .= '<a name="jumpForm'.$crow["acontent_id"].'" id="jumpForm'.$crow["acontent_id"].'"></a>'; 37 } 38 $CNT_TMP .= headline($crow["acontent_title"], $crow["acontent_subtitle"], $template_default["article"]); 39 40 // save default form tracking status 41 $default_formtracking_value = $phpwcms['form_tracking']; 42 // check form related form tracking status 43 if(isset($cnt_form['formtracking_off']) && $cnt_form['formtracking_off'] == 1) { 44 $phpwcms['form_tracking'] = 0; 45 } 46 47 $form_error_text = ''; 48 49 $form_cnt = $cnt_form['labelpos']== 2 ? render_device( $cnt_form['customform'] ) : ''; 50 51 // set sender email address 52 if(empty($cnt_form['sendertype']) || $cnt_form['sendertype'] == 'system') { 53 $cnt_form['sender'] = $phpwcms['SMTP_FROM_EMAIL']; 54 } elseif($cnt_form['sendertype'] == 'email' && !is_valid_email($cnt_form['sender'])) { 55 $cnt_form['sender'] = $phpwcms['SMTP_FROM_EMAIL']; 56 } 57 58 // basic sender name check 59 if(empty($cnt_form['sendernametype'])) { 60 61 $cnt_form['sendername'] = ''; 62 $cnt_form['sendernametype'] = ''; 63 64 } elseif($cnt_form['sendernametype'] == 'system') { 65 66 $cnt_form['sendername'] = $phpwcms['SMTP_FROM_NAME']; 67 68 } 69 70 if(empty($cnt_form['sendername'])) { 71 $cnt_form['sendername'] = ''; 72 } 73 if(empty($cnt_form["error_class"])) { 74 $cnt_form["error_class"] = 'error'; 75 } 76 77 // set enctype mode false (no upload) 78 $cnt_form['is_enctype'] = false; 79 80 /* 81 * Browse form fields 82 */ 83 if(isset($cnt_form["fields"]) && is_array($cnt_form["fields"]) && count($cnt_form["fields"])) { 84 85 $form_counter = 0; 86 $cnt_form['label_wrap'] = explode('|', $cnt_form['label_wrap']); 87 $cnt_form['label_wrap'][0] = !empty($cnt_form['label_wrap'][0]) ? trim($cnt_form['label_wrap'][0]) : ''; 88 $cnt_form['label_wrap'][1] = !empty($cnt_form['label_wrap'][1]) ? trim($cnt_form['label_wrap'][1]) : ''; 89 $form_field_hidden = ''; 90 91 $cnt_form['regx_pattern'] = array( 92 'A-Z' => '/^[A-Z]+$/', 93 'a-Z' => '/^[a-zA-Z]+$/', 94 'a-z' => '/^[a-z]+$/', 95 '0-9' => '/^[0-9]+$/', 96 'PHONE' => '/^[+]?([0-9]*[\.\s\-\(\)\/]|[0-9]+){3,24}$/', 97 'INT' => '/^[0-9\-\+]+$/', 98 'WORD' => '/^[\w]+$/', 99 'LETTER+SPACE' => '/^[a-z _\-\:]+$/i' 100 ); 101 102 if(!empty($_POST['cpID'.$crow["acontent_id"]]) && intval($_POST['cpID'.$crow["acontent_id"]]) == $crow["acontent_id"]) { 103 $POST_DO = true; 104 $POST_val = array(); 105 $cache_nosave = true; 106 } else { 107 $POST_DO = false; 108 } 109 110 // make spam check 111 if($POST_DO && !checkFormTrackingValue()) { 112 $POST_ERR['spamFormAlert'.time()] = '[span_class:spamFormAlert]Your IP '.getRemoteIP().' is not allowed to send form![/class]'; 113 } 114 115 foreach($cnt_form["fields"] as $key => $value) { 116 117 $form_field = ''; 118 $form_name = html_specialchars($cnt_form["fields"][$key]['name']); 119 $POST_name = $cnt_form["fields"][$key]['name']; 120 121 switch($cnt_form["fields"][$key]['type']) { 122 123 case 'text' : /* 124 * Text 125 */ 126 if($POST_DO && isset($_POST[$POST_name])) { 127 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 128 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 129 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 130 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 131 } else { 132 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 133 } 134 } 135 // 136 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" '; 137 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 138 if($cnt_form["fields"][$key]['size']) { 139 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 140 } 141 if($cnt_form["fields"][$key]['max']) { 142 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 143 } 144 if($cnt_form["fields"][$key]['class']) { 145 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 146 } 147 if($cnt_form["fields"][$key]['style']) { 148 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 149 } 150 $form_field .= ' />'; 151 break; 152 153 case 'captcha': /* 154 * Captcha 155 */ 156 if($POST_DO && isset($_POST[$POST_name])) { 157 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 158 include_once (PHPWCMS_ROOT.'/include/inc_ext/SOLMETRA_FormValidator/SPAF_FormValidator.class.php'); 159 $spaf_obj = new SPAF_FormValidator(); 160 if($spaf_obj->validRequest($POST_val[$POST_name])) { 161 $spaf_obj->destroy(); 162 } else { 163 $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? 'Captcha error' : $cnt_form["fields"][$key]['error']; 164 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 165 } 166 $cnt_form["fields"][$key]['value'] = ''; 167 } 168 // 169 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" value=""'; 170 if($cnt_form["fields"][$key]['size']) { 171 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 172 } 173 if($cnt_form["fields"][$key]['max']) { 174 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 175 } 176 if($cnt_form["fields"][$key]['class']) { 177 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 178 } 179 if($cnt_form["fields"][$key]['style']) { 180 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 181 } 182 $form_field .= ' />'; 183 break; 184 185 case 'recaptcha': /* 186 * reCAPTCHA 187 */ 188 include_once (PHPWCMS_ROOT.'/include/inc_ext/recaptcha/recaptchalib.php'); 189 190 $cnt_form['recaptcha'] = array( 191 'public_key' => empty($cnt_form["fields"][$key]['value']['public_key']) ? get_user_rc('pu') : $cnt_form["fields"][$key]['value']['public_key'], 192 'private_key' => empty($cnt_form["fields"][$key]['value']['private_key']) ? get_user_rc('pr') : $cnt_form["fields"][$key]['value']['private_key'], 193 'lang' => empty($cnt_form["fields"][$key]['value']['lang']) ? $phpwcms['default_lang'] : $cnt_form["fields"][$key]['value']['lang'], 194 'theme' => empty($cnt_form["fields"][$key]['value']['theme']) ? 'clear' : $cnt_form["fields"][$key]['value']['theme'], 195 'tabindex' => empty($cnt_form["fields"][$key]['value']['tabindex']) ? 0 : $cnt_form["fields"][$key]['value']['tabindex'], 196 'error' => NULL 197 ); 198 199 if($POST_DO && isset($_POST['recaptcha_response_field']) && isset($_POST['recaptcha_challenge_field'])) { 200 201 $cnt_form['recaptcha']['response'] = recaptcha_check_answer($cnt_form['recaptcha']['private_key'], $_SERVER["REMOTE_ADDR"], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); 202 203 if(!$cnt_form['recaptcha']['response']->is_valid) { 204 205 $cnt_form['recaptcha']['error'] = $cnt_form['recaptcha']['response']->error; 206 $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? $cnt_form['recaptcha']['error'] : $cnt_form["fields"][$key]['error']; 207 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 208 209 } 210 } 211 // 212 $form_field = '<div'; 213 if($cnt_form["fields"][$key]['class']) { 214 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 215 } 216 if($cnt_form["fields"][$key]['style']) { 217 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 218 } 219 $form_field .= '><script type="text/javascript">' . LF; 220 $form_field .= ' var RecaptchaOptions = {lang:"'.$cnt_form['recaptcha']['lang'].'",'; 221 $form_field .= 'theme:"'.$cnt_form['recaptcha']['theme'].'",tabindex:'.$cnt_form['recaptcha']['tabindex'] . '};' . LF; 222 $form_field .= '</script>'; 223 $form_field .= recaptcha_get_html($cnt_form['recaptcha']['public_key'], $cnt_form['recaptcha']['error']); 224 $form_field .= '</div>'; 225 226 break; 227 228 case 'special' : /* 229 * Special 230 */ 231 $cnt_form['special_attribute'] = array( 232 'default' => '', 233 'type' => 'MIX', 234 'dateformat' => 'm/d/Y', 235 'pattern' => '/.*?/' 236 ); 237 // 238 if($cnt_form["fields"][$key]['value']) { 239 $cnt_form['special_value'] = str_replace( array('"', "'", "\r'"), '', $cnt_form["fields"][$key]['value'] ); 240 $cnt_form['special_value'] = explode("\n", $cnt_form['special_value']); 241 $cnt_form["fields"][$key]['value'] = ''; 242 243 if(is_array($cnt_form['special_value']) && count($cnt_form['special_value'])) { 244 foreach($cnt_form['special_value'] as $cnt_form['special_key'] => $cnt_form['special_val']) { 245 $temp_array = explode('=', $cnt_form['special_val']); 246 switch($temp_array[0]) { 247 case 'default': $cnt_form['special_attribute']['default'] = isset($temp_array[1]) ? $temp_array[1] : ''; 248 break; 249 case 'type': $cnt_form['special_attribute']['type'] = isset($temp_array[1]) ? $temp_array[1] : 'MIX'; 250 break; 251 case 'dateformat': $cnt_form['special_attribute']['dateformat'] = isset($temp_array[1]) ? $temp_array[1] : 'm/d/Y'; 252 break; 253 case 'pattern': $cnt_form['special_attribute']['pattern'] = isset($temp_array[1]) ? $temp_array[1] : '/.*?/'; 254 break; 255 } 256 } 257 } 258 } 259 260 $cnt_form["fields"][$key]['value'] = isset($cnt_form['special_attribute']['default']) ? $cnt_form['special_attribute']['default'] : ''; 261 262 if($POST_DO && isset($_POST[$POST_name])) { 263 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 264 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 265 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 266 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 267 } else { 268 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 269 // try to check for special value 270 if(isset($cnt_form['special_attribute']['type'])) { 271 switch($cnt_form['special_attribute']['type']) { 272 273 case 'A-Z': 274 case 'a-Z': 275 case 'a-z': 276 case '0-9': 277 case 'WORD': 278 case 'LETTER+SPACE': 279 case 'PHONE': 280 case 'INT': if($cnt_form["fields"][$key]['value'] !== '' && !preg_match($cnt_form['regx_pattern'][ $cnt_form['special_attribute']['type'] ], $cnt_form["fields"][$key]['value'])) { 281 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 282 } 283 break; 284 285 case 'REGEX': if($cnt_form["fields"][$key]['value'] !