Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        module
5
 * @package         Form
6
 * @author          WebsiteBaker Project
7
 * @copyright       WebsiteBaker Org. e.V.
8
 * @link            http://websitebaker.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.3
11
 * @requirements    PHP 5.3.6 and higher
12
 * @version         $Id: view.php 2 2017-07-02 15:14:29Z Manuela $
13
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/trunk/modules/form/view.php $
14
 * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
15
 * @description
16
 */
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(defined('WB_PATH') == false) { die('Illegale file access /'.basename(__DIR__).'/'.basename(__FILE__).''); }
20
/* -------------------------------------------------------- */
21
// load module language file
22
$sAddonName = basename(__DIR__);
23
include_once(WB_PATH .'/framework/functions.php');
24

    
25
if (!isset($oTrans) || !($oTrans instanceof Translate)) { $oTrans = Translate::getInstance(); }
26
$oTrans->enableAddon('modules\\'.$sAddonName);
27

    
28
$aWebsiteTitle = (defined('WEBSITE_TITLE') && WEBSITE_TITLE != '' ? WEBSITE_TITLE : $_SERVER['SERVER_NAME']);
29
$aReplace = array('WEBSITE_TITLE' => $aWebsiteTitle );
30
$MOD_FORM_EMAIL_SUBJECT = replace_vars($oTrans->MOD_FORM_EMAIL_SUBJECT, $aReplace);
31
$MOD_FORM_SUCCESS_EMAIL_TEXT = replace_vars($oTrans->MOD_FORM_SUCCESS_EMAIL_TEXT, $aReplace);
32
$MOD_FORM_SUCCESS_EMAIL_SUBJECT = replace_vars($oTrans->MOD_FORM_SUCCESS_EMAIL_SUBJECT, $aReplace);
33

    
34
/*
35
print '<pre  class="mod-pre rounded">function <span>'.__FUNCTION__.'( '.''.' );</span>  filename: <span>'.basename(__FILE__).'</span>  line: '.__LINE__.' -> <br />';
36
print_r( $oTrans ); print '</pre>'; flush (); //  ob_flush();;sleep(10); die();
37
*/
38

    
39
function removebreaks($value) {
40
    return trim(preg_replace('=((<CR>|<LF>|0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i', null, $value));
41
}
42
function checkbreaks($value) {
43
    return $value === removebreaks($value);
44
}
45
$aSuccess =array();
46
if (!function_exists('emailAdmin')) {
47
    function emailAdmin() {
48
        global $database,$wb;
49
        $retval = $wb->get_email();
50
        if($wb->get_user_id()!='1') {
51
            $sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` '
52
                  . 'WHERE `user_id`=\'1\' ';
53
            $retval = $database->get_one($sql);
54
        }
55
        return $retval;
56
    }
57
}
58

    
59
   $emailAdmin = (function () use ( $database, $wb )
60
   {
61
        $retval = $wb->get_email();
62
        if($wb->get_user_id()!='1') {
63
            $sql  = 'SELECT `email` FROM `'.TABLE_PREFIX.'users` '
64
                  . 'WHERE `user_id`=\'1\' ';
65
            $retval = $database->get_one($sql);
66
        }
67
        return $retval;
68
    });
69

    
70
// Function for generating an optionsfor a select field
71
if (!function_exists('make_option')) {
72
    function make_option(&$n, $k, $values) {
73
        // start option group if it exists
74
        if (substr($n,0,2) == '[=') {
75
             $n = '<optgroup label="'.substr($n,2,strlen($n)).'">';
76
        } elseif ($n == ']') {
77
            $n = '</optgroup>'."\n";
78
        } else {
79
            if(in_array($n, $values)) {
80
                $n = '<option selected="selected" value="'.$n.'">'.$n.'</option>'."\n";
81
            } else {
82
                $n = '<option value="'.$n.'">'.$n.'</option>'."\n";
83
            }
84
        }
85
    }
86
}
87
// Function for generating a checkbox
88
if (!function_exists('make_checkbox')) {
89
    function make_checkbox(&$key, $idx, $params) {
90
        $field_id = $params[0][0];
91
        $seperator = $params[0][1];
92
        $label_id = 'wb_'.preg_replace('/[^a-z0-9]/i', '_', $key).$field_id;
93
        if(in_array($key, $params[1])) {
94
            $key = '<input class="frm-field_checkbox" type="checkbox" id="'.$label_id.'" name="field'.$field_id.'['.$idx.']" value="'.$key.'" />'.PHP_EOL.'<label for="'.$label_id.'" class="frm-checkbox_label">'.$key.'</lable>'.$seperator;
95
        } else {
96
            $key = '<input class="frm-field_checkbox" type="checkbox" id="'.$label_id.'" name="field'.$field_id.'['.$idx.']" value="'.$key.'" />'.PHP_EOL.'<label for="'.$label_id.'" class="frm-checkbox_label">'.$key.'</label>'.$seperator;
97
        }
98
    }
99
}
100
// Function for generating a radio button
101
if (!function_exists('make_radio')) {
102
    function make_radio(&$n, $idx, $params) {
103
        $field_id = $params[0];
104
        $group = $params[1];
105
        $seperator = $params[2];
106
        $label_id = 'wb_'.preg_replace('/[^a-z0-9]/i', '_', $n).$field_id;
107
        if($n == $params[3]) {
108
            $n = '<input class="frm-field_checkbox" type="radio" id="'.$label_id.'" name="field'.$field_id.'" value="'.$n.'" checked="checked" />'.PHP_EOL.'<label for="'.$label_id.'" class="frm-checkbox_label">'.$n.'</label>'.$seperator;
109
        } else {
110
            $n = '<input class="frm-field_checkbox" type="radio" id="'.$label_id.'" name="field'.$field_id.'" value="'.$n.'" />'.PHP_EOL.'<label for="'.$label_id.'" class="frm-checkbox_label">'.$n.'</label>'.$seperator;
111
        }
112
    }
113
}
114

