[ Index ] |
PHP Cross Reference of phpwcms V1.5.0 _r431 (28.01.12) |
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************************* 3 Copyright notice 4 5 (c) 2002-2012 Oliver Georgi <oliver@phpwcms.de> // All rights reserved. 6 7 This script is part of PHPWCMS. The PHPWCMS web content management system is 8 free software; you can redistribute it and/or modify it under the terms of 9 the GNU General Public License as published by the Free Software Foundation; 10 either version 2 of the License, or (at your option) any later version. 11 12 The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html 13 A copy is found in the textfile GPL.txt and important notices to the license 14 from the author is found in LICENSE.txt distributed with these scripts. 15 16 This script is distributed in the hope that it will be useful, but WITHOUT ANY 17 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 18 PARTICULAR PURPOSE. See the GNU General Public License for more details. 19 20 This copyright notice MUST APPEAR in all copies of the script! 21 *************************************************************************************/ 22 23 24 // ---------------------------------------------------------------- 25 // obligate check for phpwcms constants 26 if (!defined('PHPWCMS_ROOT')) { 27 die("You Cannot Access This Script Directly, Have a Nice Day."); 28 } 29 // ---------------------------------------------------------------- 30 31 32 33 // email form new 34 $content["form"]['subject'] = clean_slweg($_POST["cform_subject"]); 35 $content["form"]['startup'] = slweg($_POST["cform_startup"]); 36 $content["form"]['startup_html'] = intval($_POST["cform_startup_html"]) ? 1 : 0; 37 $content["form"]["class"] = slweg($_POST["cform_class"]); 38 $content["form"]["error_class"] = slweg($_POST["cform_error_class"]); 39 $content["form"]["label_wrap"] = slweg($_POST["cform_label_wrap"]); 40 $content["form"]["cform_reqmark"] = slweg($_POST["cform_reqmark"]); 41 $content["form"]["cform_function_validate"] = clean_slweg($_POST["cform_function_validate"]); 42 43 44 $content["form"]["cc"] = convertStringToArray(str_replace(array(' ',','), ';', clean_slweg($_POST["cform_cc"])),';'); 45 foreach($content["form"]["cc"] as $e_key => $e_value) { 46 if(!is_valid_email($content["form"]["cc"][$e_key])) { 47 unset($content["form"]["cc"][$e_key]); 48 } 49 } 50 $content["form"]["cc"] = implode(';', $content["form"]["cc"]); 51 52 $content["form"]["targettype"] = clean_slweg($_POST["cform_targettype"]); 53 54 $content["form"]["target"] = clean_slweg($_POST["cform_target"]); 55 $content["form"]["target"] = sanitize_multiple_emails($content["form"]["target"]); 56 $content["form"]["target"] = strtolower($content["form"]["target"]); 57 $content["form"]["target"] = explode(';', $content["form"]["target"]); 58 if(!empty($content["form"]["target"]) && is_array($content["form"]["target"]) && count($content["form"]["target"])) { 59 foreach($content["form"]["target"] as $e_key => $e_value) { 60 if(!is_valid_email($content["form"]["target"][$e_key])) { 61 unset($content["form"]["target"][$e_key]); 62 } 63 } 64 $content["form"]["target"] = implode(';', $content["form"]["target"]); 65 } else { 66 $content["form"]["target"] = ''; 67 } 68 if(empty($content["form"]["target"]) && $content["form"]["targettype"] == 'email') { 69 $content["form"]["target"] = $phpwcms['SMTP_FROM_EMAIL']; 70 } 71 72 $content["form"]["subjectselect"] = clean_slweg($_POST["cform_subjectselect"]); 73 74 $content["form"]["sendertype"] = clean_slweg($_POST["cform_sendertype"]); 