== '' && !preg_match($cnt_form['special_attribute']['pattern'], $cnt_form["fields"][$key]['value'])) { 286 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 287 } 288 break; 289 290 case 'DEC': 291 case 'FLOAT': if($cnt_form["fields"][$key]['value'] !== '' && !is_float_ex($cnt_form["fields"][$key]['value'])) { 292 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 293 } 294 break; 295 296 case 'IDENT': if(isset($cnt_form['special_attribute']['default']) && 297 decode_entities($cnt_form['special_attribute']['default']) != decode_entities($cnt_form["fields"][$key]['value'])) { 298 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 299 } 300 break; 301 302 case 'DATE': if($cnt_form["fields"][$key]['value'] !== '' && isset($cnt_form['special_attribute']['dateformat']) && 303 !is_date($cnt_form["fields"][$key]['value'], $cnt_form['special_attribute']['dateformat'])) { 304 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 305 } 306 break; 307 } 308 } 309 } 310 } else { 311 312 if(isset($cnt_form['special_attribute']['default']) && isset($cnt_form['special_attribute']['type']) && 313 $cnt_form['special_attribute']['type'] == 'DATE' && $cnt_form['special_attribute']['default'] == 'NOW') { 314 echo 'ja'; 315 if(isset($cnt_form['special_attribute']['dateformat'])) { 316 $cnt_form["fields"][$key]['value'] = date($cnt_form['special_attribute']['dateformat']); 317 } else { 318 $cnt_form["fields"][$key]['value'] = date('m/d/Y'); 319 } 320 } 321 } 322 // 323 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" '; 324 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 325 if($cnt_form["fields"][$key]['size']) { 326 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 327 } 328 if($cnt_form["fields"][$key]['max']) { 329 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 330 } 331 if($cnt_form["fields"][$key]['class']) { 332 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 333 } 334 if($cnt_form["fields"][$key]['style']) { 335 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 336 } 337 $form_field .= ' />'; 338 break; 339 340 case 'email' : /* 341 * Email 342 */ 343 if($POST_DO && isset($_POST[$POST_name])) { 344 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 345 if(($cnt_form["fields"][$key]['required'] && !$POST_val[$POST_name]) || ($POST_val[$POST_name] && !is_valid_email($POST_val[$POST_name]))) { 346 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 347 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 348 } 349 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 350 } 351 // check if message should be delivered to email address of this field 352 if($POST_DO && ($cnt_form['targettype'] == 'emailfield_'.$POST_name) && empty($POST_ERR[$key]) && is_valid_email($cnt_form["fields"][$key]['value'])) { 353 if(empty($cnt_form['target'])) { 354 $cnt_form['target'] = $cnt_form["fields"][$key]['value']; 355 } else { 356 $cnt_form['target'] = $cnt_form["fields"][$key]['value'].';'.$cnt_form['target']; 357 } 358 } 359 // 360 // check if message should be sent by email address of this field 361 if($POST_DO && ($cnt_form['sendertype'] == 'emailfield_'.$POST_name) && empty($POST_ERR[$key]) && is_valid_email($cnt_form["fields"][$key]['value'])) { 362 $cnt_form['sender'] = $cnt_form["fields"][$key]['value']; 363 } 364 // 365 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" '; 366 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 367 if($cnt_form["fields"][$key]['size']) { 368 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 369 } 370 if($cnt_form["fields"][$key]['max']) { 371 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 372 } 373 if($cnt_form["fields"][$key]['class']) { 374 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 375 } 376 if($cnt_form["fields"][$key]['style']) { 377 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 378 } 379 $form_field .= ' />'; 380 break; 381 382 case 'textarea' : /* 383 * Textarea 384 */ 385 if($POST_DO && isset($_POST[$POST_name])) { 386 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 387 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 388 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 389 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 390 } else { 391 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 392 } 393 } 394 // 395 $form_field .= '<textarea name="'.$form_name.'" id="'.$form_name.'"'; 396 if($cnt_form["fields"][$key]['size']) { 397 $form_field .= ' cols="'.$cnt_form["fields"][$key]['size'].'"'; 398 } else { 399 $form_field .= ' cols="20"'; 400 } 401 if($cnt_form["fields"][$key]['max']) { 402 $form_field .= ' rows="'.$cnt_form["fields"][$key]['max'].'"'; 403 } 404 if($cnt_form["fields"][$key]['class']) { 405 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 406 } 407 if($cnt_form["fields"][$key]['style']) { 408 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 409 } 410 $form_field .= '>'.html_specialchars($cnt_form["fields"][$key]['value']).'</textarea>'; 411 break; 412 413 case 'hidden' : /* 414 * Hidden 415 */ 416 if($POST_DO && isset($_POST[$POST_name])) { 417 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 418 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 419 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 420 } else { 421 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 422 } 423 } 424 // 425 $form_field_hidden .= '<input type="hidden" name="'.$form_name.'" id="'.$form_name.'" '; 426 $form_field_hidden .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'" />'; 427 break; 428 429 case 'password' : /* 430 * Password 431 */ 432 if($POST_DO && isset($_POST[$POST_name])) { 433 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 434 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 435 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 436 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 437 } else { 438 $cnt_form["fields"][$key]['value'] = $POST_val[$POST_name]; 439 } 440 } 441 // 442 $form_field .= '<input type="password" name="'.$form_name.'" id="'.$form_name.'" '; 443 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 444 if($cnt_form["fields"][$key]['size']) { 445 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 446 } 447 if($cnt_form["fields"][$key]['max']) { 448 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 449 } 450 if($cnt_form["fields"][$key]['class']) { 451 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 452 } 453 if($cnt_form["fields"][$key]['style']) { 454 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 455 } 456 $form_field .= ' autocomplete="off" />'; 457 break; 458 459 case 'country': 460 case 'selectemail': 461 case 'select' : /* 462 * Select menu 463 */ 464 if($POST_DO && isset($_POST[$POST_name])) { 465 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 466 if($POST_val[$POST_name] != '' && $cnt_form["fields"][$key]['type'] == 'selectemail') { // decrypt 467 $POST_val[$POST_name] = decrypt(base64_decode($POST_val[$POST_name])); 468 } 469 if($cnt_form["fields"][$key]['required'] && $POST_val[$POST_name] == '') { 470 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 471 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 472 } else { 473 $cnt_form["fields"][$key]['value'] = str_replace(' selected', '', $cnt_form["fields"][$key]['value']); 474 } 475 } 476 // 477 if($cnt_form["fields"][$key]['type'] == 'selectemail' && $POST_DO && empty($POST_ERR[$key]) ) { 478 479 // check if message should be delivered to email address of this field 480 if( ($cnt_form['targettype'] == 'emailfield_'.$POST_name) && is_valid_email($POST_val[$POST_name])) { 481 if(empty($cnt_form['target'])) { 482 $cnt_form['target'] = $POST_val[$POST_name]; 483 } else { 484 $cnt_form['target'] = $POST_val[$POST_name].';'.$cnt_form['target']; 485 } 486 } 487 // 488 // check if message should be sent by email address of this field 489 if( ($cnt_form['sendertype'] == 'emailfield_'.$POST_name) && is_valid_email($POST_val[$POST_name])) { 490 $cnt_form['sender'] = $POST_val[$POST_name]; 491 } 492 } 493 // 494 495 $form_field .= '<select name="'.$form_name.'" id="'.$form_name.'"'; 496 if($cnt_form["fields"][$key]['class']) { 497 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 498 } 499 if($cnt_form["fields"][$key]['style']) { 500 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 501 } 502 $form_field .= '>' . LF; 503 504 // build country select menu 505 if($cnt_form["fields"][$key]['type'] == 'country') { 506 507 // check which language should be used and 508 // which country should be set as default 509 $form_value = parse_ini_str($cnt_form["fields"][$key]['value'], false); 510 if(isset($form_value['lang'])) { 511 $form_value['lang'] = preg_replace('/[^a-zA-Z]/', '', $form_value['lang']); 512 } else { 513 $form_value['lang'] = $phpwcms['default_lang']; 514 } 515 if(isset($form_value['default'])) { 516 $form_value['default'] = preg_replace('/[^a-zA-Z]/', '', $form_value['default']); 517 } else { 518 $form_value['default'] = '-'; 519 } 520 521 $option_value = substr( empty($POST_val[$POST_name]) ? $form_value['default'] : $POST_val[$POST_name] , 0, 2); 522 if(!empty($form_value['first'])) { 523 $form_field .= '<option value="">' . html_specialchars($form_value['first']) . '</option>' . LF; 524 } 525 $form_field .= list_country($option_value, $form_value['lang']); 526 527 528 // build value/option select menu 529 } else { 530 531 532 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 533 $form_value = array_map('trim', $form_value); 534 $form_value = array_diff($form_value, array('')); 535 if(count($form_value)) { 536 $form_optgroup = false; 537 foreach($form_value as $option_value) { 538 539 // search for OPTGROUP 540 if( strpos(strtoupper($option_value), 'OPTGROUP') === 0 ) { 541 $option_value = explode(' ', $option_value, 2); 542 if(isset($option_value[1]) ) { 543 $option_value = trim($option_value[1]); 544 $form_field .