enableAddon('modules\\'.$sAddonName); $aWebsiteTitle = (defined('WEBSITE_TITLE') && WEBSITE_TITLE != '' ? WEBSITE_TITLE : $_SERVER['SERVER_NAME']); $aReplace = array('WEBSITE_TITLE' => $aWebsiteTitle ); $MOD_FORM_EMAIL_SUBJECT = replace_vars($oTrans->MOD_FORM_EMAIL_SUBJECT, $aReplace); $MOD_FORM_SUCCESS_EMAIL_TEXT = replace_vars($oTrans->MOD_FORM_SUCCESS_EMAIL_TEXT, $aReplace); $MOD_FORM_SUCCESS_EMAIL_SUBJECT = replace_vars($oTrans->MOD_FORM_SUCCESS_EMAIL_SUBJECT, $aReplace); /* print '

function '.__FUNCTION__.'( '.''.' );  filename: '.basename(__FILE__).'  line: '.__LINE__.' -> 
';
print_r( $oTrans ); print '

'; flush (); // ob_flush();;sleep(10); die(); */ function removebreaks($value) { return trim(preg_replace('=((||0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i', null, $value)); } function checkbreaks($value) { return $value === removebreaks($value); } $aSuccess =array(); if (!function_exists('emailAdmin')) { function emailAdmin() { global $database,$wb; $retval = $wb->get_email(); if($wb->get_user_id()!='1') { $sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ' . 'WHERE `user_id`=\'1\' '; $retval = $database->get_one($sql); } return $retval; } } $emailAdmin = (function () use ( $database, $wb ) { $retval = $wb->get_email(); if($wb->get_user_id()!='1') { $sql = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` ' . 'WHERE `user_id`=\'1\' '; $retval = $database->get_one($sql); } return $retval; }); // Function for generating an optionsfor a select field if (!function_exists('make_option')) { function make_option(&$n, $k, $values) { // start option group if it exists if (substr($n,0,2) == '[=') { $n = ''; } elseif ($n == ']') { $n = ''."\n"; } else { if(in_array($n, $values)) { $n = ''."\n"; } else { $n = ''."\n"; } } } } // Function for generating a checkbox if (!function_exists('make_checkbox')) { function make_checkbox(&$key, $idx, $params) { $field_id = $params[0][0]; $seperator = $params[0][1]; $label_id = 'wb_'.preg_replace('/[^a-z0-9]/i', '_', $key).$field_id; if(in_array($key, $params[1])) { $key = ''.PHP_EOL.''.$key.''.$seperator; } else { $key = ''.PHP_EOL.''.$key.''.$seperator; } } } // Function for generating a radio button if (!function_exists('make_radio')) { function make_radio(&$n, $idx, $params) { $field_id = $params[0]; $group = $params[1]; $seperator = $params[2]; $label_id = 'wb_'.preg_replace('/[^a-z0-9]/i', '_', $n).$field_id; if($n == $params[3]) { $n = ''.PHP_EOL.''.$n.''.$seperator; } else { $n = ''.PHP_EOL.''.$n.''.$seperator; } } } if (!function_exists("new_submission_id") ) { function new_submission_id() { $submission_id = ''; $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $submission_id = $submission_id . $tmp; $i++; } return $submission_id; } } $sRecallUrl = WB_URL.PAGES_DIRECTORY.$wb->page['link'].PAGE_EXTENSION ; // Work-out if the form has been submitted or not if($_POST == array()) { require_once(WB_PATH.'/include/captcha/captcha.php'); // Set new submission ID in session $_SESSION['form_submission_id'] = new_submission_id(); $out = ''; $header = ''; $field_loop = ''; $footer = ''; $form_name = 'form'; $use_xhtml_strict = false; // Get settings $sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_settings` ' . 'WHERE section_id = '.(int)$section_id.' '; if($oSetting = $database->query($sql)) { if($oSetting->numRows() > 0) // $query_settings $fetch_settings { $aSettings = $oSetting->fetchRow(MYSQLI_ASSOC); $header = str_replace('{WB_URL}',WB_URL, $aSettings['header']); $field_loop = $aSettings['field_loop']; $footer = str_replace('{WB_URL}',WB_URL, $aSettings['footer']); $use_captcha = $aSettings['use_captcha']; $form_name = 'form'; $use_xhtml_strict = false; $page_id = $aSettings['page_id']; } } // do not use sec_anchor, can destroy some layouts // Get list of fields $sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_fields` ' . 'WHERE section_id = '.$section_id.' ' . 'ORDER BY position ASC '; if($query_fields = $database->query($sql)) { if($query_fields->numRows() > 0) { $sScriptUrl = $_SERVER['SCRIPT_NAME']; $sActionUrl = $sScriptUrl; ?>