    
115
if (!function_exists("new_submission_id") ) {
116
    function new_submission_id() {
117
        $submission_id = '';
118
        $salt = "abchefghjkmnpqrstuvwxyz0123456789";
119
        srand((double)microtime()*1000000);
120
        $i = 0;
121
        while ($i <= 7) {
122
            $num = rand() % 33;
123
            $tmp = substr($salt, $num, 1);
124
            $submission_id = $submission_id . $tmp;
125
            $i++;
126
        }
127
        return $submission_id;
128
    }
129
}
130
    $sRecallUrl = WB_URL.PAGES_DIRECTORY.$wb->page['link'].PAGE_EXTENSION ;
131
// Work-out if the form has been submitted or not
132
    if($_POST == array())
133
    {
134
        require_once(WB_PATH.'/include/captcha/captcha.php');
135

    
136
        // Set new submission ID in session
137
        $_SESSION['form_submission_id'] = new_submission_id();
138
        $out = '';
139
        $header = '';
140
        $field_loop = '';
141
        $footer = '';
142
        $form_name = 'form';
143
        $use_xhtml_strict = false;
144
        // Get settings
145
        $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_settings` '
146
              . 'WHERE section_id = '.(int)$section_id.' ';
147
        if($oSetting = $database->query($sql))
148
        {
149
            if($oSetting->numRows() > 0)    // $query_settings  $fetch_settings
150
            {
151
                $aSettings = $oSetting->fetchRow(MYSQLI_ASSOC);
152
                $header = str_replace('{WB_URL}',WB_URL, $aSettings['header']);
153
                $field_loop = $aSettings['field_loop'];
154
                $footer = str_replace('{WB_URL}',WB_URL, $aSettings['footer']);
155
                $use_captcha = $aSettings['use_captcha'];
156
                $form_name = 'form';
157
                $use_xhtml_strict = false;
158
                $page_id = $aSettings['page_id'];
159
            }
160
        }
161

    
162
    // do not use sec_anchor, can destroy some layouts
163

    
164
        // Get list of fields
165
        $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_fields` '
166
              . 'WHERE section_id = '.$section_id.' '
167
              . 'ORDER BY position ASC ';
168

    
169
        if($query_fields = $database->query($sql)) {
170
            if($query_fields->numRows() > 0) {
171
                $sScriptUrl = $_SERVER['SCRIPT_NAME'];
172
                $sActionUrl = $sScriptUrl;
173

    
174
?>
175
                <form style="float: none;" class="frm-formular" <?php echo ( ( (strlen($form_name) > 0) AND (false == $use_xhtml_strict) ) ? "id=\"".$form_name.$section_id."\"" : ""); ?> action="<?php echo $sActionUrl.'';?>" method="post">
176
<?php // echo $admin->getFTAN(); ?>
177
                <fieldset class="frm-fieldset">
178
                    <input type="hidden" name="submission_id" value="<?php echo $_SESSION['form_submission_id']; ?>" />
179
<?php
180
                    $iFormRequestId = isset($_GET['fri']) ? intval($_GET['fri']) : 0;
181
                    if($iFormRequestId) {
182
                        echo '<input type="hidden" name="fri" value="'.$iFormRequestId.'" />'."\n";
183
                    }
184
?>
185
<?php
186
                    if(ENABLED_ASP) { // first add some honeypot-fields
187
?>
188
                        <input type="hidden" name="submitted_when" value="<?php $t=time(); echo $t; $_SESSION['submitted_when']=$t; ?>" />
189
                        <p class="nixhier">
190
                        email address:
191
                        <label for="email">Leave this field email-address blank:</label>
192
                        <input id="email" name="email" size="56" value="" /><br />
193
                        Homepage:
194
                        <label for="homepage">Leave this field homepage blank:</label>
195
                        <input id="homepage" name="homepage" size="55" value="" /><br />
196
                        URL:
197
                        <label for="url">Leave this field url blank:</label>
198
                        <input id="url" name="url" size="61" value="" /><br />
199
                        Comment:
200
                        <label for="comment">Leave this field comment blank:</label>
201
                        <textarea id="comment" name="comment" cols="50" rows="10"></textarea><br />
202
                        </p>
203
<?php }
204