75 $content["form"]["sender"] = clean_slweg($_POST["cform_sender"]); 76 $content["form"]["sender"] = str_replace(' ', ';', $content["form"]["sender"]); 77 list($content["form"]["sender"]) = explode(';', $content["form"]["sender"]); 78 $content["form"]["sender"] = trim($content["form"]["sender"]); 79 if(!is_valid_email($content["form"]["sender"])) { 80 $content["form"]["sender"] = ''; 81 if($content["form"]["sendertype"] == 'email') { 82 $content["form"]["sendertype"] = 'system'; 83 } 84 } elseif($content["form"]["sendertype"] == 'system' && $content["form"]["sender"]) { 85 $content["form"]["sendertype"] = 'email'; 86 } 87 88 $content["form"]["sendernametype"] = clean_slweg($_POST["cform_sendernametype"]); 89 $content["form"]["sendername"] = clean_slweg($_POST["cform_sendername"]); 90 if($content["form"]["sendernametype"] == 'system' && $content["form"]["sendername"]) { 91 $content["form"]["sendernametype"] = 'custom'; 92 } 93 94 $content['form']['verifyemail'] = isset($_POST['cform_field_verifyemail']) ? clean_slweg($_POST['cform_field_verifyemail']) : ''; 95 96 $content["form"]["labelpos"] = intval($_POST["cform_labelpos"]); 97 $content['form']["sendcopy"] = empty($_POST["cform_sendcopy"]) ? 0 : 1; 98 $content['form']["copyto"] = isset($_POST["cform_copyto"]) ? clean_slweg($_POST["cform_copyto"]) : ''; 99 100 // disable formtracking as recommend for "send a friend" forms 101 $content['form']['formtracking_off'] = empty($_POST["cform_tracking_off"]) ? 0 : 1; 102 103 // check if email of sender and recipient have to be different 104 $content['form']['checktofrom'] = empty($_POST['cform_checktofrom']) ? 0 : 1; 105 106 $content['form']["onsuccess_redirect"] = empty($_POST["cform_onsuccess_redirect"]) ? 0 : intval($_POST["cform_onsuccess_redirect"]); 107 switch($content['form']["onsuccess_redirect"]) { 108 case 1: 109 case 2: break; 110 default: $content['form']["onsuccess_redirect"] = 0; 111 } 112 $content['form']["onerror_redirect"] = empty($_POST["cform_onerror_redirect"]) ? 0 : intval($_POST["cform_onerror_redirect"]); 113 switch($content['form']["onerror_redirect"]) { 114 case 1: 115 case 2: break; 116 default: $content['form']["onerror_redirect"] = 0; 117 } 118 $content['form']["onsuccess"] = $content['form']["onsuccess_redirect"] == 2 ? slweg($_POST["cform_onsuccess"]) : clean_slweg($_POST["cform_onsuccess"]); 119 $content['form']["onerror"] = $content['form']["onerror_redirect"] == 2 ? slweg($_POST["cform_onerror"]) : clean_slweg($_POST["cform_onerror"]); 120 121 $content['form']["template_format"] = intval($_POST["cform_template_format"]) ? 1 : 0; 122 $content['form']["template"] = slweg($_POST["cform_template"]); 123 124 $content['form']["template_format_copy"] = intval($_POST["cform_template_format_copy"]) ? 1 : 0; 125 $content['form']["template_copy"] = slweg($_POST["cform_template_copy"]); 126 127 $content['form']["function_to"] = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST["cform_function_to"]); 128 $content['form']["function_cc"] = preg_replace('/[^a-zA-Z0-9_]/', '', $_POST["cform_function_cc"]); 129 if(is_callable($content['form']["function_to"])) { 130 $content['form']["function_to"] = '_Proof_'.$content['form']["function_to"]; 131 } 132 if(is_callable($content['form']["function_cc"])) { 133 $content['form']["function_cc"] = '_Proof_'.$content['form']["function_cc"]; 134 } 135 136 137 $content['form']["template_equal"] = empty($_POST["cform_template_equal"]) ? 0 : 1; 138 139 $content['form']["customform"] = slweg($_POST["cform_customform"]); 140 141 $content['form']["savedb"] = empty($_POST["cform_savedb"]) ? 