= '<optgroup label="'; 545 $form_field .= $option_value == '' ? 'Please select:' : html_specialchars($option_value); 546 $form_field .= '">'.LF; 547 $form_optgroup = true; 548 } 549 continue; 550 } elseif(strpos(strtoupper($option_value), '/OPTGROUP') === 0) { 551 if($form_optgroup == true) { 552 $form_field .= '</optgroup>'.LF; 553 $form_optgroup = false; 554 } 555 continue; 556 } 557 558 // check if select item has specila value and name 559 $option_value = explode('-|-', $option_value, 2); 560 $option_label = $option_value[0]; 561 $option_value = isset($option_value[1]) ? $option_value[1] : $option_label; 562 563 if(substr($option_label, -2) === ' -') { 564 $option_label = trim( substr($option_label, 0, strlen($option_label) -2) ); 565 } 566 $option_label = str_replace(' selected', '', $option_label); 567 568 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == $option_value) { 569 $option_value .= ' selected'; 570 } 571 572 $option_value = html_specialchars($option_value); 573 if(substr($option_value, -2) === ' -') { 574 $form_field .= '<option value=""'; 575 $option_value = trim( substr($option_value, 0, strlen($option_value) -2) ); 576 } elseif(strtolower(substr($option_value, -9)) != ' selected') { 577 $form_field .= '<option value="'.($cnt_form["fields"][$key]['type'] == 'selectemail' ? base64_encode(encrypt($option_value)) : $option_value).'"'; 578 } else { 579 $option_value = str_replace(' selected', '', $option_value); 580 $form_field .= '<option value="'.($cnt_form["fields"][$key]['type'] == 'selectemail' ? base64_encode(encrypt($option_value)) : $option_value).'" selected="selected"'; 581 } 582 $form_field .= '>'.html_specialchars($option_label)."</option>\n"; 583 } 584 if($form_optgroup == true) { 585 $form_field .= '</optgroup>'.LF; 586 } 587 } 588 589 } 590 $form_field .= '</select>'; 591 break; 592 593 case 'list' : /* 594 * Liste 595 */ 596 if($POST_DO && isset($_POST[$POST_name])) { 597 if(is_array($_POST[$POST_name])) { 598 $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); 599 $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); 600 if(!count($POST_val[$POST_name])) { 601 $POST_val[$POST_name] = false; 602 } 603 } else { 604 $POST_val[$POST_name] = remove_unsecure_rptags(clean_slweg($_POST[$POST_name])); 605 } 606 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 607 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 608 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 609 } else { 610 $cnt_form["fields"][$key]['value'] = str_replace(' selected', '', $cnt_form["fields"][$key]['value']); 611 } 612 } 613 // 614 $form_field .= '<select id="'.$form_name.'"'; 615 if($cnt_form["fields"][$key]['size']) { 616 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 617 } 618 if($cnt_form["fields"][$key]['max']) { 619 $form_field .= ' multiple'; 620 $form_field .= ' name="'.$form_name.'[]"'; 621 } else { 622 $form_field .= ' name="'.$form_name.'"'; 623 } 624 if($cnt_form["fields"][$key]['class']) { 625 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 626 } 627 if($cnt_form["fields"][$key]['style']) { 628 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 629 } 630 $form_field .= '>'.LF; 631 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 632 $form_value = array_map('trim', $form_value); 633 $form_value = array_diff($form_value, array('')); 634 if(count($form_value)) { 635 foreach($form_value as $option_value) { 636 637 // search for OPTGROUP 638 if( strpos(strtoupper($option_value), 'OPTGROUP') === 0 ) { 639 $option_value = explode(' ', $option_value, 2); 640 if(isset($option_value[1]) ) { 641 $option_value = trim($option_value[1]); 642 $form_field .= '<optgroup label="'; 643 $form_field .= $option_value == '' ? 'Please select:' : html_specialchars($option_value); 644 $form_field .= '">'.LF; 645 $form_optgroup = true; 646 } 647 continue; 648 } elseif(strpos(strtoupper($option_value), '/OPTGROUP') === 0) { 649 if($form_optgroup == true) { 650 $form_field .= '</optgroup>'.LF; 651 $form_optgroup = false; 652 } 653 continue; 654 } 655 656 657 // try to set given POST var as selected 658 if(isset($POST_val[$POST_name])) { 659 if(is_array($POST_val[$POST_name])) { 660 foreach($POST_val[$POST_name] as $postvar_value) { 661 if($postvar_value == $option_value) { 662 $option_value .= ' selected'; 663 } 664 } 665 } elseif ($POST_val[$POST_name] == $option_value) { 666 $option_value .= ' selected'; 667 } 668 } 669 670 $option_value = html_specialchars($option_value); 671 if(substr($option_value, -2) === ' -') { 672 $form_field .= '<option value=""'; 673 $option_value = trim( substr($option_value, 0, strlen($option_value) -2) ); 674 } elseif(substr($option_value, -9) != ' selected') { 675 $form_field .= '<option value="'.$option_value.'"'; 676 } else { 677 $option_value = str_replace(' selected', '', $option_value); 678 $form_field .= '<option value="'.$option_value.'" selected="selected"'; 679 } 680 $form_field .= '>'.$option_value."</option>\n"; 681 } 682 if($form_optgroup == true) { 683 $form_field .= '</optgroup>'.LF; 684 } 685 } 686 $form_field .= '</select>'; 687 break; 688 689 case 'checkbox' : /* 690 * Checkbox 691 */ 692 if($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { 693 if(isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) { 694 $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); 695 $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); 696 if(!count($POST_val[$POST_name])) { 697 $POST_val[$POST_name] = ''; 698 } 699 } else { 700 $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : ''; 701 } 702 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 703 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 704 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 705 } else { 706 $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); 707 } 708 } 709 // 710 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 711 $form_value = array_map('trim', $form_value); 712 $form_value = array_diff($form_value, array('')); 713 714 $form_field .= '<span class="'.trim('form-checkbox '.$cnt_form["fields"][$key]['class']).'">'; 715 $checkbox_class = '</span>'; 716 717 if($cnt_form["fields"][$key]['style']) { 718 $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; 719 } else { 720 $checkbox_style = ''; 721 } 722 if(count($form_value) == 1 || count($form_value) == 0 || !$form_value) { 723 // only 1 checkbox 724 $checkbox_value = is_array($form_value) ? implode('', $form_value) : $form_value; 725 $checkbox_value = trim($checkbox_value); 726 727 $checkbox_value = explode('-|-', $checkbox_value, 2); 728 $checkbox_label = $checkbox_value[0]; 729 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 730 731 $checkbox_label = str_replace(' checked', '', $checkbox_label); 732 733 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == ($checkbox_value ? $checkbox_value : $form_name)) { 734 $checkbox_value .= ' checked'; 735 } 736 $checkbox_value = $checkbox_value ? html_specialchars($checkbox_value) : $form_name; 737 $form_field .= '<label for="'.$form_name.'"' . $checkbox_style . '>'; 738 $form_field .= '<input type="checkbox" name="'.$form_name.'" id="'.$form_name.'" '; 739 if(substr($checkbox_value, -8) != ' checked') { 740 $form_field .= 'value="' . $checkbox_value . '" />'; 741 } else { 742 $checkbox_value = str_replace(' checked', '', $checkbox_value); 743 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 744 } 745 $form_field .= $checkbox_label .'</label>'; 746 747 } else { 748 // list of checkboxes 749 $checkbox_counter = 0; 750 $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '<br />' : ' '; 751 foreach($form_value as $checkbox_value) { 752 753 $checkbox_value = explode('-|-', $checkbox_value, 2); 754 $checkbox_label = $checkbox_value[0]; 755 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 756 757 $checkbox_label = str_replace(' checked', '', $checkbox_label); 758 759 if(isset($POST_val[$POST_name]) && is_array($POST_val[$POST_name])) { 760 foreach($POST_val[$POST_name] as $postvar_value) { 761 if($postvar_value == $checkbox_value) { 762 $checkbox_value .= ' checked'; 763 } 764 } 765 } 766 767 $checkbox_value = html_specialchars(trim($checkbox_value)); 768 if($checkbox_counter) { 769 $form_field .= $checkbox_spacer; 770 } 771 $form_field .= '<label for="'.$form_name.$checkbox_counter.'"' . $checkbox_style . '>'; 772 $form_field .= '<input type="checkbox" name="'.$form_name.'[]" id="'.$form_name.$checkbox_counter.'" '; 773 if(substr($checkbox_value, -8) != ' checked') { 774 $form_field .= 'value="' . $checkbox_value . '" />'; 775 } else { 776 $checkbox_value = str_replace(' checked', '', $checkbox_value); 777 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 778 } 779 $form_field .= $checkbox_label .'</label>'; 780 $checkbox_counter++; 781 } 782 } 783 $form_field .= $checkbox_class; 784 break; 785 786 case 'radio' : /* 787 * Radiobutton 788 */ 789 if($POST_DO && ( $cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { 790 $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false; 791 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 792 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 793 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 794 } else { 795 $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); 796 } 797 } 798 // 799 $form_value = explode("\n", $cnt_form["fields"][$key]['value']); 800 $form_value = array_map('trim', $form_value); 801 $form_value = array_diff($form_value, array('')); 802 if($cnt_form["fields"][$key]['class']) { 803 $form_field .= '<div class="'.