    
205
        // Print header  MYSQL_ASSOC
206
               echo $header."\n";
207
                while($field = $query_fields->fetchRow(MYSQLI_ASSOC)) {
208
                    // Set field values
209
                    $field_id = $field['field_id'];
210
                    $value = $field['value'];
211
                    // Print field_loop after replacing vars with values
212
                    $vars = array('{TITLE}', '{REQUIRED}');
213
                    if (($field['type'] == "radio") || ($field['type'] == "checkbox")) {
214
                        $field_title = PHP_EOL.'<label>'.$field['title'].'</label>'.PHP_EOL;
215
                    } elseif($field['type'] == 'heading') {
216
                        $field_title = PHP_EOL.'<label>'.$field['title'].'</label>'.PHP_EOL;
217
                    } else {
218
                        $field_title = PHP_EOL.'<label for="field'.$field_id.'">'.$field['title'].'</label>'.PHP_EOL;
219
                    }
220
                    $values = array($field_title);
221
                    if ($field['required'] == 1) {
222
                        $values[] = '<span class="frm-required">*</span>';
223
                    } else {
224
                        $values[] = '';
225
                    }
226
                    if($field['type'] == 'textfield') {
227
                        $vars[] = '{FIELD}';
228
                        $max_lenght_para = (intval($field['extra']) ? ' maxlength="'.intval($field['extra']).'"' : '');
229
                        $values[] = '<input type="text" name="field'.$field_id.'" id="field'.$field_id.'"'.$max_lenght_para.' value="'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:$value).'" class="frm-textfield" />';
230
                    } elseif($field['type'] == 'textarea') {
231
                        $vars[] = '{FIELD}';
232
                        $values[] = '<textarea name="field'.$field_id.'" id="field'.$field_id.'" class="frm-textarea" cols="30" rows="8">'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:$value).'</textarea>';
233
                    } elseif($field['type'] == 'select') {
234
                        $vars[] = '{FIELD}';
235
                        $options = explode(',', $value);
236
                        array_walk($options, 'make_option', (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array()));
237
                        $field['extra'] = explode(',',$field['extra']);
238
                        $field['extra'][1] = ($field['extra'][1]=='multiple') ? $field['extra'][1].'="'.$field['extra'][1].'"' : '';
239
                        $values[] = '<select name="field'.$field_id.'[]" id="field'.$field_id.'" size="'.$field['extra'][0].'" '.$field['extra'][1].' class="frm-select">'.implode($options).'</select>'."\n";
240
                    } elseif($field['type'] == 'heading') {
241
                        $vars[] = '{FIELD}';
242
                        $str = '<input type="hidden" name="field'.$field_id.'" id="field'.$field_id.'" value="===['.$field['title'].']===" />';
243
                        $values[] = ( true == $use_xhtml_strict) ? "<div>".$str."</div>" : $str;
244
                        $tmp_field_loop = $field_loop;        // temporarily modify the field loop template
245
                        $field_loop = $field['extra'];
246
                    } elseif($field['type'] == 'checkbox') {
247
                        $vars[] = '{FIELD}';
248
                        $options = explode(',', $value);
249
                        array_walk($options, 'make_checkbox', array(array($field_id,$field['extra']),(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array())));
250
    //                    array_walk($options, 'make_radio', array($field_id,$field['title'],$field['extra'], (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array())));
251
                        $x = sizeof($options)-1;
252
                        $options[$x]=substr($options[$x],0,strlen($options[$x]));
253
                        $values[] = implode($options);
254
                    } elseif($field['type'] == 'radio') {
255
                        $vars[] = '{FIELD}';
256
                        $options = explode(',', $value);
257
                        array_walk($options, 'make_radio', array($field_id,$field['title'],$field['extra'], (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:'')));
258
                        $x = sizeof($options)-1;
259
                        $options[$x]=substr($options[$x],0,strlen($options[$x]));
260
                        $values[] = implode($options);
261
                    } elseif($field['type'] == 'email') {
262
                        $vars[] = '{FIELD}';
263
                        $max_lenght_para = (intval($field['extra']) ? ' maxlength="'.intval($field['extra']).'"' : '');
264
                        $values[] = '<input type="text" name="field'.$field_id.'" id="field'.$field_id.'" value="'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:'').'"'.$max_lenght_para.' class="frm-email" />';
265
                    }
266
                    if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]);
267
                    if($field['type'] != '') {
268
                        echo str_replace($vars, $values, $field_loop);
269
                    }
270
                    if (isset($tmp_field_loop)){ $field_loop = $tmp_field_loop; }
271
                } // end while
272
                // Captcha
273
                if($use_captcha) { ?>
274
                    <tr>
275
                    <td class="frm-field_title"><label><?php echo $oTrans->TEXT_VERIFICATION; ?></label>:</td>
276
                    <td><?php call_captcha(); ?></td>
277
                    </tr>
278
                    <?php
279
                }
280
            // Print footer
281
            // $out = $footer.PHP_EOL;
282
            $out .= str_replace('{SUBMIT_FORM}', $oTrans->MOD_FORM_SUBMIT_FORM, $footer);
283
            echo $out;
284
    // Add form end code
285
?>
286
            </fieldset>
287
    </form>
288
<?php
289
            }
290
        }
291
    } else {  // $_POST form was send
292
    // Check that submission ID matches
293
    if( isset($_SESSION['form_submission_id'])
294
        && isset($_POST['submission_id'])
295
        && ($_SESSION['form_submission_id'] == $_POST['submission_id'])
296
    ) {
297
        $aMailValues = array();
298
        $aMailValues = array (
299
            'is_authenticated' => false,
300
            'mail_replyto' => '',
301
            'mail_replyName' => '',
302
        );
303
        $mail_replyto = '';
304
        $mail_replyName = '';
305

