Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 1552) +++ branches/2.8.x/CHANGELOG (revision 1553) @@ -11,6 +11,8 @@ ! = Update/Change =========================== add small Features 2.8.2 ========================== +31 Dez-2011 Build 1553 Dietmar Woellbrink (Luisehahne) +! recoded formmodul, add dropdown email_fromname_field 31 Dez-2011 Build 1552 Dietmar Woellbrink (Luisehahne) # fix mdcr.js $scriptLink to absolute url ! change separator breadcrumb admintools Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 1552) +++ branches/2.8.x/wb/admin/interface/version.php (revision 1553) @@ -52,5 +52,5 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.2'); -if(!defined('REVISION')) define('REVISION', '1552'); +if(!defined('REVISION')) define('REVISION', '1553'); if(!defined('SP')) define('SP', 'SP2'); Index: branches/2.8.x/wb/modules/form/modify_field.php =================================================================== --- branches/2.8.x/wb/modules/form/modify_field.php (revision 1552) +++ branches/2.8.x/wb/modules/form/modify_field.php (revision 1553) @@ -22,22 +22,28 @@ $update_when_modified = false; // Include WB admin wrapper script require(WB_PATH.'/modules/admin.php'); + +$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); /* */ // Get id -$field_id = $admin->checkIDKEY('field_id', false, 'GET'); +$field_id = intval($admin->checkIDKEY('field_id', false, 'GET')); if (!$field_id) { - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']." MF: $field_id :-(", ADMIN_URL.'/pages/modify.php?page_id='.$page_id); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id.$sec_anchor); } +// load module language file +$lang = (dirname(__FILE__)) . '/languages/' . LANGUAGE . '.php'; +require_once(!file_exists($lang) ? (dirname(__FILE__)) . '/languages/EN.php' : $lang ); +$type = 'none'; // Get header and footer -$query_content = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE field_id = '$field_id'"); -$form = $query_content->fetchRow(); -$type = $form['type']; -if($type == '') { - $type = 'none'; +$sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_fields` '; +$sql .= 'WHERE `field_id` = '.$field_id.''; +$sql .= ''; +if($query_content = $database->query($sql)) { + $form = $query_content->fetchRow(MYSQL_ASSOC); + $type = (($form['type'] == '') ? 'none' : $form['type']); } - -// set new token +// set new idkey for save_field $field_id = $admin->getIDKEY($form['field_id']); // Set raw html <'s and >'s to be replaced by friendly html code $raw = array('<', '>'); @@ -44,13 +50,13 @@ $friendly = array('<', '>'); ?> -