$cnt_form["fields"][$key]['class'].'">'; 804 $checkbox_class = '</div>'; 805 } else { 806 $checkbox_class = ''; 807 } 808 if($cnt_form["fields"][$key]['style']) { 809 $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; 810 } else { 811 $checkbox_style = ''; 812 } 813 if(count($form_value) == 1 || count($form_value) == 0 || !$form_value) { 814 // only 1 checkbox 815 $checkbox_value = is_array($form_value) ? implode('', $form_value) : $form_value; 816 $checkbox_value = trim($checkbox_value); 817 818 $checkbox_value = explode('-|-', $checkbox_value, 2); 819 $checkbox_label = $checkbox_value[0]; 820 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 821 822 $checkbox_label = str_replace(' checked', '', $checkbox_label); 823 824 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == ($checkbox_value ? $checkbox_value : $form_name)) { 825 $checkbox_value .= ' checked'; 826 } 827 $checkbox_value = $checkbox_value ? html_specialchars($checkbox_value) : $form_name; 828 $form_field .= '<label for="'.$form_name.'"' . $checkbox_style . '>'; 829 $form_field .= '<input type="radio" name="'.$form_name.'" id="'.$form_name.'" '; 830 if(substr($checkbox_value, -8) != ' checked') { 831 $form_field .= 'value="' . $checkbox_value . '" />'; 832 } else { 833 $checkbox_value = str_replace(' checked', '', $checkbox_value); 834 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 835 } 836 $form_field .= $checkbox_label .'</label>'; 837 838 } else { 839 // list of checkboxes 840 $checkbox_counter = 0; 841 $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '<br />' : ' '; 842 foreach($form_value as $checkbox_value) { 843 844 $checkbox_value = explode('-|-', $checkbox_value, 2); 845 $checkbox_label = $checkbox_value[0]; 846 $checkbox_value = isset($checkbox_value[1]) ? $checkbox_value[1] : $checkbox_label; 847 848 $checkbox_label = str_replace(' checked', '', $checkbox_label); 849 850 if(isset($POST_val[$POST_name]) && $POST_val[$POST_name] == $checkbox_value) { 851 $checkbox_value .= ' checked'; 852 } 853 $checkbox_value = html_specialchars(trim($checkbox_value)); 854 if($checkbox_counter) { 855 $form_field .= $checkbox_spacer; 856 } 857 $form_field .= '<label for="'.$form_name.$checkbox_counter.'"' . $checkbox_style . '>'; 858 $form_field .= '<input type="radio" name="'.$form_name.'" id="'.$form_name.$checkbox_counter.'" '; 859 if(substr($checkbox_value, -8) != ' checked') { 860 $form_field .= 'value="' . $checkbox_value . '" />'; 861 } else { 862 $checkbox_value = str_replace(' checked', '', $checkbox_value); 863 $form_field .= 'value="' . $checkbox_value . '" checked="checked" />'; 864 } 865 $form_field .= $checkbox_label .'</label>'; 866 $checkbox_counter++; 867 } 868 } 869 $form_field .= $checkbox_class; 870 break; 871 872 case 'upload' : /* 873 * Upload 874 */ 875 if($cnt_form["fields"][$key]['value']) { 876 $cnt_form['upload_value'] = str_replace('"', '', $cnt_form["fields"][$key]['value']); 877 $cnt_form['upload_value'] = str_replace("'", '',$cnt_form['upload_value']); 878 $cnt_form['upload_value'] = str_replace("\r'", '',$cnt_form['upload_value']); 879 $cnt_form['upload_value'] = explode("\n", $cnt_form['upload_value']); 880 if(is_array($cnt_form['upload_value']) && count($cnt_form['upload_value'])) { 881 foreach($cnt_form['upload_value'] as $cnt_form['upload_key'] => $cnt_form['upload_val']) { 882 $temp_array = explode('=', $cnt_form['upload_val']); 883 unset($cnt_form['upload_value'][$cnt_form['upload_key']]); 884 if(!empty($temp_array[0]) && !empty($temp_array[1])) { 885 $cnt_form['upload_value'][$temp_array[0]] = $temp_array[1]; 886 } 887 } 888 } 889 } 890 if(empty($cnt_form['upload_value']['folder'])) { 891 $cnt_form['upload_value']['folder'] = 'content/form/'; 892 } 893 if(empty($cnt_form['upload_value']['attachment'])) { 894 $cnt_form['upload_value']['attachment'] = 0; 895 } 896 if(empty($cnt_form['upload_value']['exclude'])) { 897 $cnt_form['upload_value']['exclude'] = 'php,asp,php3,php4,php5,aspx,cfm,js'; 898 } 899 // 900 if($POST_DO && isset($_FILES[$POST_name])) { 901 $POST_val[$POST_name]['folder'] = $cnt_form['upload_value']['folder']; 902 $POST_val[$POST_name]['attachment'] = $cnt_form['upload_value']['attachment']; 903 $POST_val[$POST_name]['name'] = ''; 904 $cnt_form['upload_value']['exclude'] = str_replace(' ', '', $cnt_form['upload_value']['exclude']); 905 $cnt_form['upload_value']['exclude'] = str_replace('.', '', $cnt_form['upload_value']['exclude']); 906 $cnt_form['upload_value']['exclude'] = explode(',', $cnt_form['upload_value']['exclude']); 907 $cnt_form['upload_value']['exclude'] = array_diff($cnt_form['upload_value']['exclude'], array('')); 908 $cnt_form['upload_value']['exclude'] = implode('|', $cnt_form['upload_value']['exclude']); 909 $cnt_form['upload_value']['exclude'] = strtolower($cnt_form['upload_value']['exclude']); 910 $cnt_form['upload_value']['regexp'] = '/(.'.$cnt_form['upload_value']['exclude'].')$/'; 911 if($cnt_form["fields"][$key]['required'] && empty($_FILES[$POST_name]['name'])) { 912 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 913 $POST_ERR[$key] = str_replace('{MAXLENGTH}', '', $POST_ERR[$key]); 914 $POST_ERR[$key] = str_replace('{FILESIZE}', fsize(0, ' '), $POST_ERR[$key]); 915 $POST_ERR[$key] = str_replace('{FILENAME}', '"n.a."', $POST_ERR[$key]); 916 $POST_ERR[$key] = str_replace('{FILEEXT}', '"n.a."', $POST_ERR[$key]); 917 } elseif(!empty($_FILES[$POST_name]['name'])) { 918 $cnt_form['upload_value']['filename'] = time().'_'.$_FILES[$POST_name]['name']; 919 if( (!empty($cnt_form['upload_value']['maxlength']) && $_FILES[$POST_name]['size'] > intval($cnt_form['upload_value']['maxlength'])) 920 || preg_match($cnt_form['upload_value']['regexp'], strtolower($_FILES[$POST_name]['name'])) 921 || !@move_uploaded_file($_FILES[$POST_name]['tmp_name'], 922 PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$cnt_form['upload_value']['filename']) 923 ) { 924 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 925 $POST_ERR[$key] = str_replace('{MAXLENGTH}', empty($cnt_form['upload_value']['maxlength']) ? '' : fsize($cnt_form['upload_value']['maxlength'], ' '), $POST_ERR[$key]); 926 $POST_ERR[$key] = str_replace('{FILESIZE}', fsize(empty($_FILES[$POST_name]['size']) ? 0 : $_FILES[$POST_name]['size'], ' '), $POST_ERR[$key]); 927 $POST_ERR[$key] = str_replace('{FILENAME}', empty($_FILES[$POST_name]['name']) || trim($_FILES[$POST_name]['name'])=='' ? '"n.a."' : $_FILES[$POST_name]['name'], $POST_ERR[$key]); 928 $POST_ERR[$key] = str_replace('{FILEEXT}', '.'.str_replace('|', ', .', str_replace(',', ', .', $cnt_form['upload_value']['exclude'])), $POST_ERR[$key]); 929 } else { 930 $POST_val[$POST_name]['name'] = $cnt_form['upload_value']['filename']; 931 @chmod(PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$cnt_form['upload_value']['filename'], 0644); 932 } 933 } 934 if(isset($POST_ERR[$key])) { 935 @unlink($_FILES[$POST_name]['tmp_name']); 936 @unlink(PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$cnt_form['upload_value']['filename']); 937 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 938 } 939 } 940 // 941 $form_field .= '<input type="file" name="'.$form_name.'" id="'.$form_name.'"'; 942 if(!empty($cnt_form['upload_value']['accept']) ) { 943 $form_field .= ' accept="'.$cnt_form['upload_value']['accept'].'"'; 944 } 945 if($cnt_form["fields"][$key]['size']) { 946 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 947 } 948 if($cnt_form["fields"][$key]['max']) { 949 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 950 } elseif (!empty($cnt_form['upload_value']['maxlength'])) { 951 $form_field .= ' maxlength="'.$cnt_form['upload_value']['maxlength'].'"'; 952 } 953 if($cnt_form["fields"][$key]['class']) { 954 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 955 } 956 if($cnt_form["fields"][$key]['style']) { 957 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 958 } 959 $form_field .= ' title="'; 960 if($cnt_form['upload_value']['maxlength']) { 961 $form_field .= 'max. '.fsize($cnt_form['upload_value']['maxlength'],' ',1); 962 } 963 $form_field .= '" />'; 964 unset($cnt_form['upload_value']); 965 966 // enable enctype attribute 967 $cnt_form['is_enctype'] = true; 968 break; 969 970 case 'submit' : /* 971 * Submit 972 */ 973 if(strpos(strtolower($cnt_form["fields"][$key]['value']), 'src=') === false) { 974 $form_field .= '<input type="submit" name="'.$form_name.'" id="'.$form_name.'" '; 975 if($cnt_form["fields"][$key]['value'] != '') { 976 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 977 } 978 if($cnt_form["fields"][$key]['class']) { 979 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 980 } 981 if($cnt_form["fields"][$key]['style']) { 982 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 983 } 984 $form_field .= ' />###RESET###'; 985 } else { 986 $form_field .= '<input type="image" name="'.$form_name.'" id="'.$form_name.'" '; 987 $form_field .= $cnt_form["fields"][$key]['value']; 988 if($cnt_form["fields"][$key]['class']) { 989 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 990 } 991 if($cnt_form["fields"][$key]['style']) { 992 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 993 } 994 $form_field .= ' />###RESET###'; 995 } 996 break; 997 998 999 case 'reset' : /* 1000 * Reset 1001 */ 1002 if(strpos(strtolower($cnt_form["fields"][$key]['value']), 'src=') === false) { 1003 $form_field .= '<input type="reset" name="'.$form_name.'" id="'.$form_name.'" '; 1004 if($cnt_form["fields"][$key]['value'] != '') { 1005 $form_field .= 'value="'.html_specialchars($cnt_form["fields"][$key]['value']).'"'; 1006 } 1007 if($cnt_form["fields"][$key]['class']) { 1008 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1009 } 1010 if($cnt_form["fields"][$key]['style']) { 1011 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1012 } 1013 $form_field .= ' />'; 1014 } else { 1015 $form_field .= '<img name="'.$form_name.'" id="'.