    
306
        if ($wb->is_authenticated() && $wb->get_email()) {
307
          $mail_replyto = $wb->get_email();
308
          $mail_replyName = htmlspecialchars($database->escapeString($wb->get_display_name()));
309
          $aMailValues = array (
310
              'is_authenticated' => true,
311
              'mail_replyto' => $mail_replyto,
312
              'mail_replyName' => $mail_replyName,
313
          );
314
        }
315

    
316
        // Set new submission ID in session
317
        $_SESSION['form_submission_id'] = new_submission_id();
318
/* */
319
        if(ENABLED_ASP && ( // form faked? Check the honeypot-fields.
320
            (!isset($_POST['submitted_when']) OR !isset($_SESSION['submitted_when'])) OR
321
            ($_POST['submitted_when'] != $_SESSION['submitted_when']) OR
322
            (!isset($_POST['email']) OR $_POST['email']) OR
323
            (!isset($_POST['homepage']) OR $_POST['homepage']) OR
324
            (!isset($_POST['comment']) OR $_POST['comment']) OR
325
            (!isset($_POST['url']) OR $_POST['url'])
326
        )) {
327
            // spam
328
            header("Location: ".WB_URL."");
329
            exit();
330
        }
331
        // First start message settings
332
        $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_settings` '
333
              . 'WHERE `section_id` = '.(int)$section_id.'';
334
        if($oSetting = $database->query($sql) )
335
        {
336
            if($oSetting->numRows() > 0)
337
            {
338
                $aSettings = $oSetting->fetchRow(MYSQLI_ASSOC);
339
                // who should manage the formular
340
                $email_to = (($aSettings['email_to'] != '') ? $aSettings['email_to'] : $emailAdmin());
341
                $mail_replyName = $email_toname = @$_SESSION['DISPLAY_NAME']?:$oTrans->TEXT_GUEST;
342
                // where the formular comes from
343
                $email_from = $database->escapeString(SERVER_EMAIL);
344
                $email_fromname = $aSettings['email_fromname'];
345

    
346
                if(substr($email_fromname, 0, 5) == 'field') {
347
                    // Set the email_fromname to field to what the user entered in the specified field
348
                    $email_fromname = htmlspecialchars($database->escapeString($_POST[$email_fromname]));
349
                }
350

    
351
                $email_subject = (($aSettings['email_subject'] != '') ? $aSettings['email_subject'] : $MOD_FORM_EMAIL_SUBJECT);
352
                $success_page = $aSettings['success_page'];
353
                $success_email_to = $mail_replyto;
354
                $success_email_toName = $mail_replyName;
355
                $success_email_from = $database->escapeString(SERVER_EMAIL);
356
                $success_email_fromname = $aSettings['success_email_fromname'];
357