0) AND (false == $use_xhtml_strict) ) ? "id=\"".$form_name.$section_id."\"" : ""); ?> action="" method="post"> getFTAN(); ?>

'."\n"; } ?>

email address: Leave this field email-address blank:
Homepage: Leave this field homepage blank:
URL: Leave this field url blank:
Comment: Leave this field comment blank:

fetchRow(MYSQLI_ASSOC)) { // Set field values $field_id = $field['field_id']; $value = $field['value']; // Print field_loop after replacing vars with values $vars = array('{TITLE}', '{REQUIRED}'); if (($field['type'] == "radio") || ($field['type'] == "checkbox")) { $field_title = PHP_EOL.''.$field['title'].''.PHP_EOL; } elseif($field['type'] == 'heading') { $field_title = PHP_EOL.''.$field['title'].''.PHP_EOL; } else { $field_title = PHP_EOL.''.$field['title'].''.PHP_EOL; } $values = array($field_title); if ($field['required'] == 1) { $values[] = '*'; } else { $values[] = ''; } if($field['type'] == 'textfield') { $vars[] = '{FIELD}'; $max_lenght_para = (intval($field['extra']) ? ' maxlength="'.intval($field['extra']).'"' : ''); $values[] = ''; } elseif($field['type'] == 'textarea') { $vars[] = '{FIELD}'; $values[] = ''; } elseif($field['type'] == 'select') { $vars[] = '{FIELD}'; $options = explode(',', $value); array_walk($options, 'make_option', (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array())); $field['extra'] = explode(',',$field['extra']); $field['extra'][1] = ($field['extra'][1]=='multiple') ? $field['extra'][1].'="'.$field['extra'][1].'"' : ''; $values[] = ''."\n"; } elseif($field['type'] == 'heading') { $vars[] = '{FIELD}'; $str = ''; $values[] = ( true == $use_xhtml_strict) ? "

".$str."

" : $str; $tmp_field_loop = $field_loop; // temporarily modify the field loop template $field_loop = $field['extra']; } elseif($field['type'] == 'checkbox') { $vars[] = '{FIELD}'; $options = explode(',', $value); array_walk($options, 'make_checkbox', array(array($field_id,$field['extra']),(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array()))); // array_walk($options, 'make_radio', array($field_id,$field['title'],$field['extra'], (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array()))); $x = sizeof($options)-1; $options[$x]=substr($options[$x],0,strlen($options[$x])); $values[] = implode($options); } elseif($field['type'] == 'radio') { $vars[] = '{FIELD}'; $options = explode(',', $value); array_walk($options, 'make_radio', array($field_id,$field['title'],$field['extra'], (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:''))); $x = sizeof($options)-1; $options[$x]=substr($options[$x],0,strlen($options[$x])); $values[] = implode($options); } elseif($field['type'] == 'email') { $vars[] = '{FIELD}'; $max_lenght_para = (intval($field['extra']) ? ' maxlength="'.intval($field['extra']).'"' : ''); $values[] = ''; } if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]); if($field['type'] != '') { echo str_replace($vars, $values, $field_loop); } if (isset($tmp_field_loop)){ $field_loop = $tmp_field_loop; } } // end while // Captcha if($use_captcha) { ?> TEXT_VERIFICATION; ?>: MOD_FORM_SUBMIT_FORM, $footer); echo $out; // Add form end code ?>