+ getFTAN(); ?> - +

@@ -66,11 +72,11 @@ @@ -107,6 +113,7 @@

+ -

:	@@ -120,13 +126,11 @@

- -

:	@@ -133,10 +137,10 @@

@@ -190,7 +194,7 @@ - +

@@ -200,13 +204,13 @@ if ($type<>'none') { ?>

- +

Index: branches/2.8.x/wb/modules/form/add_field.php =================================================================== --- branches/2.8.x/wb/modules/form/add_field.php (revision 1552) +++ branches/2.8.x/wb/modules/form/add_field.php (revision 1553) @@ -20,6 +20,8 @@ // Include WB admin wrapper script require(WB_PATH.'/modules/admin.php'); +$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); + // Include the ordering class require(WB_PATH.'/framework/class.order.php'); // Get new order Index: branches/2.8.x/wb/modules/form/save_field.php =================================================================== --- branches/2.8.x/wb/modules/form/save_field.php (revision 1552) +++ branches/2.8.x/wb/modules/form/save_field.php (revision 1553) @@ -25,22 +25,23 @@ require(WB_PATH.'/modules/admin.php'); /* */ +$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); + // check FTAN if (!$admin->checkFTAN()) { $admin->print_header(); - $admin->print_error('::'.$MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id); + $admin->print_error('::'.$MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id.$sec_anchor); } -// After check print the header -$admin->print_header(); - -/* */ // Get id $field_id = intval($admin->checkIDKEY('field_id', false )); if (!$field_id) { - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'].'::', ADMIN_URL.'/pages/modify.php?page_id='.$page_id); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'].'::', ADMIN_URL.'/pages/modify.php?page_id='.$page_id.$sec_anchor); } +// After check print the header to get a new FTAN +$admin->print_header(); + /* // Get id if(!isset($_POST['field_id']) OR !is_numeric($_POST['field_id'])) { @@ -69,7 +70,12 @@ $value = ''; // Update row -$database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET title = '$title', type = '$type', required = '$required' WHERE field_id = '$field_id'"); +$sql = 'UPDATE `'.TABLE_PREFIX.'mod_form_fields SET` '; +$sql .= 'title = \''.$title.'\', '; +$sql .= 'type = \''.$type.'\', '; +$sql .= 'required = \''.$required.'\' '; +$sql .= 'WHERE field_id = '.(int)$field_id.' '; +if($database->query($sql)) { } // If field type has multiple options, get all values and implode them $list_count = $admin->get_post('list_count'); @@ -93,7 +99,7 @@ $database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '$value', extra = '' WHERE field_id = '$field_id'"); } elseif($admin->get_post('type') == 'heading') { $extra = str_replace(array("[[", "]]"), '', $admin->get_post('template')); - if(trim($extra) == '') $extra = '{TITLE}{FIELD}'; + if(trim($extra) == '') $extra = '{TITLE}{FIELD}'; $extra = $admin->add_slashes($extra); $database->query("UPDATE ".TABLE_PREFIX."mod_form_fields SET value = '', extra = '$extra' WHERE field_id = '$field_id'"); } elseif($admin->get_post('type') == 'select') { Index: branches/2.8.x/wb/modules/form/delete_field.php =================================================================== --- branches/2.8.x/wb/modules/form/delete_field.php (revision 1552) +++ branches/2.8.x/wb/modules/form/delete_field.php (revision 1553) @@ -22,11 +22,13 @@ require(WB_PATH.'/modules/admin.php'); // Get id -$field_id = $admin->checkIDKEY('field_id', false, 'GET'); +$field_id = intval($admin->checkIDKEY('field_id', false, 'GET')); if (!$field_id) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id); } +$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); + // Delete row $database->query("DELETE FROM ".TABLE_PREFIX."mod_form_fields WHERE field_id = '$field_id'"); @@ -36,10 +38,10 @@ // Create new order object an reorder $order = new order(TABLE_PREFIX.'mod_form_fields', 'position', 'field_id', 'section_id'); -if($order->clean($section_id)) { - $admin->print_error($database->get_error(), ADMIN_URL.'/pages/modify.php?page_id='.$page_id); +if(!$order->clean($section_id)) { + $admin->print_error($database->get_error(), ADMIN_URL.'/pages/modify.php?page_id='.$page_id.$sec_anchor); } else { - $admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id); + $admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id.$sec_anchor); } // Print admin footer Index: branches/2.8.x/wb/modules/form/modify_settings.php =================================================================== --- branches/2.8.x/wb/modules/form/modify_settings.php (revision 1552) +++ branches/2.8.x/wb/modules/form/modify_settings.php (revision 1553) @@ -30,10 +30,22 @@ $lang = (dirname(__FILE__)) . '/languages/' . LANGUAGE . '.php'; require_once(!file_exists($lang) ? (dirname(__FILE__)) . '/languages/EN.php' : $lang ); -// Get header and footer -$query_content = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'"); -$setting = $query_content->fetchRow(); +$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); +// Get Settings from DB +$sql = 'SELECT * FROM '.TABLE_PREFIX.'mod_form_settings '; +$sql .= 'WHERE `section_id` = '.(int)$section_id.''; +if($query_content = $database->query($sql)) { + $setting = $query_content->fetchRow(MYSQL_ASSOC); + $setting['email_to'] = ($setting['email_to'] != '' ? $setting['email_to'] : SERVER_EMAIL); + $setting['email_subject'] = ($setting['email_subject'] != '') ? $setting['email_subject'] : $MOD_FORM['EMAIL_SUBJECT']; + $setting['success_email_subject'] = ($setting['success_email_subject'] != '') ? $setting['success_email_subject'] : $MOD_FORM['SUCCESS_EMAIL_SUBJECT']; + $setting['success_email_from'] = ($setting['success_email_from'] != '' ? $setting['success_email_from'] : SERVER_EMAIL); + $setting['success_email_fromname'] = ($setting['success_email_fromname'] != '' ? $setting['success_email_fromname'] : WBMAILER_DEFAULT_SENDERNAME); + $setting['success_email_subject'] = ($setting['success_email_subject'] != '') ? $setting['success_email_subject'] : $MOD_FORM['SUCCESS_EMAIL_SUBJECT']; + +} + // Set raw html <'s and >'s to be replace by friendly html code $raw = array('<', '>'); $friendly = array('<', '>'); @@ -62,12 +74,12 @@ getFTAN(); ?> - +