    
358
                if ($mail_replyto == '') {
359
                    $success_email_to = (($aSettings['success_email_to'] != '') ? $aSettings['success_email_to'] : '');
360
                    if(substr($success_email_to, 0, 5) == 'field') {
361
                        // Set the success_email to field to what the user entered in the specified field
362
                        $success_email_to = htmlspecialchars($database->escapeString($_POST[$success_email_to]));
363
                        $mail_replyto = ($aMailValues['is_authenticated']?$mail_replyto:$success_email_to);
364
                    }
365
//                    $success_email_to = '';
366
                }
367

    
368
                $success_email_text = $aSettings['success_email_text'];
369
                $success_email_text = (($success_email_text != '') ? $success_email_text : $MOD_FORM_SUCCESS_EMAIL_TEXT);
370

    
371
                $success_email_subject = (($aSettings['success_email_subject'] != '') ? $aSettings['success_email_subject'] : $MOD_FORM_SUCCESS_EMAIL_SUBJECT);
372
                $max_submissions = $aSettings['max_submissions'];
373
                $stored_submissions = $aSettings['stored_submissions'];
374
                $use_captcha = $aSettings['use_captcha'];
375

    
376
            } else {
377
                exit($oTrans->TEXT_UNDER_CONSTRUCTION);
378
            }
379
        }
380

    
381
        $email_body = '';
382
        // Create blank "required" array
383
        $aRequired = array();
384

    
385
        // Captcha
386
        if($use_captcha) {
387
            if(isset($_POST['captcha']) && $_POST['captcha'] != ''){
388
                // Check for a mismatch get email user_id
389
                if(!isset($_POST['captcha']) || !isset($_SESSION['captcha']) || $_POST['captcha'] != $_SESSION['captcha']) {
390
                    $replace = array('webmaster_email' => $emailAdmin() );
391
                    $captcha_error = replace_vars($oTrans->MOD_FORM_INCORRECT_CAPTCHA, $replace);
392
                    $aRequired[]= '';
393
                }
394
            } else {
395
                $replace = array('webmaster_email'=>$emailAdmin() );
396
                $captcha_error = replace_vars($oTrans->MOD_FORM_INCORRECT_CAPTCHA,$replace );
397
                $aRequired[]= '';
398
            }
399
        }
400
        if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
401

    
402
        // Loop through fields and add to message body
403
        // Get list of fields
404
        $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_fields` '
405
              . 'WHERE `section_id` = '.(int)$section_id.' '
406
              . 'ORDER BY position ASC';
407
        if($oField = $database->query($sql))
408
        {
409
            while($aFields = $oField->fetchRow(MYSQLI_ASSOC))
410
            {
411
                // Add to message body $field
412
                if($aFields['type'] != '') {
413
                    if(!empty($_POST['field'.$aFields['field_id']]))
414
                    {
415
                        $sPostVar = '';
416
                        $aPostVar['field'.$aFields['field_id']] = array();
417
                        // do not allow code in user input!
418
                        if (is_array($_POST['field'.$aFields['field_id']])) {
419

    
420
                            foreach ($_POST['field'.$aFields['field_id']] as $key=>$val) {
421
                                $aPostVar['field'.$aFields['field_id']][$key] =  $wb->strip_slashes($wb->StripCodeFromText($val),true);
422
                            }
423
                            $_SESSION['field'.$aFields['field_id']] = $aPostVar['field'.$aFields['field_id']];
424
                        } else {
425
                            $sPostVar = $wb->strip_slashes($wb->StripCodeFromText($wb->get_post('field'.$aFields['field_id']),true));
426
                            $_SESSION['field'.$aFields['field_id']] = $sPostVar;
427
                        }
428

    
429
                        if($aFields['type'] == 'email' AND $wb->validate_email($sPostVar) == false) {
430
                            $email_error = $MESSAGE['USERS_INVALID_EMAIL'];
431
                            $aRequired[]= '';
432
                        }
433
                        if($aFields['type'] == 'heading') {
434
                            $email_body .= $sPostVar."\n\n";
435

    
436
                        } elseif (($sPostVar!='')) {
437
                            $email_body .= $aFields['title'].": ".$sPostVar."\n\n";
438
                        } elseif(sizeof($aPostVar['field'.$aFields['field_id']] > 0) ) {
439
                            $email_body .= $aFields['title'].": ";
440
                            foreach ($aPostVar['field'.$aFields['field_id']] as $key=>$val) {
441
                                $email_body .= $val."\n";
442
                            }
443
                            $email_body .= "\n";
444
                        }
445

    
446
                    } elseif($aFields['required'] == 1) {
447
                        $aRequired[] = $aFields['title'];
448
                    }
449
                }
450
            } //  while
451
        } //  query
452