0 : 1; 142 $content['form']["saveprofile"] = empty($_POST["cform_saveprofile"]) ? 0 : 1; 143 $content['form']["anchor_off"] = empty($_POST["cform_anchor_off"]) ? 0 : 1; 144 145 146 //$field_counter = 0; 147 $content["form"]["fields"] = array(); 148 /* 149 * now retrieve all form entities and check based on type 150 */ 151 foreach($_POST['cform_field_type'] as $key => $value) { 152 153 if(!isset($_POST['cform_field_delete'][$key])) { 154 155 $value = clean_slweg($value); 156 $field_counter = intval($_POST['cform_order'][$key]); 157 $content["form"]["fields"][$field_counter]['type'] = $value; 158 159 // field name cannot include spaces and also should not include any special chars 160 $content['form']["fields"][$field_counter]['name'] = attribute_name_clean(clean_slweg($_POST['cform_field_name'][$key])); 161 162 $content['form']["fields"][$field_counter]['label'] = clean_slweg($_POST['cform_field_label'][$key]); 163 $content['form']["fields"][$field_counter]['required'] = isset($_POST['cform_field_required'][$key]) ? 1 : 0; 164 $content['form']["fields"][$field_counter]['value'] = slweg($_POST['cform_field_value'][$key]); 165 $content['form']["fields"][$field_counter]['error'] = clean_slweg($_POST['cform_field_error'][$key]); 166 $content['form']["fields"][$field_counter]['style'] = clean_slweg($_POST['cform_field_style'][$key]); 167 $content['form']["fields"][$field_counter]['class'] = clean_slweg($_POST['cform_field_class'][$key]); 168 169 $content['form']["fields"][$field_counter]['profile'] = empty($_POST['cform_field_profile'][$key]) ? '' : clean_slweg($_POST['cform_field_profile'][$key]); 170 171 switch($value) { 172 173 case 'text' : /* 174 * Text 175 */ 176 $content['form']["fields"][$field_counter]['value'] = str_replace("\r\n", ' ', $content['form']["fields"][$field_counter]['value']); 177 $content['form']["fields"][$field_counter]['value'] = str_replace("\r", ' ', $content['form']["fields"][$field_counter]['value']); 178 $content['form']["fields"][$field_counter]['value'] = str_replace("\n", ' ', $content['form']["fields"][$field_counter]['value']); 179 180 $content['form']["fields"][$field_counter]['size'] = intval($_POST['cform_field_size'][$key]) ? intval($_POST['cform_field_size'][$key]) : ''; 181 $content['form']["fields"][$field_counter]['max'] = intval($_POST['cform_field_max'][$key]) ? intval($_POST['cform_field_max'][$key]) : ''; 182 break; 183 184 case 'special' : /* 185 * Special 186 */ 187 $content['form']["fields"][$field_counter]['value'] = slweg($_POST['cform_field_value'][$key]); 188 $content['form']["fields"][$field_counter]['value'] = str_replace('"', '', $content['form']["fields"][$field_counter]['value']); 189 $content['form']["fields"][$field_counter]['value'] = str_replace("'", '', $content['form']["fields"][$field_counter]['value']); 190 $content['form']["fields"][$field_counter]['value'] = explode("\n", $content['form']["fields"][$field_counter]['value']); 191 if(is_array($content['form']["fields"][$field_counter]['value']) && count($content['form']["fields"][$field_counter]['value'])) { 192 foreach($content['form']["fields"][$field_counter]['value'] as $_special) { 193 $_special = trim($_special); 194 $_special = explode('=', $_special); 195 if(isset($_special[0])) { 196 $_special[0] = strtolower(trim($_special[0])); 197 switch($_special[0]) { 198 199 case 'type': if(!empty($_special[1])) { 200 $_special[1] = trim($_special[1]); 201 if($_special[1] !== 'a-Z' && $_special[1] !