- + - - + - - + - - + - - + - - +


:	:	/> @@ -76,62 +88,69 @@
:	+	:
:	+	:
:	+	:	<?php echo ($setting['header']); ?>
:	+	:	<?php echo ($setting['field_loop']); ?>
:	+	:	<?php echo str_replace($raw, $friendly, ($setting['footer'])); ?>

- - + +

- - + - - + - - + - - +


:	+	:
:	+	:
:	- +	:	+ +
:	+	:

- - + +

- - + - - + - - + - - + - - + - - +


:	+	:
:	+	:
:	+	:	+
:	+	:
:	+	:	<?php echo str_replace($raw, $friendly, ($setting['success_email_text'])); ?>
:	+	:

- +

Index: branches/2.8.x/wb/modules/form/save_field_new.php =================================================================== --- branches/2.8.x/wb/modules/form/save_field_new.php (nonexistent) +++ branches/2.8.x/wb/modules/form/save_field_new.php (revision 1553) @@ -0,0 +1,111 @@ +checkFTAN()) +{ + $admin->print_header(); + $admin->print_error('::'.$MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id.$sec_anchor); +} + +// Get id +$field_id = intval($admin->checkIDKEY('field_id', false )); +if (!$field_id) { + $admin->print_header(); + $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'].'::', ADMIN_URL.'/pages/modify.php?page_id='.$page_id.$sec_anchor); +} +// After check print the header to get a new FTAN +$admin->print_header(); + +// Validate all fields +if($admin->get_post('title') == '' OR $admin->get_post('type') == '') { + $admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL.'/modules/form/modify_field.php?page_id='.$page_id.'§ion_id='.$section_id.'&field_id='.$admin->getIDKEY($field_id)); +} else { + $title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('title'), ENT_QUOTES)); + $type = $admin->add_slashes($admin->get_post('type')); + $required = (int) $admin->add_slashes($admin->get_post('required')); +} + +// If field type has multiple options, get all values and implode them + $value = $extra = ''; + $list_count = $admin->get_post('list_count'); + if(is_numeric($list_count)) { + $values = array(); + for($i = 1; $i <= $list_count; $i++) { + if($admin->get_post('value'.$i) != '') { + $values[] = str_replace(",",",",$admin->get_post('value'.$i)); + } + } + $value = implode(',', $values); + } +// prepare sql-update + switch($admin->get_post('type')): + case 'textfield': + $value = str_replace(array("[[", "]]"), '', $admin->get_post_escaped('value')); + $extra = $admin->get_post_escaped('length'); + break; + case 'textarea': + $value = str_replace(array("[[", "]]"), '', $admin->get_post_escaped('value')); + $extra = ''; + break; + case 'heading': + $extra = str_replace(array("[[", "]]"), '', $admin->get_post('template')); + if(trim($extra) == '') $extra = '{TITLE}{FIELD}'; + $extra = $admin->add_slashes($extra); + break; + case 'select': + $extra = $admin->get_post_escaped('size').','.$admin->get_post_escaped('multiselect'); + break; + case 'checkbox': + $extra = str_replace(array("[[", "]]"), '', $admin->get_post_escaped('seperator')); + break; + case 'radio': + $extra = str_replace(array("[[", "]]"), '', $admin->get_post_escaped('seperator')); + break; + default: + $value = ''; + $extra = ''; + break; + endswitch; +// Update row + $sql = 'UPDATE `'.TABLE_PREFIX.'mod_form_fields` '; + $sql .= 'SET `title`=\''.$title.'\', '; + $sql .= '`type`=\''.$type.'\', '; + $sql .= '`required`=\''.$required.'\', '; + $sql .= '`extra`=\''.$extra.'\', '; + $sql .= '`value`=\''.$value.'\' '; + $sql .= 'WHERE field_id = '.(int)$field_id.' '; + if( $database->query($sql) ) { + $admin->print_success($TEXT['SUCCESS'], WB_URL.'/modules/form/modify_field.php?page_id='.$page_id.'§ion_id='.$section_id.'&field_id='.$admin->getIDKEY($field_id)); + }else { + $admin->print_error($database->get_error(), WB_URL.'/modules/form/modify_field.php?page_id='.$page_id.'§ion_id='.$section_id.'&field_id='.$admin->getIDKEY($field_id)); + } +// Print admin footer + $admin->print_footer(); \ No newline at end of file Property changes on: branches/2.8.x/wb/modules/form/save_field_new.php ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +Date Author Id Revision HeadURL \ No newline at end of property Index: branches/2.8.x/wb/modules/form/view.php =================================================================== --- branches/2.8.x/wb/modules/form/view.php (revision 1552) +++ branches/2.8.x/wb/modules/form/view.php (revision 1553) @@ -12,7 +12,7 @@ * @version $Id$ * @filesource $HeadURL$ * @lastmodified $Date$ - * @description + * @description */ // Must include code to stop this file being access directly @@ -24,69 +24,62 @@ } /* -------------------------------------------------------- */ -// check if frontend.css file needs to be included into the of view.php -if((!function_exists('register_frontend_modfiles') || !defined('MOD_FRONTEND_CSS_REGISTERED')) && - file_exists(WB_PATH .'