false, 'mail_replyto' => '', 'mail_replyName' => '', ); $mail_replyto = ''; $mail_replyName = ''; if ($wb->is_authenticated() && $wb->get_email()) { $mail_replyto = $wb->get_email(); $mail_replyName = htmlspecialchars($database->escapeString($wb->get_display_name())); $aMailValues = array ( 'is_authenticated' => true, 'mail_replyto' => $mail_replyto, 'mail_replyName' => $mail_replyName, ); } // Set new submission ID in session $_SESSION['form_submission_id'] = new_submission_id(); /* */ if(ENABLED_ASP && ( // form faked? Check the honeypot-fields. (!isset($_POST['submitted_when']) OR !isset($_SESSION['submitted_when'])) OR ($_POST['submitted_when'] != $_SESSION['submitted_when']) OR (!isset($_POST['email']) OR $_POST['email']) OR (!isset($_POST['homepage']) OR $_POST['homepage']) OR (!isset($_POST['comment']) OR $_POST['comment']) OR (!isset($_POST['url']) OR $_POST['url']) )) { // spam header("Location: ".WB_URL.""); exit(); } // First start message settings $sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_settings` ' . 'WHERE `section_id` = '.(int)$section_id.''; if($oSetting = $database->query($sql) ) { if($oSetting->numRows() > 0) { $aSettings = $oSetting->fetchRow(MYSQLI_ASSOC); // who should manage the formular $email_to = (($aSettings['email_to'] != '') ? $aSettings['email_to'] : $emailAdmin()); $mail_replyName = $email_toname = @$_SESSION['DISPLAY_NAME']?:$oTrans->TEXT_GUEST; // where the formular comes from $email_from = $database->escapeString(SERVER_EMAIL); $email_fromname = $aSettings['email_fromname']; if(substr($email_fromname, 0, 5) == 'field') { // Set the email_fromname to field to what the user entered in the specified field $email_fromname = htmlspecialchars($database->escapeString($_POST[$email_fromname])); } $email_subject = (($aSettings['email_subject'] != '') ? $aSettings['email_subject'] : $MOD_FORM_EMAIL_SUBJECT); $success_page = $aSettings['success_page']; $success_email_to = $mail_replyto; $success_email_toName = $mail_replyName; $success_email_from = $database->escapeString(SERVER_EMAIL); $success_email_fromname = $aSettings['success_email_fromname']; if ($mail_replyto == '') { $success_email_to = (($aSettings['success_email_to'] != '') ? $aSettings['success_email_to'] : ''); if(substr($success_email_to, 0, 5) == 'field') { // Set the success_email to field to what the user entered in the specified field $success_email_to = htmlspecialchars($database->escapeString($_POST[$success_email_to])); $mail_replyto = ($aMailValues['is_authenticated']?$mail_replyto:$success_email_to); } // $success_email_to = ''; } $success_email_text = $aSettings['success_email_text']; $success_email_text = (($success_email_text != '') ? $success_email_text : $MOD_FORM_SUCCESS_EMAIL_TEXT); $success_email_subject = (($aSettings['success_email_subject'] != '') ? $aSettings['success_email_subject'] : $MOD_FORM_SUCCESS_EMAIL_SUBJECT); $max_submissions = $aSettings['max_submissions']; $stored_submissions = $aSettings['stored_submissions']; $use_captcha = $aSettings['use_captcha']; } else { exit($oTrans->TEXT_UNDER_CONSTRUCTION); } } $email_body = ''; // Create blank "required" array $aRequired = array(); // Captcha if($use_captcha) { if(isset($_POST['captcha']) && $_POST['captcha'] != ''){ // Check for a mismatch get email user_id if(!isset($_POST['captcha']) || !isset($_SESSION['captcha']) || $_POST['captcha'] != $_SESSION['captcha']) { $replace = array('webmaster_email' => $emailAdmin() ); $captcha_error = replace_vars($oTrans->MOD_FORM_INCORRECT_CAPTCHA, $replace); $aRequired[]= ''; } } else { $replace = array('webmaster_email'=>$emailAdmin() ); $captcha_error = replace_vars($oTrans->MOD_FORM_INCORRECT_CAPTCHA,$replace ); $aRequired[]= ''; } } if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); } // Loop through fields and add to message body // Get list of fields $sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_fields` ' . 'WHERE `section_id` = '.(int)$section_id.' ' . 'ORDER BY position ASC'; if($oField = $database->query($sql)) { while($aFields = $oField->fetchRow(MYSQLI_ASSOC)) { // Add to message body $field if($aFields['type'] != '') { if(!empty($_POST['field'.$aFields['field_id']])) { $sPostVar = ''; $aPostVar['field'.$aFields['field_id']] = array(); // do not allow code in user input! if (is_array($_POST['field'.$aFields['field_id']])) { foreach ($_POST['field'.$aFields['field_id']] as $key=>$val) { $aPostVar['field'.$aFields['field_id']][$key] = $wb->strip_slashes($wb->StripCodeFromText($val),true); } $_SESSION['field'.$aFields['field_id']] = $aPostVar['field'.$aFields['field_id']]; } else { $sPostVar = $wb->strip_slashes($wb->StripCodeFromText($wb->get_post('field'.$aFields['field_id']),true)); $_SESSION['field'.$aFields['field_id']] = $sPostVar; } if($aFields['type'] == 'email' AND $wb->validate_email($sPostVar) == false) { $email_error = $MESSAGE['USERS_INVALID_EMAIL']; $aRequired[]= ''; } if($aFields['type'] == 'heading') { $email_body .= $sPostVar."\n\n"; } elseif (($sPostVar!='')) { $email_body .= $aFields['title'].": ".$sPostVar."\n\n"; } elseif(sizeof($aPostVar['field'.$aFields['field_id']] > 0) ) { $email_body .= $aFields['title'].": "; foreach ($aPostVar['field'.$aFields['field_id']] as $key=>$val) { $email_body .= $val."\n"; } $email_body .= "\n"; } } elseif($aFields['required'] == 1) { $aRequired[] = $aFields['title']; } } } // while } // query // only for dump to test if all parameters are set $aMailValues = array_merge ( $aMailValues, array ( 'email_from' => $email_from, 'email_to' => $email_to, 'email_subject' => $email_subject, 'email_body' => $email_body, 'email_fromname' => $email_fromname, 'email_toname' => $email_toname, 'mail_replyto' => $mail_replyto, 'mail_replyName' => $mail_replyName, 'success_page' => $success_page, 'SERVER_EMAIL' => SERVER_EMAIL, 'success_email_from' => $success_email_from, 'success_email_to' => $success_email_to, 'success_email_subject' => $success_email_subject, 'success_email_text' => $success_email_text."\n".$email_body.$oTrans->MOD_FORM_SUCCESS_EMAIL_TEXT_GENERATED, 'success_email_toName' => $success_email_toName, 'success_email_fromname' => $success_email_fromname, ) ); // Check if the user forgot to enter values into all the required fields if(sizeof($aRequired )) { echo "