== 'a-z') { 202 $_special[1] = strtoupper($_special[1]); 203 } 204 switch($_special[1]) { 205 case 'MIX': 206 case 'INT': 207 case 'FLOAT': 208 case 'DEC': 209 case 'IDENT': 210 case 'STRING': 211 case 'DATE': 212 case 'A-Z': 213 case 'a-Z': 214 case 'a-z': 215 case '0-9': 216 case 'WORD': 217 case 'LETTER+SPACE': 218 case 'PHONE': 219 case 'REGEX': 220 $special_attribute['type'] = $_special[1]; 221 break; 222 } 223 } 224 if(!isset($special_attribute['type'])) { 225 $special_attribute['type'] = 'MIX'; 226 } 227 break; 228 229 case 'default': $special_attribute['default'] = isset($_special[1]) ? trim($_special[1]) : ''; 230 break; 231 232 case 'dateformat': $special_attribute['dateformat'] = isset($_special[1]) ? trim($_special[1]) : 'm/d/Y'; 233 break; 234 235 case 'pattern': $special_attribute['pattern'] = isset($_special[1]) ? trim($_special[1]) : '/.*?/'; 236 break; 237 } 238 } 239 } 240 } 241 $content['form']["fields"][$field_counter]['value'] = ''; 242 if(isset($special_attribute)) { 243 foreach($special_attribute as $_special_key => $_special) { 244 if($_special) { 245 $content['form']["fields"][$field_counter]['value'] .= $_special_key.'="'.$_special.'"'."\n"; 246 } 247 } 248 $content['form']["fields"][$field_counter]['value'] = trim($content['form']["fields"][$field_counter]['value']); 249 unset($special_attribute, $_special, $_special_key); 250 } 251 $content['form']["fields"][$field_counter]['size'] = intval($_POST['cform_field_size'][$key]) ? intval($_POST['cform_field_size'][$key]) : ''; 252 $content['form']["fields"][$field_counter]['max'] = intval($_POST['cform_field_max'][$key]) ? intval($_POST['cform_field_max'][$key]) : ''; 253 break; 254 255 case 'email' : /* 256 * Email 257 */ 258 $content['form']["fields"][$field_counter]['value'] = str_replace("\r\n", ' ', $content['form']["fields"][$field_counter]['value']); 259 $content['form']["fields"][$field_counter]['value'] = str_replace("\r", ' ', $content['form']["fields"][$field_counter]['value']); 260 $content['form']["fields"][$field_counter]['value'] = str_replace("\n", ' ', $content['form']["fields"][$field_counter]['value']); 261 262 $content['form']["fields"][$field_counter]['size'] = intval($_POST['cform_field_size'][$key]) ? intval($_POST['cform_field_size'][$key]) : ''; 263 $content['form']["fields"][$field_counter]['max'] = intval($_POST['cform_field_max'][$key]) ? intval($_POST['cform_field_max'][$key]) : ''; 264 break; 265 266 case 'textarea' : /* 267 * Textarea 268 */ 269 $content['form']["fields"][$field_counter]['size'] = intval($_POST['cform_field_size'][$key]) ? intval($_POST['cform_field_size'][$key]) : ''; 270 $content['form']["fields"][$field_counter]['max'] = intval($_POST['cform_field_max'][$key]) ? intval($_POST['cform_field_max'][$key]) : 3; 271 break; 272 273 case 'hidden' : /* 274 * Hidden 275 */ 276 $content['form']["fields"][$field_counter]['size'] = ''; 277 $content['form']["fields"][$field_counter]['max'] = ''; 278 $content['form']["fields"][$field_counter]['value'] = str_replace("\r\n", ' ', $content['form']["fields"][$field_counter]['value']); 279 $content['form']["fields"][$field_counter]['value'] = str_replace("\r", ' ', $content['form']["fields"][$field_counter]['value']); 280 $content['form']["fields"][$field_counter]['value'] = str_replace("\n", ' ', $content['form']["fields"][$field_counter]['value']); 281 break; 282 283 case 'password' : /* 284 * Password 285 */ 286 $content['form']["fields"][$field_counter]['value'] = str_replace("\r\n", ' ', $content['form']["fields"][$field_counter]['value']); 287 $content['form']["fields"][