    
453
// only for dump to test if all parameters are set
454
                $aMailValues = array_merge (
455
                        $aMailValues,
456
                        array (
457
                        'email_from' => $email_from,
458
                        'email_to' => $email_to,
459
                        'email_subject' => $email_subject,
460
                        'email_body' => $email_body,
461
                        'email_fromname' => $email_fromname,
462
                        'email_toname' => $email_toname,
463
                        'mail_replyto' => $mail_replyto,
464
                        'mail_replyName' => $mail_replyName,
465
                        'success_page' => $success_page,
466
                        'SERVER_EMAIL' => SERVER_EMAIL,
467
                        'success_email_from' => $success_email_from,
468
                        'success_email_to' => $success_email_to,
469
                        'success_email_subject' => $success_email_subject,
470
                        'success_email_text' => $success_email_text."\n".$email_body.$oTrans->MOD_FORM_SUCCESS_EMAIL_TEXT_GENERATED,
471
                        'success_email_toName' => $success_email_toName,
472
                        'success_email_fromname' => $success_email_fromname,
473
                        )
474
                );
475

    
476
// Check if the user forgot to enter values into all the required fields
477
        if(sizeof($aRequired )) {
478
            echo "<div class=\"frm-warning\">\n";
479
            if(!isset($oTrans->MESSAGE_MOD_FORM_REQUIRED_FIELDS)) {
480
                echo '<h3>You must enter details for the following fields</h3>';
481
            } else {
482
                echo '<h3>'.$oTrans->MESSAGE_MOD_FORM_REQUIRED_FIELDS.'</h3>';
483
            }
484
            echo "<ol>\n";
485
            foreach($aRequired AS $field_title) {
486
                if($field_title!=''){
487
                    echo '<li>'.$field_title."</li>\n";
488
                }
489
            }
490
            if(isset($email_error)) {
491
                echo '<li>'.$email_error."</li>\n";
492
            }
493
            if(isset($captcha_error)) {
494
                echo '<li>'.$captcha_error."</li>\n";
495
            }
496
            // Create blank "required" array
497
            $aRequired = array();
498
            echo "</ol>\n";
499
            echo "</div>\n";
500
            echo '<p class="frm-warning"><a href="'.$sRecallUrl.'">'.$oTrans->TEXT_BACK.'</a></p>'."\n";
501
        } else {
502
            if(isset($email_error)) {
503
            echo "<div class=\"frm-warning\">\n";
504
                echo '<br /><ol>'."\n";
505
                echo '<li>'.$email_error.'</li>'."\n";
506
                echo '</ol>'."\n";
507
            echo "</div>\n";
508
                echo '<p class="frm-warning"><a href="'.$sRecallUrl.'">'.$oTrans->TEXT_BACK.'</a></p>'."\n";
509
            } elseif(isset($captcha_error)) {
510
            echo "<div class=\"frm-warning\">\n";
511
                echo '<br /><ol>'."\n";
512
                echo '<li>'.$captcha_error.'</li>'."\n";
513
                echo '</ol>'."\n";
514
            echo "</div>\n";
515
                echo '<p class="frm-warning"><a href="'.$sRecallUrl.'">'.$oTrans->TEXT_BACK.'</a></p>'."\n";
516
            } else {
517
                $success = false;
518
// Check how many times form has been submitted in last hour
519
                $last_hour = time()-3600;
520
                $sql  = 'SELECT `submission_id` FROM `'.TABLE_PREFIX.'mod_form_submissions` '
521
                      . 'WHERE `submitted_when` >= '.$last_hour.'';
522
                if($oSubmissions = $database->query($sql))
523
                {
524
                    if($oSubmissions->numRows() > $max_submissions)
525
                    {
526
// Too many submissions so far this hour
527
                        echo $oTrans->MESSAGE_MOD_FORM_EXCESS_SUBMISSIONS;
528
                        $success = false;
529
                    } else {
530
                        // Adding the IP to the body and try to send the email
531
                        // $email_body .= "\n\nIP: ".$_SERVER['REMOTE_ADDR'];
532
                        $iFormRequestId = isset($_POST['fri']) ? intval($_POST['fri']) : 0;
533
                        if($iFormRequestId) {
534
                            $email_body .= "\n\nFormRequestID: ".$iFormRequestId;
535
                        }
536
                        $aAttachment=null;
537
                        $aArray = array(
538
                            'SERVER_EMAIL' => SERVER_EMAIL,
539
                            'email_to' => $email_to,
540
                            'email_subject' => $email_subject,
541
                            'email_fromname' => $email_fromname,
542
                            'mail_replyto' => $mail_replyto,
543
                            'mail_replyName' => $mail_replyName,
544
                            );
545