\n"; if(!isset($oTrans->MESSAGE_MOD_FORM_REQUIRED_FIELDS)) { echo '

You must enter details for the following fields

'; } else { echo '

'.$oTrans->MESSAGE_MOD_FORM_REQUIRED_FIELDS.'

'; } echo "

'.$field_title."
'.$email_error."
'.$captcha_error."

\n"; echo "

\n"; echo '

'.$oTrans->TEXT_BACK.'

'."\n"; } else { if(isset($email_error)) { echo "

\n"; echo '

'.$email_error.'

'."\n"; echo "

\n"; echo '

'.$oTrans->TEXT_BACK.'

'."\n"; } elseif(isset($captcha_error)) { echo "

\n"; echo '

'.$captcha_error.'

'."\n"; echo "

\n"; echo '

'.$oTrans->TEXT_BACK.'

'."\n"; } else { $success = false; // Check how many times form has been submitted in last hour $last_hour = time()-3600; $sql = 'SELECT `submission_id` FROM `'.TABLE_PREFIX.'mod_form_submissions` ' . 'WHERE `submitted_when` >= '.$last_hour.''; if($oSubmissions = $database->query($sql)) { if($oSubmissions->numRows() > $max_submissions) { // Too many submissions so far this hour echo $oTrans->MESSAGE_MOD_FORM_EXCESS_SUBMISSIONS; $success = false; } else { // Adding the IP to the body and try to send the email // $email_body .= "\n\nIP: ".$_SERVER['REMOTE_ADDR']; $iFormRequestId = isset($_POST['fri']) ? intval($_POST['fri']) : 0; if($iFormRequestId) { $email_body .= "\n\nFormRequestID: ".$iFormRequestId; } $aAttachment=null; $aArray = array( 'SERVER_EMAIL' => SERVER_EMAIL, 'email_to' => $email_to, 'email_subject' => $email_subject, 'email_fromname' => $email_fromname, 'mail_replyto' => $mail_replyto, 'mail_replyName' => $mail_replyName, ); // $aMailValues['is_authenticated'] if($email_from != '') { if($mail_replyto != '') { // send form to admin, can replyto to given e-mail adress $success = $wb->mail( SERVER_EMAIL, $email_to, $email_subject, $email_body, $email_fromname, $email_toname, $mail_replyto, $mail_replyName, '', $aAttachment ); } else { $success = $wb->mail( $email_from, $email_to, $email_subject, $email_body, $email_fromname, $email_toname, $success_email_to, $success_email_fromname, '', $aAttachment ); } } // send only if is_authenticated if (($success==true) && $aMailValues['is_authenticated']) { $success = true; if ($success_email_to != '') { if($success_email_from != '') { // send confirmation to authenticated user -mail $success = $wb->mail( $success_email_from, $success_email_to, $success_email_subject, ($success_email_text)."\n".($email_body).$oTrans->MOD_FORM_SUCCESS_EMAIL_TEXT_GENERATED, $success_email_fromname, $success_email_toName, '', '', '', $aAttachment ); }/* else { $success = $wb->mail( SERVER_EMAIL, $success_email_to, $success_email_subject, ($success_email_text)."\n".($email_body).$oTrans->MOD_FORM_SUCCESS_EMAIL_TEXT_GENERATED, $success_email_fromname, $success_email_toName, '', '', '', $aAttachment ); }*/ } } if($success==true) { $aSuccess[] .= 'INSERT INTO '.TABLE_PREFIX.'mod_form_submissions
';; // Write submission to database if(isset($wb) AND $wb->is_authenticated() AND $wb->get_user_id() > 0) { $submitted_by = $wb->get_user_id(); } else { $submitted_by = 0; } $email_body = htmlspecialchars($wb->add_slashes($email_body)); $sql = 'INSERT INTO '.TABLE_PREFIX.'mod_form_submissions SET ' . 'page_id='.$wb->page_id.',' . 'section_id='.$section_id.',' . 'submitted_when='.time().',' . 'submitted_by=\''.$submitted_by.'\', ' . 'body=\''.$email_body.'\' '; if($database->query($sql)) { // Get the page id $iSubmissionId = intval($database->get_one("SELECT LAST_INSERT_ID()")); if(!$database->is_error()) { $success = true; } // Make sure submissions table isn't too full $query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when"); $num_submissions = $query_submissions->numRows(); if($num_submissions > $stored_submissions) { // Remove excess submission $num_to_remove = $num_submissions-$stored_submissions; while($submission = $query_submissions->fetchRow(MYSQLI_ASSOC)) { if($num_to_remove > 0) { $submission_id = $submission['submission_id']; $database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'"); $num_to_remove = $num_to_remove-1; } } } // $num_submissions } // numRows } // $success } } // end how many times form has been submitted in last hour } } // email_error } else { echo '

'."\n".'