/modules/form/frontend.css')) { - echo '\n"; -} - -require_once(WB_PATH.'/include/captcha/captcha.php'); - -// obtain the settings of the output filter module -if(file_exists(WB_PATH.'/modules/output_filter/filter-routines.php')) { - include_once(WB_PATH.'/modules/output_filter/filter-routines.php'); - $filter_settings = getOutputFilterSettings(); -} else { - // no output filter used, define default settings - $filter_settings['email_filter'] = 0; +// load module language file +$lang = (dirname(__FILE__)) . '/languages/' . LANGUAGE . '.php'; +require_once(!file_exists($lang) ? (dirname(__FILE__)) . '/languages/EN.php' : $lang ); +/* +function removebreaks($value) { + return trim(preg_replace('=((||0x0A/%0A|0x0D/%0D|\\n|\\r)\S).*=i', null, $value)); } - +function checkbreaks($value) { + return $value === removebreaks($value); +} +*/ // Function for generating an optionsfor a select field if (!function_exists('make_option')) { -function make_option(&$n, $k, $values) { - // start option group if it exists - if (substr($n,0,2) == '[=') { - $n = ''; - } elseif ($n == ']') { - $n = ''; - } else { - if(in_array($n, $values)) { - $n = ''; + function make_option(&$n, $k, $values) { + // start option group if it exists + if (substr($n,0,2) == '[=') { + $n = ''.PHP_EOL; + } elseif ($n == ']') { + $n = ''.PHP_EOL; } else { - $n = ''; + if(in_array($n, $values)) { + $n = ''.PHP_EOL; + } else { + $n = ''.PHP_EOL; + } } } } -} // Function for generating a checkbox if (!function_exists('make_checkbox')) { -function make_checkbox(&$n, $idx, $params) { - $field_id = $params[0][0]; - $seperator = $params[0][1]; - $label_id = 'wb_'.preg_replace('/[^a-z0-1]/i', '_', $n); - if(in_array($n, $params[1])) { - $n = ''.''.$n.''.$seperator; - } else { - $n = ''.''.$n.''.$seperator; - } + function make_checkbox(&$key, $idx, $params) { + $field_id = $params[0][0]; + $seperator = $params[0][1]; + + $label_id = 'wb_'.preg_replace('/[^a-z0-1]/i', '_', $key).$field_id; + if(in_array($key, $params[1])) { + $key = ''.''.$key.''.$seperator.PHP_EOL; + } else { + $key = ''.''.$key.''.$seperator.PHP_EOL; + } + } } -} // Function for generating a radio button if (!function_exists('make_radio')) { -function make_radio(&$n, $idx, $params) { - $field_id = $params[0]; - $group = $params[1]; - $seperator = $params[2]; - $label_id = 'wb_'.preg_replace('/[^a-z0-1]/i', '_', $n); - if($n == $params[3]) { - $n = ''.''.$n.''.$seperator; - } else { - $n = ''.''.$n.''.$seperator; + function make_radio(&$n, $idx, $params) { + $field_id = $params[0]; + $group = $params[1]; + $seperator = $params[2]; + $label_id = 'wb_'.preg_replace('/[^a-z0-1]/i', '_', $n).$field_id; + if($n == $params[3]) { + $n = ''.''.$n.''.$seperator.PHP_EOL; + } else { + $n = ''.''.$n.''.$seperator.PHP_EOL; + } } } -} if (!function_exists("new_submission_id") ) { function new_submission_id() { @@ -106,151 +99,157 @@ // Work-out if the form has been submitted or not if($_POST == array()) { + require_once(WB_PATH.'/include/captcha/captcha.php'); -// Set new submission ID in session -$_SESSION['form_submission_id'] = new_submission_id(); - -// Get settings -$query_settings = $database->query("SELECT header,field_loop,footer,use_captcha FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'"); -if($query_settings->numRows() > 0) { - $fetch_settings = $query_settings->fetchRow(); - $header = str_replace('{WB_URL}',WB_URL,$fetch_settings['header']); - $field_loop = $fetch_settings['field_loop']; - $footer = str_replace('{WB_URL}',WB_URL,$fetch_settings['footer']); - $use_captcha = $fetch_settings['use_captcha']; - $form_name = 'form'; - $use_xhtml_strict = false; -} else { + // Set new submission ID in session + $_SESSION['form_submission_id'] = new_submission_id(); + $out = ''; $header = ''; $field_loop = ''; $footer = ''; $form_name = 'form'; $use_xhtml_strict = false; -} + // Get settings + $sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_settings` '; + $sql .= 'WHERE section_id = '.$section_id.' '; + if($query_settings = $database->query($sql)) { + if($query_settings->numRows() > 0) { + $fetch_settings = $query_settings->fetchRow(MYSQL_ASSOC); + $header = str_replace('{WB_URL}',WB_URL,$fetch_settings['header']); + $field_loop = $fetch_settings['field_loop']; + $footer = str_replace('{WB_URL}',WB_URL,$fetch_settings['footer']); + $use_captcha = $fetch_settings['use_captcha']; + $form_name = 'form'; + $use_xhtml_strict = false; + } + } -?> - 0) AND (false == $use_xhtml_strict) ) ? "name=\"".$form_name."\"" : ""); ?> action="#wb_" method="post"> -