$form_name.'" '; 1016 $form_field .= $cnt_form["fields"][$key]['value']; 1017 if($cnt_form["fields"][$key]['class']) { 1018 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1019 } 1020 if($cnt_form["fields"][$key]['style']) { 1021 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1022 } 1023 $form_field .= ' border="0" onclick="document.phpwcmsForm'.$crow["acontent_id"].'.reset();" />'; 1024 } 1025 break; 1026 1027 case 'break' : /* 1028 * Break 1029 */ 1030 if($cnt_form["fields"][$key]['style'] || $cnt_form["fields"][$key]['class']) { 1031 $form_field .= '<div id="'.$form_name.'"'; 1032 if($cnt_form["fields"][$key]['class']) { 1033 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1034 } 1035 if($cnt_form["fields"][$key]['style']) { 1036 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1037 } 1038 $form_field .= '>'; 1039 $form_field .= $cnt_form["fields"][$key]['value']; 1040 $form_field .= '</div>'; 1041 } else { 1042 $form_field .= $cnt_form["fields"][$key]['value']; 1043 } 1044 break; 1045 1046 case 'breaktext': /* 1047 * Breaktext 1048 */ 1049 if($cnt_form["fields"][$key]['style'] || $cnt_form["fields"][$key]['class']) { 1050 $form_field .= '<div id="'.$form_name.'"'; 1051 if($cnt_form["fields"][$key]['class']) { 1052 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1053 } 1054 if($cnt_form["fields"][$key]['style']) { 1055 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1056 } 1057 $form_field .= '>'; 1058 $form_field .= plaintext_htmlencode($cnt_form["fields"][$key]['value']); 1059 $form_field .= '</div>'; 1060 } else { 1061 $form_field .= plaintext_htmlencode($cnt_form["fields"][$key]['value']); 1062 } 1063 break; 1064 1065 case 'captchaimg': /* 1066 * Captcha Images 1067 */ 1068 if(empty($cnt_form["fields"][$key]['value']) && ($cnt_form["fields"][$key]['style'] || $cnt_form["fields"][$key]['class'])) { 1069 $form_field .= '<div id="'.$form_name.'"'; 1070 if($cnt_form["fields"][$key]['class']) { 1071 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1072 } 1073 if($cnt_form["fields"][$key]['style']) { 1074 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1075 } 1076 $form_field .= '>{CAPTCHA}</div>'; 1077 } elseif(!empty($cnt_form["fields"][$key]['value'])) { 1078 $form_field .= $cnt_form["fields"][$key]['value']; 1079 } else { 1080 $form_field .= '{CAPTCHA}'; 1081 } 1082 $form_field = str_replace('{CAPTCHA}', '<img src="img/captcha.php?regen=y&'.time().'" alt="Captcha" border="0" />', $form_field); 1083 break; 1084 1085 case 'mathspam': /* 1086 * Math Spam Protect 1087 */ 1088 if($POST_DO) { 1089 1090 $POST_val[$POST_name] = isset($_POST[$POST_name]) && trim(is_numeric($_POST[$POST_name])) ? intval($_POST[$POST_name]) : -1; 1091 1092 $mathspam_result = $POST_val[$POST_name] * 123345 * strlen($phpwcms['db_user']); 1093 $mathspam_result = md5( PHPWCMS_URL . md5($phpwcms['db_pass']) . $mathspam_result ); 1094 1095 $mathspam_default = isset($_POST[$POST_name.'_result']) ? trim($_POST[$POST_name.'_result']) : ''; 1096 1097 if($mathspam_result != $mathspam_default || ($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] === ''))) { 1098 $POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? 'Math spam protection error' : $cnt_form["fields"][$key]['error']; 1099 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 1100 } 1101 } 1102 1103 $form_field .= '<input type="text" name="'.$form_name.'" id="'.$form_name.'" value=""'; 1104 if($cnt_form["fields"][$key]['size']) { 1105 $form_field .= ' size="'.$cnt_form["fields"][$key]['size'].'"'; 1106 } 1107 if($cnt_form["fields"][$key]['max']) { 1108 $form_field .= ' maxlength="'.$cnt_form["fields"][$key]['max'].'"'; 1109 } 1110 if($cnt_form["fields"][$key]['class']) { 1111 $form_field .= ' class="'.$cnt_form["fields"][$key]['class'].'"'; 1112 } 1113 if($cnt_form["fields"][$key]['style']) { 1114 $form_field .= ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1115 } 1116 $form_field .= ' />'; 1117 1118 // calculate the result and the question 1119 $mathspam_calculations = array('+'=>'+', '-'=>'-', '*'=>'*', '/'=>':'); 1120 $mathspam_operation = array_rand($mathspam_calculations, 1); 1121 $mathspam_operator = $mathspam_calculations[ $mathspam_operation ]; 1122 $mathspam_number_1 = rand( $mathspam_operation === '/' ? 1 : 0 , 10); 1123 1124 // fix divisions to avoid fractional results 1125 if($mathspam_operation === '/') { 1126 1127 switch($mathspam_number_1) { 1128 1129 case 1: $mathspam_number_2 = 1; 1130 break; 1131 1132 case 2: $mathspam_number_2 = array_rand( array(1=>1, 2=>2), 1); 1133 break; 1134 1135 case 3: $mathspam_number_2 = array_rand( array(1=>1, 3=>3), 1); 1136 break; 1137 1138 case 4: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 4=>4), 1); 1139 break; 1140 1141 case 5: $mathspam_number_2 = array_rand( array(1=>1, 5=>5), 1); 1142 break; 1143 1144 case 6: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 3=>3, 6=>6), 1); 1145 break; 1146 1147 case 7: $mathspam_number_2 = array_rand( array(1=>1, 7=>7), 1); 1148 break; 1149 1150 case 8: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 4=>4, 8=>8), 1); 1151 break; 1152 1153 case 9: $mathspam_number_2 = array_rand( array(1=>1, 3=>3, 9=>9), 1); 1154 break; 1155 1156 case 10: $mathspam_number_2 = array_rand( array(1=>1, 2=>2, 5=>5, 10=>10), 1); 1157 break; 1158 1159 } 1160 1161 // avoid subtraction with results < 0 1162 } elseif($mathspam_operation === '-') { 1163 1164 $mathspam_number_2 = rand(0, $mathspam_number_1); 1165 1166 } else { 1167 1168 $mathspam_number_2 = rand(0, 10); 1169 1170 } 1171 1172 $mathspam_question = $cnt_form["fields"][$key]['value'][ $mathspam_operator ]; 1173 $mathspam_question .= ' <span class="calc">' . $mathspam_number_1 . ' '; 1174 $mathspam_question .= html_entities( $mathspam_operator ); 1175 //$mathspam_question .= '<i style="display:none;">(%'.mt_rand(0,10000).')</i>'; 1176 $mathspam_question .= ' ' . $mathspam_number_2 . '</span>'; 1177 1178 switch($mathspam_operation) { 1179 1180 case '+': $mathspam_result = $mathspam_number_1 + $mathspam_number_2; break; 1181 case '-': $mathspam_result = $mathspam_number_1 - $mathspam_number_2; break; 1182 case '/': $mathspam_result = $mathspam_number_1 / $mathspam_number_2; break; 1183 case '*': $mathspam_result = $mathspam_number_1 * $mathspam_number_2; break; 1184 1185 } 1186 $mathspam_result = intval($mathspam_result) * 123345 * strlen($phpwcms['db_user']); 1187 $mathspam_result = md5( PHPWCMS_URL . md5($phpwcms['db_pass']) . $mathspam_result ); 1188 1189 // hidden field, contains the hashed result 1190 $form_field .= '<input type="hidden" name="'.$form_name.'_result" value="'.$mathspam_result.'" />'; 1191 $form_field .= ' <span class="mathspam">'; 1192 $form_field .= trim( $cnt_form["fields"][$key]['value']['calc'] . ' ' . trim( $mathspam_question ) ); 1193 $form_field .= '</span>'; 1194 break; 1195 1196 case 'newsletter': /* 1197 * Newsletter 1198 */ 1199 1200 $form_newletter_setting = array(); 1201 $form_newletter_setting['double_optin'] = 0; 1202 $form_value = array(); 1203 1204 if($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]) ) ) { 1205 if(isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) { 1206 $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]); 1207 $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array('')); 1208 if(!count($POST_val[$POST_name])) { 1209 $POST_val[$POST_name] = false; 1210 } 1211 } else { 1212 $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false; 1213 } 1214 if($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) { 1215 $POST_ERR[$key] = $cnt_form["fields"][$key]['error']; 1216 $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]); 1217 } else { 1218 $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']); 1219 } 1220 1221 if(isset($POST_val[$POST_name])) { 1222 $form_newletter_setting['selection'] = $POST_val[$POST_name]; 1223 } else { 1224 $form_newletter_setting['selection'] = false; 1225 } 1226 1227 } 1228 // prepare default settings for newsletter field 1229 $form_value_default = convertStringToArray($cnt_form["fields"][$key]['value'], "\n", 'UNIQUE', false); 1230 foreach($form_value_default as $form_value_nl) { 1231 1232 $form_value_nl = explode('=', $form_value_nl, 2); 1233 $form_value_nl[0] = trim($form_value_nl[0]); 1234 $form_value_nl[1] = empty($form_value_nl[1]) ? '' : trim($form_value_nl[1]); 1235 1236 if(empty($form_value_nl[0]) || empty($form_value_nl[1])) { 1237 1238 continue; 1239 1240 } else { 1241 1242 switch($form_value_nl[0]) { 1243 1244 case 'all': $form_value[0] = $form_value_nl[1]; break; 1245 case 'email_field': $form_newletter_setting['email_field'] = $form_value_nl[1]; break; 1246 case 'name_field': $form_newletter_setting['name_field'] = $form_value_nl[1]; break; 1247 case 'sender_email': $form_newletter_setting['sender_email'] = $form_value_nl[1]; break; 1248 case 'sender_name': $form_newletter_setting['sender_name'] = $form_value_nl[1]; break; 1249 case 'url_subscribe': $form_newletter_setting['url_subscribe'] = $form_value_nl[1]; break; 1250 case 'url_unsubscribe': $form_newletter_setting['url_unsubscribe'] = $form_value_nl[1]; break; 1251 case 'subject': $form_newletter_setting['subject'] = $form_value_nl[1]; break; 1252 case 'double_optin': $form_newletter_setting['double_optin'] = intval($form_value_nl[1]) ? 1 : 0; break; 1253 1254 default: 1255 if( ($form_value_nl[0] = intval($form_value_nl[0])) ) { 1256 $query = _dbGet('phpwcms_subscription', '*', 'subscription_id='.$form_value_nl[0].' AND subscription_active=1'); 1257 if(isset($query[0])) { 1258 if($form_value_nl[1] == '') { 1259 $form_value_nl[1] = $query[0]['subscription_name']; 1260 } 1261 $form_value[ $form_value_nl[0] ] = $form_value_nl[1]; 1262 } else { 1263 continue; 1264 } 1265 } else { 1266 continue; 1267 } 1268 } 1269 } 1270 } 1271 1272 $form_newletter_setting['subscriptions'] = $form_value; 1273 1274 if($cnt_form["fields"][$key]['class']) { 1275 $form_field .