    
546
// $aMailValues['is_authenticated']
547
                        if($email_from != '') {
548
                            if($mail_replyto != '') {
549
                                // send form to admin, can replyto to given e-mail adress
550
                                $success = $wb->mail(
551
                                    SERVER_EMAIL,
552
                                    $email_to,
553
                                    $email_subject,
554
                                    $email_body,
555
                                    $email_fromname,
556
                                    $email_toname,
557
                                    $mail_replyto,
558
                                    $mail_replyName,
559
                                    '',
560
                                    $aAttachment
561
                                );
562
                            } else {
563
                                $success = $wb->mail(
564
                                    $email_from,
565
                                    $email_to,
566
                                    $email_subject,
567
                                    $email_body,
568
                                    $email_fromname,
569
                                    $email_toname,
570
                                    $success_email_to,
571
                                    $success_email_fromname,
572
                                    '',
573
                                    $aAttachment
574
                                );
575
                            }
576
                        }
577
// send only if is_authenticated
578
                        if (($success==true) && $aMailValues['is_authenticated'])
579
                        {
580
                            $success = true;
581
                            if ($success_email_to != '')
582
                            {
583
                                if($success_email_from != '')
584
                                {
585
                                // send confirmation to authenticated user -mail
586
                                    $success = $wb->mail(
587
                                        $success_email_from,
588
                                        $success_email_to,
589
                                        $success_email_subject,
590
                                        ($success_email_text)."\n".($email_body).$oTrans->MOD_FORM_SUCCESS_EMAIL_TEXT_GENERATED,
591
                                        $success_email_fromname,
592
                                        $success_email_toName,
593
                                        '',
594
                                        '',
595
                                        '',
596
                                        $aAttachment
597
                                    );
598
                                }/* else {
599
                                    $success = $wb->mail(
600
                                        SERVER_EMAIL,
601
                                        $success_email_to,
602
                                        $success_email_subject,
603
                                        ($success_email_text)."\n".($email_body).$oTrans->MOD_FORM_SUCCESS_EMAIL_TEXT_GENERATED,
604
                                        $success_email_fromname,
605
                                        $success_email_toName,
606
                                        '',
607
                                        '',
608
                                        '',
609
                                        $aAttachment
610
                                    );
611
                                }*/
612
                            }
613
                        }
614

    
615
                        if($success==true)
616
                        {
617
                            $aSuccess[] .= 'INSERT INTO '.TABLE_PREFIX.'mod_form_submissions<br /> ';;
618
                            // Write submission to database
619
                            if(isset($wb) AND $wb->is_authenticated() AND $wb->get_user_id() > 0) {
620
                                $submitted_by = $wb->get_user_id();
621
                            } else {
622
                                $submitted_by = 0;
623
                            }
624
                            $email_body = htmlspecialchars($wb->add_slashes($email_body));
625
                            $sql  = 'INSERT INTO '.TABLE_PREFIX.'mod_form_submissions SET '
626
                                  . 'page_id='.$wb->page_id.','
627
                                  . 'section_id='.$section_id.','
628
                                  . 'submitted_when='.time().','
629
                                  . 'submitted_by=\''.$submitted_by.'\', '
630
                                  . 'body=\''.$email_body.'\' ';
631
                            if($database->query($sql))
632
                            {
633
                                // Get the page id
634
                                $iSubmissionId = intval($database->get_one("SELECT LAST_INSERT_ID()"));
635

    
636
                                if(!$database->is_error()) {
637
                                    $success = true;
638
                                }
639
                                // Make sure submissions table isn't too full
640
                                $query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when");
641
                                $num_submissions = $query_submissions->numRows();
642
                                if($num_submissions > $stored_submissions)
643
                                {
644
                                    // Remove excess submission
645
                                    $num_to_remove = $num_submissions-$stored_submissions;
646
                                    while($submission = $query_submissions->fetchRow(MYSQLI_ASSOC))
647
                                    {
648
                                        if($num_to_remove > 0)
649
                                        {
650
                                            $submission_id = $submission['submission_id'];
651
                                            $database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'");
652
                                            $num_to_remove = $num_to_remove-1;
653
                                        }
654
                                    }
655
                                } // $num_submissions
656
                            }  // numRows
657
                        } // $success
658
                     }
659
                 } // end how many times form has been submitted in last hour
660
            }
661
        }  // email_error
662
    } else {
663

    
664
    echo '<p>&nbsp;</p>'."\n".'<p><a href="'.$sRecallUrl.'">'.$oTrans->TEXT_BACK.'</a></p>'."\n";
665
    }
666