- -getFTAN(); ?> -

- -

-email address: -Leave this field email-address blank: -
-Homepage: -Leave this field homepage blank: -
-URL: -Leave this field url blank: -
-Comment: -Leave this field comment blank: -
-

+// do not use sec_anchor, can destroy some layouts +$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); -query($sql)) { + if($query_fields->numRows() > 0) { +?> + 0) AND (false == $use_xhtml_strict) ) ? "name=\"".$form_name."\"" : ""); ?> action="" method="post"> + + getFTAN(); ?> + + +

+ email address: + Leave this field email-address blank: +
+ Homepage: + Leave this field homepage blank: +
+ URL: + Leave this field url blank: +
+ Comment: + Leave this field comment blank: +
+

+ query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC"); - -if($query_fields->numRows() > 0) { - while($field = $query_fields->fetchRow()) { - // Set field values - $field_id = $field['field_id']; - $value = $field['value']; - // Print field_loop after replacing vars with values - $vars = array('{TITLE}', '{REQUIRED}'); - if (($field['type'] == "radio") || ($field['type'] == "checkbox")) { - $field_title = $field['title']; - } else { - $field_title = ''.$field['title'].''; - } - $values = array($field_title); - if ($field['required'] == 1) { - $values[] = '*'; - } else { - $values[] = ''; - } - if($field['type'] == 'textfield') { - $vars[] = '{FIELD}'; - $max_lenght_para = (intval($field['extra']) ? ' maxlenght="'.intval($field['extra']).'"' : ''); - $values[] = ''; - } elseif($field['type'] == 'textarea') { - $vars[] = '{FIELD}'; - $values[] = ''; - } elseif($field['type'] == 'select') { - $vars[] = '{FIELD}'; - $options = explode(',', $value); - array_walk($options, 'make_option', (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array())); - $field['extra'] = explode(',',$field['extra']); - $values[] = ''; - } elseif($field['type'] == 'heading') { - $vars[] = '{FIELD}'; - $str = ''; - $values[] = ( true == $use_xhtml_strict) ? "

".$str."