= '<div class="'.$cnt_form["fields"][$key]['class'].'">'; 1276 $checkbox_class = '</div>'; 1277 } else { 1278 $checkbox_class = ''; 1279 } 1280 if($cnt_form["fields"][$key]['style']) { 1281 $checkbox_style = ' style="'.$cnt_form["fields"][$key]['style'].'"'; 1282 } else { 1283 $checkbox_style = ''; 1284 } 1285 // list of checkboxes 1286 $checkbox_counter = 0; 1287 $checkbox_spacer = $cnt_form["fields"][$key]['size'] ? '<br />' : ' '; 1288 foreach($form_value as $checkbox_key => $checkbox_value) { 1289 1290 if(isset($POST_val[$POST_name]) && is_array($POST_val[$POST_name])) { 1291 foreach($POST_val[$POST_name] as $postvar_value) { 1292 if($postvar_value == $checkbox_key) { 1293 $checkbox_key .= ' checked'; 1294 } 1295 } 1296 } 1297 1298 if($checkbox_counter) { 1299 $form_field .= $checkbox_spacer; 1300 } 1301 $form_field .= '<label for="'.$form_name.$checkbox_counter.'"' . $checkbox_style . '>'; 1302 $form_field .= '<input type="checkbox" name="'.$form_name.'[]" id="'.$form_name.$checkbox_counter.'" '; 1303 if(substr($checkbox_key, -8) != ' checked' && substr($checkbox_value, -8) != ' checked') { 1304 $form_field .= 'value="' . $checkbox_key . '" />'; 1305 } else { 1306 $checkbox_key = str_replace(' checked', '', $checkbox_key); 1307 $checkbox_value = str_replace(' checked', '', $checkbox_value); 1308 $form_field .= 'value="' . $checkbox_key . '" checked="checked" />'; 1309 } 1310 $form_field .= $checkbox_value .'</label>'; 1311 $checkbox_counter++; 1312 } 1313 $form_field .= $checkbox_class; 1314 break; 1315 1316 1317 } 1318 1319 // try to find correct sender name 1320 if($POST_DO && $cnt_form['sendernametype'] == 'formfield_'.$POST_name) { 1321 1322 $cnt_form['sendername'] = cleanUpForEmailHeader($cnt_form["fields"][$key]['value']); 1323 1324 } 1325 // try to build correct subject 1326 if($POST_DO && isset($cnt_form['subjectselect']) && $cnt_form['subjectselect'] == 'formfield_'.$POST_name) { 1327 1328 $cnt_form['subject'] .= ' '.cleanUpForEmailHeader($POST_val[$POST_name]); 1329 $cnt_form['subject'] = trim($cnt_form['subject']); 1330 1331 } 1332 1333 // Build the form elements 1334 1335 if($form_field && $cnt_form["fields"][$key]['type'] != 'hidden') { 1336 1337 1338 if($cnt_form['labelpos'] == 2) { 1339 1340 // custom form template 1341 $POST_name_quoted = preg_quote($POST_name, '/'); 1342 1343 if(empty($POST_ERR[$key])) { 1344 // if error for field empty 1345 $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\].*?\[\/IF_ERROR\]/s', '', $form_cnt); 1346 $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\](.*?)\[\/ELSE_ERROR\]/s', '$1', $form_cnt); 1347 $form_cnt = str_replace('{ERROR:'.$POST_name.'}', '', $form_cnt); 1348 } else { 1349 // field error available 1350 $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\](.*?)\[\/IF_ERROR\]/s', '$1', $form_cnt); 1351 $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\].*?\[\/ELSE_ERROR\]/s', '', $form_cnt); 1352 $form_cnt = str_replace('{ERROR:'.$POST_name.'}', html_specialchars($POST_ERR[$key]), $form_cnt); 1353 } 1354 1355 $form_cnt = str_replace('{'.$POST_name.'}', $form_field, $form_cnt); 1356 $form_cnt = str_replace('{LABEL:'.$POST_name.'}', html_specialchars($cnt_form["fields"][$key]['label']), $form_cnt); 1357 1358 } else { 1359 1360 // default table 1361 1362 if($cnt_form["fields"][$key]['type'] == 'reset' && strpos($form_cnt, '###RESET###')) { 1363 1364 $form_cnt = str_replace('###RESET###', $form_field, $form_cnt); 1365 1366 } else { 1367 1368 if($cnt_form["fields"][$key]['required']) { 1369 $cnt_form['labelClass'] = 'form-label required'; 1370 $cnt_form['labelReqMark'] = $cnt_form["cform_reqmark"]; 1371 } else { 1372 $cnt_form['labelClass'] = 'form-label'; 1373 $cnt_form['labelReqMark'] = ''; 1374 } 1375 1376 if($cnt_form['labelpos'] == 0) { 1377 1378 // label: field 1379 if($cnt_form["fields"][$key]['type'] != 'break') { 1380 $form_cnt .= "<tr>\n".'<td class="'.$cnt_form['labelClass'].'">'; 1381 if($cnt_form["fields"][$key]['label'] != '') { 1382 $form_cnt .= $cnt_form['label_wrap'][0]; 1383 $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); 1384 $form_cnt .= $cnt_form['labelReqMark']; 1385 $form_cnt .= $cnt_form['label_wrap'][1]; 1386 } else { 1387 $form_cnt .= ' '; 1388 } 1389 $form_cnt .= "</td>\n"; 1390 $form_cnt .= '<td class="form-field">'.$form_field."</td>\n</tr>\n"; 1391 } else { 1392 // colspan for break 1393 $form_cnt .= '<tr><td colspan="2">'.$form_field."</td></tr>\n"; 1394 } 1395 1396 } elseif($cnt_form['labelpos'] == 3) { 1397 1398 // DIV based 1399 $form_cnt .= '<div class="form-field'; 1400 if($cnt_form["fields"][$key]['label'] != '') { 1401 $form_cnt .= '">' . LF . ' <label class="'.$cnt_form['labelClass'].'">'; 1402 $form_cnt .= $cnt_form['label_wrap'][0]; 1403 $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); 1404 $form_cnt .= $cnt_form['labelReqMark']; 1405 $form_cnt .= $cnt_form['label_wrap'][1]; 1406 $form_cnt .= '</label>'; 1407 } else { 1408 $form_cnt .= ' no-label">'; 1409 } 1410 $form_cnt .= LF . ' ' . $form_field . LF . '</div>' . LF; 1411 1412 } else { 1413 1414 // label: 1415 // field 1416 if($cnt_form["fields"][$key]['label'] != '') { 1417 $form_cnt .= '<tr><td class="'.$cnt_form['labelClass'].'">'.$cnt_form['label_wrap'][0]; 1418 $form_cnt .= html_specialchars($cnt_form["fields"][$key]['label']); 1419 $form_cnt .= $cnt_form['labelReqMark']; 1420 $form_cnt .= $cnt_form['label_wrap'][1]."</td></tr>\n"; 1421 } 1422 $form_cnt .= '<tr><td class="form-field">'.$form_field."</td></tr>\n"; 1423 1424 } 1425 } 1426 1427 } 1428 } 1429 1430 if($form_field_hidden && $cnt_form["fields"][$key]['type'] == 'hidden' && $cnt_form['labelpos'] == 2) { 1431 1432 // custom form template 1433 $POST_name_quoted = preg_quote($POST_name, '/'); 1434 1435 if(empty($POST_ERR[$key])) { 1436 // if error for field empty 1437 $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\].*?\[\/IF_ERROR\]/s', '', $form_cnt); 1438 $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\](.*?)\[\/ELSE_ERROR\]/s', '$1', $form_cnt); 1439 $form_cnt = str_replace('{ERROR:'.$POST_name.'}', '', $form_cnt); 1440 } else { 1441 // field error available 1442 $form_cnt = preg_replace('/\[IF_ERROR:'.$POST_name_quoted.'\](.*?)\[\/IF_ERROR\]/s', '$1', $form_cnt); 1443 $form_cnt = preg_replace('/\[ELSE_ERROR:'.$POST_name_quoted.'\].*?\[\/ELSE_ERROR\]/s', '', $form_cnt); 1444 $form_cnt = str_replace('{ERROR:'.$POST_name.'}', html_specialchars($POST_ERR[$key]), $form_cnt); 1445 } 1446 1447 $form_cnt = str_replace('{'.$POST_name.'}', $form_field, $form_cnt); 1448 $form_cnt = str_replace('{LABEL:'.$POST_name.'}', html_specialchars($cnt_form["fields"][$key]['label']), $form_cnt); 1449 } 1450 1451 $form_counter++; 1452 } 1453 1454 // check against custom PHP function used to validate form 1455 if($POST_DO && !empty($cnt_form['cform_function_validate']) && is_string($cnt_form['cform_function_validate'])) { 1456 1457 $cnt_form['validate'] = explode('[', trim($cnt_form['cform_function_validate'], ']')); 1458 $cnt_form_validate_function = trim($cnt_form['validate'][0]); 1459 1460 if($cnt_form_validate_function && function_exists($cnt_form_validate_function)) { 1461 1462 $cnt_form_validate_fields = NULL; 1463 1464 if(isset($cnt_form['validate'][1])) { 1465 $cnt_form_validate_fields = trim($cnt_form['validate'][1]); 1466 if($cnt_form_validate_fields) { 1467 $cnt_form_validate_fields = convertStringToArray($cnt_form_validate_fields); 1468 if(empty($cnt_form_validate_fields) || !count($cnt_form_validate_fields)) { 1469 $cnt_form_validate_fields = NULL; 1470 } 1471 } 1472 } 1473 1474 if($cnt_form_validate_function($POST_val, $cnt_form_validate_fields) === FALSE) { 1475 $POST_ERR['VALIDATE_FUNCTION_ERROR'] = TRUE; 1476 } 1477 1478 } 1479 1480 } 1481 } 1482 1483 if(!empty($POST_DO) && empty($POST_ERR)) { 1484 1485 $POST_attach = array(); 1486 $POST_savedb = array(); 1487 1488 // now prepare form values for sending or storing 1489 if(isset($POST_val) && is_array($POST_val) && count($POST_val)) { 1490 1491 // fallback solution for older forms which do not know 1492 // separate email template for "copy to" recipient 1493 if(!isset($cnt_form['template_equal'])) { 1494 $cnt_form['template_equal'] = 1; 1495 } 1496 1497 foreach($POST_val as $POST_key => $POST_keyval) { 1498 1499 $POST_valurl = ''; 1500 1501 if(isset($cnt_form["copyto"]) && $cnt_form["copyto"] == $POST_key) { 1502 $cnt_form["copyto"] = $POST_keyval; 1503 } 1504 1505 if(is_array($POST_keyval) && !isset($POST_keyval['folder'])) { 1506 // check if this is an array - but no upload value 1507 $POST_keyval = implode(', ', $POST_keyval); 1508 1509 } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { 1510 // check if this is an array - and is an upload value 1511 $POST_valurl = PHPWCMS_URL.$POST_keyval['folder'].'/'.rawurlencode($POST_keyval['name']); 1512 if(isset($POST_keyval['attachment']) && $POST_keyval['attachment']) { 1513 $POST_attach[] = PHPWCMS_ROOT.'/'.$POST_keyval['folder'].'/'.$POST_keyval['name']; 1514 } 1515 if(!$cnt_form['template_format']) { 1516 $POST_keyval = $POST_valurl; 1517 } 1518 } 1519 1520 // prepare for storing in database 1521 if(!empty($cnt_form['savedb'])) { 1522 1523 $POST_savedb[$POST_key] = empty($POST_valurl) ? $POST_keyval : $POST_valurl; 1524 1525 } 1526 1527 1528 // first check copy to email template related things 1529 if( !$cnt_form['template_equal'] ) { 1530 1531 if($cnt_form['template_format_copy'] == 1) { //HTML 1532 1533 if(is_string($POST_keyval)) { 1534 $POST_keyval_copy = html_specialchars($POST_keyval); 1535 } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { 1536 $POST_keyval_copy = '<a href="'.