'.$oTrans->TEXT_BACK.'

'."\n"; } $success_page = ( (isset($success_page) ) ? $success_page : $page_id); $sql = 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` ' . 'WHERE `page_id` = '.(int)$success_page; $sSuccessLink = WB_URL; // if failed set default if( ($link = $database->get_one($sql)) ) { $sSuccessLink = WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION; } // Now check if the email was sent successfully if (isset($success) && $success == true) { if (!$success_page) { // Get submission details $sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_submissions` ' . 'WHERE submission_id = '.$iSubmissionId.' '; if($query_content = $database->query($sql)) { $submission = $query_content->fetchRow(MYSQLI_ASSOC); } $Message = ''; $NixHier = 'frm-nixhier'; // Get the user details of whoever did this submission $sql = 'SELECT `username`,`display_name` FROM `'.TABLE_PREFIX.'users` ' . 'WHERE `user_id` = '.$submission['submitted_by']; if($get_user = $database->query($sql)) { if($get_user->numRows() != 0) { $user = $get_user->fetchRow(MYSQLI_ASSOC); } else { $Message = $oTrans->MOD_FORM_PRINT; $NixHier = ''; $user['display_name'] = $oTrans->TEXT_GUEST; $user['username'] = $oTrans->TEXT_UNKNOWN; } } $aSubSuccess = array(); // set template file and assign module and template block $oTpl = new Template(WB_PATH.'/modules/form/templates/default','keep'); // $tpl = new Template(dirname($admin->correct_theme_source('switchform.htt')),'keep'); $oTpl->set_file('page', 'submessage.htt'); $oTpl->debug = false; // false, true $oTpl->set_block('page', 'main_block', 'main'); $aPaths = array( 'ADMIN_URL' => ADMIN_URL, 'THEME_URL' => THEME_URL, 'MODULE_URL' => WB_URL.'/modules/form', 'WB_URL' => WB_URL ); $oTpl->set_var($aPaths); $success_email_text = preg_replace('/[\n\r]/', '',nl2br(($success_email_text))); $aDatas = array ( 'SUCCESS_EMAIL_TEXT' => $success_email_text, 'TEXT_SUBMISSION_ID' => $oTrans->TEXT_SUBMISSION_ID, 'submission_submission_id' => $submission['submission_id'], 'submission_submitted_when' => gmdate( DATE_FORMAT .', '.TIME_FORMAT, $submission['submitted_when']+TIMEZONE ), ); $oTpl->set_var($aDatas); $aLangs = array( 'TEXT_SUBMITTED' => $oTrans->TEXT_SUBMITTED, 'NIX_HIER' => $NixHier, 'TEXT_USER' => $oTrans->TEXT_USER, 'TEXT_USERNAME' => $oTrans->TEXT_USERNAME, 'TEXT_PRINT_PAGE' => $oTrans->TEXT_PRINT_PAGE, 'TEXT_REQUIRED_JS' => $oTrans->TEXT_REQUIRED_JS, 'user_display_name' => $user['display_name'], 'user_username' => $user['username'], 'SUCCESS_PRINT' => $Message, 'submission_body' => nl2br($submission['body']) ); $oTpl->set_var($aLangs); $oTpl->parse('main', 'main_block', false); $output = $oTpl->finish($oTpl->parse('output', 'page')); unset($oTpl); print $output; } else { echo ""; } // clearing session on success $sql = 'SELECT `field_id` FROM `'.TABLE_PREFIX.'mod_form_fields` ' . 'WHERE `section_id` = '.$section_id.''; $query_fields = $database->query( $sql ); while($field = $query_fields->fetchRow(MYSQLI_ASSOC)) { $field_id = $field['field_id']; if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]); } } else { if(isset($success) && $success == false) { echo '
'.$oTrans->MOD_FORM_ERROR; echo '

'."\n".'

'.$oTrans->TEXT_BACK.'

'."\n"; } } }