    
667
    $success_page = ( (isset($success_page) ) ? $success_page : $page_id);
668
    $sql  = 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` '
669
          . 'WHERE `page_id` = '.(int)$success_page;
670
    $sSuccessLink = WB_URL;  // if failed set default
671
    if( ($link = $database->get_one($sql)) ) {
672
       $sSuccessLink = WB_URL.PAGES_DIRECTORY.$link.PAGE_EXTENSION;
673
    }
674
    // Now check if the email was sent successfully
675
    if (isset($success) && $success == true)
676
    {
677
        if (!$success_page) {
678
            // Get submission details
679
            $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_submissions` '
680
                  . 'WHERE submission_id = '.$iSubmissionId.' ';
681
            if($query_content = $database->query($sql)) {
682
                $submission = $query_content->fetchRow(MYSQLI_ASSOC);
683
            }
684
            $Message = '';
685
            $NixHier = 'frm-nixhier';
686
            // Get the user details of whoever did this submission
687
            $sql  = 'SELECT `username`,`display_name` FROM `'.TABLE_PREFIX.'users` '
688
                  . 'WHERE `user_id` = '.$submission['submitted_by'];
689
            if($get_user = $database->query($sql))
690
            {
691
                if($get_user->numRows() != 0) {
692
                    $user = $get_user->fetchRow(MYSQLI_ASSOC);
693
                } else {
694
                    $Message = $oTrans->MOD_FORM_PRINT;
695
                    $NixHier = '';
696
                    $user['display_name'] = $oTrans->TEXT_GUEST;
697
                    $user['username'] = $oTrans->TEXT_UNKNOWN;
698
                }
699
            }
700

    
701
            $aSubSuccess = array();
702
            // set template file and assign module and template block
703
            $oTpl = new Template(WB_PATH.'/modules/form/templates/default','keep');
704
            // $tpl = new Template(dirname($admin->correct_theme_source('switchform.htt')),'keep');
705
            $oTpl->set_file('page', 'submessage.htt');
706
            $oTpl->debug = false; // false, true
707
            $oTpl->set_block('page', 'main_block', 'main');
708

    
709
            $aPaths = array(
710
                    'ADMIN_URL' => ADMIN_URL,
711
                    'THEME_URL' => THEME_URL,
712
                    'MODULE_URL' => WB_URL.'/modules/form',
713
                    'WB_URL' => WB_URL
714
                );
715
            $oTpl->set_var($aPaths);
716

    
717
            $success_email_text = preg_replace('/[\n\r]/', '',nl2br(($success_email_text)));
718
            $aDatas = array (
719
                    'SUCCESS_EMAIL_TEXT' => $success_email_text,
720
                    'TEXT_SUBMISSION_ID' => $oTrans->TEXT_SUBMISSION_ID,
721
                    'submission_submission_id' => $submission['submission_id'],
722
                    'submission_submitted_when' => gmdate( DATE_FORMAT .', '.TIME_FORMAT, $submission['submitted_when']+TIMEZONE ),
723
            );
724
            $oTpl->set_var($aDatas);
725

    
726
            $aLangs = array(
727
                    'TEXT_SUBMITTED' => $oTrans->TEXT_SUBMITTED,
728
                    'NIX_HIER' => $NixHier,
729
                    'TEXT_USER' => $oTrans->TEXT_USER,
730
                    'TEXT_USERNAME' => $oTrans->TEXT_USERNAME,
731
                    'TEXT_PRINT_PAGE' => $oTrans->TEXT_PRINT_PAGE,
732
                    'TEXT_REQUIRED_JS' => $oTrans->TEXT_REQUIRED_JS,
733
                    'user_display_name' => $user['display_name'],
734
                    'user_username' => $user['username'],
735
                    'SUCCESS_PRINT' => $Message,
736
                    'submission_body' => nl2br($submission['body'])
737
                    );
738
            $oTpl->set_var($aLangs);
739

    
740
            $oTpl->parse('main', 'main_block', false);
741
            $output = $oTpl->finish($oTpl->parse('output', 'page'));
742
            unset($oTpl);
743
            print $output;
744

    
745
        } else {
746
            echo "<script>location.href='".$sSuccessLink."';</script>";
747
        }
748
        // clearing session on success
749
        $sql  = 'SELECT `field_id` FROM `'.TABLE_PREFIX.'mod_form_fields` '
750
              . 'WHERE `section_id` = '.$section_id.'';
751
        $query_fields = $database->query( $sql );
752
        while($field = $query_fields->fetchRow(MYSQLI_ASSOC)) {
753
            $field_id = $field['field_id'];
754
            if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]);
755
        }
756
    } else {
757
        if(isset($success) && $success == false) {
758
            echo '<br />'.$oTrans->MOD_FORM_ERROR;
759
            echo '<p>&nbsp;</p>'."\n".'<p><a href="'.$sRecallUrl.'">'.$oTrans->TEXT_BACK.'</a></p>'."\n";
760
        }
761
    }
762
}
(27-27/28)