$POST_valurl.'" target="_blank">'.html_specialchars($POST_keyval['name']).'</a>'; 1537 } 1538 1539 } else { 1540 1541 $POST_keyval_copy = $POST_keyval; 1542 1543 } 1544 1545 // replace tags in email form 1546 $cnt_form['template_copy'] = str_replace('{'. $POST_key . '}', $POST_keyval_copy, $cnt_form['template_copy']); 1547 1548 } 1549 1550 if($cnt_form['template_format']) { //HTML 1551 1552 if(is_string($POST_keyval)) { 1553 $POST_keyval = html_specialchars($POST_keyval); 1554 } elseif(is_array($POST_keyval) && isset($POST_keyval['folder'])) { 1555 $POST_keyval = '<a href="'.$POST_valurl.'" target="_blank">'.html_specialchars($POST_keyval['name']).'</a>'; 1556 } 1557 1558 $cnt_form['is_html_entity'] = true; 1559 1560 } else { 1561 1562 // remember the HTML entity status 1563 $cnt_form['is_html_entity'] = false; 1564 1565 } 1566 1567 // replace tags in email form 1568 $cnt_form['template'] = str_replace('{'. $POST_key . '}', $POST_keyval, $cnt_form['template']); 1569 1570 //replace tags in the success form but not for redirect. 1571 if($cnt_form["onsuccess_redirect"] !== 1) { 1572 1573 // check if it is htmlentity 1574 if(!$cnt_form['is_html_entity'] && $cnt_form["onsuccess_redirect"] === 2) { 1575 $POST_keyval = html_specialchars($POST_keyval); 1576 } 1577 $cnt_form["onsuccess"] = str_replace('{'. $POST_key . '}', $POST_keyval, $cnt_form["onsuccess"]); 1578 1579 } 1580 1581 } 1582 1583 $cnt_form['fe_current_url'] = PHPWCMS_URL . 'index.php' . returnGlobalGET_QueryString('rawurlencode'); 1584 1585 $cnt_form['template'] = str_replace('{FORM_URL}', $cnt_form['fe_current_url'], $cnt_form['template']); 1586 $cnt_form['template'] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form['template']); 1587 $cnt_form['template'] = preg_replace('/\{DATE:(.*?)\}/e', 'date("$1")', $cnt_form['template']); 1588 1589 if( !$cnt_form['template_equal'] ) { 1590 1591 $cnt_form['template_copy'] = str_replace('{FORM_URL}', $cnt_form['fe_current_url'], $cnt_form['template_copy']); 1592 $cnt_form['template_copy'] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form['template_copy']); 1593 $cnt_form['template_copy'] = preg_replace('/\{DATE:(.*?)\}/e', 'date("$1")', $cnt_form['template_copy']); 1594 $cnt_form['template_copy'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['template_copy']); 1595 1596 } 1597 1598 if($cnt_form["onsuccess_redirect"] !== 1) { 1599 1600 $cnt_form["onsuccess"] = str_replace('{REMOTE_IP}', getRemoteIP(), $cnt_form["onsuccess"]); 1601 $cnt_form['onsuccess'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['onsuccess']); 1602 1603 } 1604 1605 $cnt_form['template'] = preg_replace('/\{(.*?)\}/', '', $cnt_form['template']); 1606 1607 // check if "copy to" email template is equal recipient 1608 // email template and set it the same 1609 if($cnt_form['template_equal'] == 1) { 1610 1611 $cnt_form['template_format_copy'] = $cnt_form['template_format']; 1612 $cnt_form['template_copy'] = $cnt_form['template']; 1613 1614 } 1615 1616 // storing in database moved to 2nd POST_ERR if section 1617 1618 } 1619 1620 1621 // get email addresses of recipients and senders 1622 1623 $cnt_form["target"] = convertStringToArray($cnt_form["target"], ';'); 1624 if(empty($cnt_form["subject"])) { 1625 $cnt_form["alt_subj"] = str_replace('http://', '', $phpwcms['site']); 1626 $cnt_form["alt_subj"] = substr($cnt_form["alt_subj"], 0, trim($phpwcms['site'], '/')); 1627 $cnt_form["subject"] = 'Webform: '.$cnt_form["alt_subj"]; 1628 } 1629 1630 // check for BCC Addresses 1631 $cnt_form['cc'] = empty($cnt_form['cc']) ? array() : convertStringToArray($cnt_form['cc'], ';'); 1632 1633 1634 // first try to send copy message 1635 if(!empty($cnt_form['sendcopy']) && !empty($cnt_form["copyto"]) && is_valid_email($cnt_form["copyto"])) { 1636 $cnt_form['cc'][] = $cnt_form["copyto"]; 1637 $cnt_form['fromEmail'] = $cnt_form["copyto"]; 1638 } 1639 1640 // check for unique recipients (target) and sender (fromEmail) 1641 if(!empty($cnt_form['checktofrom'])) { 1642 1643 foreach($cnt_form["target"] as $value) { 1644 1645 if(strtolower($cnt_form['fromEmail']) == strtolower($value)) { 1646 1647 $POST_ERR[] = 'Sender’s email must be different from recipient’s email'; 1648 break; 1649 } 1650 1651 } 1652 1653 } 1654 1655 } 1656 1657 // do $POST_ERR test again to handle possible duplicates 1658 // in case 'checktofrom' = 1 1659 if(!empty($POST_DO) && empty($POST_ERR)) { 1660 1661 // check if there are form values which should be saved in db 1662 if(count($POST_savedb)) { 1663 1664 $POST_savedb_sql = 'INSERT INTO '.DB_PREPEND.'phpwcms_formresult '; 1665 $POST_savedb_sql .= '(formresult_pid, formresult_ip, formresult_content) VALUES ('; 1666 $POST_savedb_sql .= $crow['acontent_id'].", '".aporeplace(getRemoteIP())."', '"; 1667 $POST_savedb_sql .= aporeplace(serialize($POST_savedb)) . "')"; 1668 $POST_savedb_sql = _dbQuery($POST_savedb_sql, 'INSERT'); 1669 1670 } 1671 1672 // send mail, include phpmailer class 1673 require_once ('include/inc_ext/phpmailer/class.phpmailer.php'); 1674 1675 // now run all CC -> but sent as full email to each CC recipient 1676 if(count($cnt_form['cc'])) { 1677 1678 $mail = new PHPMailer(); 1679 $mail->Mailer = $phpwcms['SMTP_MAILER']; 1680 $mail->Host = $phpwcms['SMTP_HOST']; 1681 $mail->Port = $phpwcms['SMTP_PORT']; 1682 if($phpwcms['SMTP_AUTH']) { 1683 $mail->SMTPAuth = 1; 1684 $mail->Username = $phpwcms['SMTP_USER']; 1685 $mail->Password = $phpwcms['SMTP_PASS']; 1686 } 1687 $mail->CharSet = $phpwcms["charset"]; 1688 1689 if(isset($cnt_form['function_cc']) && function_exists($cnt_form['function_cc'])) { 1690 @$cnt_form['function_cc']($POST_savedb, $cnt_form, $mail); 1691 } 1692 1693 $mail->IsHTML($cnt_form['template_format_copy']); 1694 $mail->Subject = $cnt_form["subject"]; 1695 $mail->Body = $cnt_form['template_copy']; 1696 if(!$mail->SetLanguage($phpwcms['default_lang'], '')) { 1697 $mail->SetLanguage('en'); 1698 } 1699 1700 $mail->From = $cnt_form['sender']; 1701 $mail->FromName = $cnt_form['sendername']; 1702 $mail->Sender = $cnt_form['sender']; 1703 1704 $cnt_form["copytoError"] = array(); 1705 1706 foreach($cnt_form['cc'] as $cc_email) { 1707 1708 $mail->AddAddress($cc_email); 1709 1710 if(!$mail->Send()) { 1711 $cnt_form["copytoError"][] = html_specialchars($cc_email.' ('.$mail->ErrorInfo.')'); 1712 } 1713 1714 $mail->ClearAddresses(); 1715 1716 } 1717 1718 if(count($cnt_form["copytoError"])) { 1719 $cnt_form["copytoError"] = implode('<br />', $cnt_form["copytoError"]); 1720 } else { 1721 unset($cnt_form["copytoError"]); 1722 } 1723 1724 unset($mail); 1725 } 1726 1727 // now send original message 1728 $mail = new PHPMailer(); 1729 $mail->Mailer = $phpwcms['SMTP_MAILER']; 1730 $mail->Host = $phpwcms['SMTP_HOST']; 1731 $mail->Port = $phpwcms['SMTP_PORT']; 1732 if($phpwcms['SMTP_AUTH']) { 1733 $mail->SMTPAuth = 1; 1734 $mail->Username = $phpwcms['SMTP_USER']; 1735 $mail->Password = $phpwcms['SMTP_PASS']; 1736 } 1737 $mail->CharSet = $phpwcms["charset"]; 1738 1739 if(isset($cnt_form['function_to']) && function_exists($cnt_form['function_to'])) { 1740 @$cnt_form['function_to']($POST_savedb, $cnt_form, $mail); 1741 } 1742 1743 $mail->IsHTML($cnt_form['template_format']); 1744 $mail->Subject = $cnt_form["subject"]; 1745 $mail->Body = $cnt_form['template']; 1746 1747 if(!$mail->SetLanguage($phpwcms['default_lang'], '')) { 1748 $mail->SetLanguage('en'); 1749 } 1750 if(empty($cnt_form["fromEmail"])) { 1751 $cnt_form["fromEmail"] = $phpwcms['SMTP_FROM_EMAIL']; 1752 } 1753 $mail->From = $cnt_form['sender']; 1754 $mail->FromName = $cnt_form['sendername']; 1755 $mail->Sender = $cnt_form['sender']; 1756 1757 if(!empty($cnt_form["target"]) && is_array($cnt_form["target"]) && count($cnt_form["target"])) { 1758 1759 foreach($cnt_form["target"] as $e_value) { 1760 $mail->AddAddress(trim($e_value)); 1761 } 1762 1763 } else { 1764 // use default email address 1765 $mail->AddAddress($phpwcms['SMTP_FROM_EMAIL']); 1766 } 1767 1768 if(count($POST_attach)) { 1769 foreach($POST_attach as $attach_file) { 1770 $mail->AddAttachment($attach_file); 1771 } 1772 } 1773 1774 if(!$mail->Send()) { 1775 $CNT_TMP .= '<p>'.html_specialchars($mail->ErrorInfo).'</p>'; 1776 } else { 1777 1778 // check if user should be registered for newsletter 1779 if(isset($form_newletter_setting['selection']) && count($form_newletter_setting['selection'])) { 1780 1781 // first check if neccessary form field is valid email 1782 if(isset($POST_val[ $form_newletter_setting['email_field'] ]) && is_valid_email($POST_val[ $form_newletter_setting['email_field'] ])) { 1783 1784 // ok now I know we can store email as newsletter recipient 1785 $form_newletter_setting['email_field'] = $POST_val[ $form_newletter_setting['email_field'] ]; 1786 1787 // now try to find fields to build recipient's name, if empty name is same as email 1788 if(!empty($form_newletter_setting['name_field'])) { 1789 1790 // split by "+" 1791 $form_newletter_setting['name_field_tmp'] = explode('+', $form_newletter_setting['name_field']); 1792 $form_newletter_setting['name_field'] = ''; 1793 foreach($form_newletter_setting['name_field_tmp'] as $form_value_nl) { 1794 1795 // empty - continue 1796 if(empty($form_value_nl)) continue; 1797 1798 // now check if field name exists and build corresponding name value 1799 if(empty($POST_val[ trim($form_value_nl) ])) { 1800 $form_newletter_setting['name_field'] .= $form_value_nl; 1801 } else { 1802 $form_value_nl = trim($form_value_nl); 1803 $form_newletter_setting['name_field'] .= $POST_val[ $form_value_nl ]; 1804 } 1805 1806 } 1807 $form_newletter_setting['name_field'] = trim($form_newletter_setting['name_field']); 1808 1809 } 1810 1811 if(empty($form_newletter_setting['name_field'])) { 1812 $form_newletter_setting['name_field'] = $form_newletter_setting['email_field']; 1813 } 1814 1815 $form_newletter_setting['hash'] = preg_replace('/[^a-z0-9]/i', '', shortHash( $form_newletter_setting['email_field'].time() ) ); 1816 1817 // create SQL query to populate recipient into recipients db 1818 $form_newletter_setting['sql'] = 'INSERT INTO '.DB_PREPEND.'phpwcms_address '; 1819 $form_newletter_setting['sql'] .= '(address_key, address_email, address_name, address_verified, '; 1820 $form_newletter_setting['sql'] .= 'address_subscription, address_url1, address_url2) VALUES ('; 1821 $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['hash'])."', "; 1822 $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['email_field'])."', "; 1823 $form_newletter_setting['sql'] .= "'".aporeplace($form_newletter_setting['name_field'])."', "; 1824 $form_newletter_setting['sql'] .= (empty($form_newletter_setting['double_optin']) ? 1 : 0) .", "; 1825 $form_newletter_setting['sql'] .= "'".aporeplace(serialize($form_newletter_setting['selection']))."', "; 1826 $form_newletter_setting['sql'] .= "'".aporeplace(empty($form_newletter_setting['url_subscribe']) ? '' : $form_newletter_setting['url_subscribe'])."', "; 1827 $form_newletter_setting['sql'] .= "'".aporeplace(empty($form_newletter_setting['url_unsubscribe']) ? '' : $form_newletter_setting['url_unsubscribe'])."'"; 1828 $form_newletter_setting['sql'] .= ')'; 1829 1830 // save recipient in db and send verify message in case of double opt-in 1831 $form_newletter_setting['query_result'] = @_dbQuery($form_newletter_setting['sql'], 'INSERT'); 1832 1833 // now send opt-in email 1834 if(!empty($form_newletter_setting['double_optin'])) { 1835 1836 if(empty($cnt_form['verifyemail'])) { 1837 $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE.'inc_cntpart/newsletter/email/default.opt-in.txt'); 1838 if(empty($cnt_form['verifyemail'])) { 1839 $cnt_form['verifyemail'] = 'Hi {NEWSLETTER_NAME},'.LF.LF.'Someone (presumably you) on {SITE}'.LF.'subscribed to these newsletters:'.LF; 1840 $cnt_form['verifyemail'] .= '{SUBSCRIPTIONS}'.LF.LF.'The following email was requested for subscription'.LF.'{NEWSLETTER_EMAIL}'.LF.LF; 1841 $cnt_form['verifyemail'] .= 'If you requested this subscription, visit the following URL'.LF.'{NEWSLETTER_VERIFY}'.LF.'to verify and activate it.'.LF.LF; 1842 $cnt_form['verifyemail'] .= 'Ignore the message or visit the following URL'.LF.'{NEWSLETTER_DELETE}'.LF.'and nothing will happen.'.LF.LF.LF; 1843 $cnt_form['verifyemail'] .= 'With best regards'.LF.'Webmaster'.LF.LF.'--'.LF.'{DATE:m/d/Y H:i:s}, IP: {IP}'.LF; 1844 } 1845 } 1846 1847 $form_newletter_setting['hash'] = rawurlencode($form_newletter_setting['hash']); 1848 1849 $form_newletter_setting['selection_text'] = array(); 1850 foreach($form_newletter_setting['selection'] as $form_value_nl) { 1851 $form_newletter_setting['subscr_text'][] = '[X] '.$form_newletter_setting['subscriptions'][$form_value_nl]; 1852 } 1853 1854 if($form_newletter_setting['email_field'] == $form_newletter_setting['name_field']) $form_newletter_setting['name_field'] = ''; 1855 1856 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_NAME}', $form_newletter_setting['name_field'], $cnt_form['verifyemail']); 1857 $cnt_form['verifyemail'] = str_replace('{SUBSCRIPTIONS}', implode(LF, $form_newletter_setting['subscr_text']), $cnt_form['verifyemail']); 1858 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_EMAIL}', $form_newletter_setting['email_field'], $cnt_form['verifyemail']); 1859 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_VERIFY}', PHPWCMS_URL.'verify.php?s='.$form_newletter_setting['hash'], $cnt_form['verifyemail']); 1860 $cnt_form['verifyemail'] = str_replace('{NEWSLETTER_DELETE}', PHPWCMS_URL.'verify.php?u='.$form_newletter_setting['hash'], $cnt_form['verifyemail']); 1861 $cnt_form['verifyemail'] = replaceGlobalRT($cnt_form['verifyemail']); 1862 1863 if(empty($form_newletter_setting['sender_email'])) $form_newletter_setting['sender_email'] = $cnt_form['sender']; 1864 if(empty($form_newletter_setting['sender_name'])) $form_newletter_setting['sender_name'] = $cnt_form['sendername']; 1865 1866 // now send verification email 1867 @sendEmail(array( 'recipient' => $form_newletter_setting['email_field'], 1868 'toName' => $form_newletter_setting['name_field'], 1869 'subject' => $form_newletter_setting['subject'], 1870 'text' => $cnt_form['verifyemail'], 1871 'from' => $form_newletter_setting['sender_email'], 1872 'fromName' => $form_newletter_setting['sender_name'], 1873 'sender' => $form_newletter_setting['sender_email'] )); 1874 1875 } 1876 1877 } 1878 1879 } 1880 1881 if($cnt_form["onsuccess_redirect"] === 1) { 1882 // redirect on success 1883 headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onsuccess"])); 1884 1885 } elseif($cnt_form["onsuccess"]) { 1886 // success 1887 1888 $CNT_TMP .= '<div class="' . trim('form-success ' . $cnt_form["class"]) . '">' . LF; 1889 1890 if($cnt_form["onsuccess_redirect"] === 0) { 1891 $CNT_TMP .= plaintext_htmlencode($cnt_form["onsuccess"]); 1892 } else { 1893 $CNT_TMP .= $cnt_form["onsuccess"]; 1894 } 1895 $CNT_TMP .= LF . '</div>' . LF; 1896 } 1897 1898 } 1899 if(!empty($cnt_form["copytoError"])) { 1900 $CNT_TMP .= '<p class="error form-copy-to">'.$cnt_form["copytoError"].'</p>'; 1901 } 1902 1903 unset($mail); 1904 1905 $form_cnt = ''; 1906 1907 } elseif(isset($POST_ERR)) { 1908 // do on POST_ERROR 1909 1910 if(isset($_FILES)) { 1911 foreach($_FILES as $file_key => $file_val) { 1912 @unlink($_FILES[$file_key]['tmp_name']); 1913 } 1914 if(isset($POST_val) && count($POST_val)) { 1915 foreach($POST_val as $file_key => $file_val) { 1916 @unlink(PHPWCMS_ROOT.'/'.$cnt_form['upload_value']['folder'].'/'.$POST_val[$file_key]['name']); 1917 } 1918 } 1919 } 1920 1921 if($cnt_form["onerror_redirect"] === 1) { 1922 1923 headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onerror"])); 1924 1925 } else { 1926 1927 if($cnt_form["onerror"]) { 1928 1929 $form_error_text = '<div class="form-error on-send">' . LF; 1930 $form_error_text .= $cnt_form["onerror_redirect"] === 0 ? plaintext_htmlencode($cnt_form["onerror"]) : $cnt_form["onerror"]; 1931 $form_error_text .= LF . '</div>' . LF; 1932 1933 } 1934 1935 $POST_ERR = array_diff( $POST_ERR , array('', FALSE) ); 1936 $POST_ERR = array_map( 'html_specialchars', $POST_ERR ); 1937 if($cnt_form['labelpos'] != 2 && count( $POST_ERR ) ) { 1938 1939 if($cnt_form['labelpos'] == 3) { 1940 1941 $form_error = '<div class="' . trim('form-error ' . $cnt_form["error_class"]) . '">' . LF; 1942 $form_error .= ' <p>' . implode('</p>'.LF.' <p>', $POST_ERR) . '</p>' . LF; 1943 $form_error .= '</div>' . LF; 1944 1945 } else { 1946 1947 $form_error = "<tr>\n"; 1948 if($cnt_form['labelpos'] == 0) { // label: field 1949 $form_error .= '<td class="'.$cnt_form['labelClass'].'">'." </td>\n"; 1950 } 1951 $form_error .= '<td'.(!empty($cnt_form["error_class"]) ? ' class="'.$cnt_form["error_class"].'"' : '').'>'; 1952 $form_error .= implode("<br />", $POST_ERR); 1953 $form_error .= "</td>\n</tr>\n"; 1954 1955 } 1956 1957 $form_cnt = $form_error.$form_cnt; 1958 1959 unset($form_error); 1960 } 1961 1962 } 1963 1964 } else { 1965 1966 // form was not send yet 1967 // display startup text 1968 1969 if(!empty($cnt_form['startup'])) { 1970 1971 if(empty($cnt_form['startup_html'])) { 1972 1973 $CNT_TMP .= LF . '<div class="form-intro">' . LF . plaintext_htmlencode($cnt_form['startup']) . LF . '</div>' . LF; 1974 1975 } else { 1976 1977 $CNT_TMP .= LF . $cnt_form['startup'] . LF; 1978 1979 } 1980 1981 } 1982 1983 } 1984 1985 if($form_cnt) { 1986 $form_cnt = str_replace('###RESET###', '', $form_cnt); 1987 $cnt_form["class_close"] = ''; 1988 if($cnt_form["class"]) { 1989 $CNT_TMP .= '<div class="'.$cnt_form["class"].'">'; 1990 $cnt_form["class_close"] = '</div>'; 1991 $cnt_form['class'] = ' class="form-'.$cnt_form["class"].'"'; 1992 } else { 1993 $cnt_form['class'] = ''; 1994 } 1995 $CNT_TMP .= $form_error_text; 1996 $CNT_TMP .= '<form name="phpwcmsForm'.$crow["acontent_id"].'" id="phpwcmsForm'.$crow["acontent_id"].'"'.$cnt_form['class']; 1997 $CNT_TMP .= ' action="'.rel_url(); 1998 if(empty($cnt_form['anchor_off'])) { 1999 $CNT_TMP .= '#jumpForm'.$crow["acontent_id"]; 2000 } 2001 $CNT_TMP .= '" method="post"'; 2002 $CNT_TMP .= $cnt_form['is_enctype'] ? ' enctype="multipart/form-data">' : '>'; 2003 2004 if($cnt_form['labelpos'] == 2) { 2005 2006 if(isset($POST_ERR) && count($POST_ERR)) { 2007 $form_cnt = preg_replace('/\[IF_ERROR\](.*?)\[\/IF_ERROR\]/s', '$1', $form_cnt); 2008 $form_cnt = preg_replace('/\[ELSE_ERROR\].*?\[\/ELSE_ERROR\]/s', '', $form_cnt); 2009 } else { 2010 $form_cnt = preg_replace('/\[IF_ERROR\].*?\[\/IF_ERROR\]/s', '', $form_cnt); 2011 $form_cnt = preg_replace('/\[ELSE_ERROR\](.*?)\[\/ELSE_ERROR\]/s', '$1', $form_cnt); 2012 } 2013 $CNT_TMP .= "\n". $form_cnt ."\n"; 2014 2015 } elseif($cnt_form['labelpos'] == 3) { 2016 2017 $CNT_TMP .= LF . $form_cnt; 2018 2019 } else { 2020 2021 $CNT_TMP .= '<table cellspacing="0" cellpadding="0" border="0">'; 2022 $CNT_TMP .= "\n".$form_cnt.'</table>'; 2023 2024 } 2025 2026 $CNT_TMP .= LF . '<div><input type="hidden" name="cpID'.$crow["acontent_id"].'" value="'.$crow["acontent_id"].'" />'; 2027 $CNT_TMP .= $form_field_hidden; 2028 $CNT_TMP .= getFormTrackingValue(); //hidden form tracking field 2029 $CNT_TMP .= '</div>' . LF . '</form>' . LF . $cnt_form["class_close"]; 2030 } 2031 2032 unset( $form, $form_cnt, $form_cnt_2, $form_field, $form_field_hidden, $form_counter, $form_error_text, $POST_ERR ); 2033 2034 // reset form tracking status to default value 2035 $phpwcms['form_tracking'] = $default_formtracking_value; 2036 2037 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Jan 29 16:31:14 2012 | Cross-referenced by PHPXref 0.7.1 |