" : $str; - $tmp_field_loop = $field_loop; // temporarily modify the field loop template - $field_loop = $field['extra']; - } elseif($field['type'] == 'checkbox') { - $vars[] = '{FIELD}'; - $options = explode(',', $value); - array_walk($options, 'make_checkbox', array(array($field_id,$field['extra']),(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array()))); - $options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra'])); - $values[] = implode($options); - } elseif($field['type'] == 'radio') { - $vars[] = '{FIELD}'; - $options = explode(',', $value); - array_walk($options, 'make_radio', array($field_id,$field['title'],$field['extra'], (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:''))); - $options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra'])); - $values[] = implode($options); - } elseif($field['type'] == 'email') { - $vars[] = '{FIELD}'; - $max_lenght_para = (intval($field['extra']) ? ' maxlenght="'.intval($field['extra']).'"' : ''); - $values[] = ''; - } - if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]); - if($field['type'] != '') { - echo str_replace($vars, $values, $field_loop); - } - if (isset($tmp_field_loop)) $field_loop = $tmp_field_loop; - } -} - -// Captcha -if($use_captcha) { ?> - - : - - - fetchRow(MYSQL_ASSOC)) { + // Set field values + $field_id = $field['field_id']; + $value = $field['value']; + // Print field_loop after replacing vars with values + $vars = array('{TITLE}', '{REQUIRED}'); + if (($field['type'] == "radio") || ($field['type'] == "checkbox")) { + $field_title = $field['title']; + } else { + $field_title = ''.$field['title'].''.PHP_EOL; + } + $values = array($field_title); + if ($field['required'] == 1) { + $values[] = '*'.PHP_EOL; + } else { + $values[] = ''; + } + if($field['type'] == 'textfield') { + $vars[] = '{FIELD}'; + $max_lenght_para = (intval($field['extra']) ? ' maxlenght="'.intval($field['extra']).'"' : ''); + $values[] = ''.PHP_EOL; + } elseif($field['type'] == 'textarea') { + $vars[] = '{FIELD}'; + $values[] = ''.PHP_EOL; + } elseif($field['type'] == 'select') { + $vars[] = '{FIELD}'; + $options = explode(',', $value); + array_walk($options, 'make_option', (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array())); + $field['extra'] = explode(',',$field['extra']); + $values[] = ''.PHP_EOL; + } elseif($field['type'] == 'heading') { + $vars[] = '{FIELD}'; + $str = ''; + $values[] = ( true == $use_xhtml_strict) ? "

".$str."

" : $str; + $tmp_field_loop = $field_loop; // temporarily modify the field loop template + $field_loop = $field['extra']; + } elseif($field['type'] == 'checkbox') { + $vars[] = '{FIELD}'; + $options = explode(',', $value); + array_walk($options, 'make_checkbox', array(array($field_id,$field['extra']),(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array()))); + $x = sizeof($options)-1; + $options[$x]=substr($options[$x],0,strlen($options[$x])); + $values[] = implode($options); + } elseif($field['type'] == 'radio') { + $vars[] = '{FIELD}'; + $options = explode(',', $value); + array_walk($options, 'make_radio', array($field_id,$field['title'],$field['extra'], (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:''))); + $x = sizeof($options)-1; + $options[$x]=substr($options[$x],0,strlen($options[$x])); + $values[] = implode($options); + } elseif($field['type'] == 'email') { + $vars[] = '{FIELD}'; + $max_lenght_para = (intval($field['extra']) ? ' maxlenght="'.intval($field['extra']).'"' : ''); + $values[] = ''.PHP_EOL; + } + if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]); + if($field['type'] != '') { + echo str_replace($vars, $values, $field_loop); + } + if (isset($tmp_field_loop)){ $field_loop = $tmp_field_loop; } + } + // Captcha + if($use_captcha) { ?> + + : + + + checkFTAN()) - { - $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); - exit(); - } -*/ // Submit form data // First start message settings - $query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'"); - if($query_settings->numRows() > 0) { - $fetch_settings = $query_settings->fetchRow(); - $email_to = $fetch_settings['email_to']; - $email_from = $fetch_settings['email_from']; - if(substr($email_from, 0, 5) == 'field') { - // Set the email from field to what the user entered in the specified field - $email_from = htmlspecialchars($wb->add_slashes($_POST[$email_from])); + $sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_settings` '; + $sql .= 'WHERE `section_id` = '.(int)$section_id.''; + if($query_settings = $database->query($sql) ) { + if($query_settings->numRows() > 0) { + $fetch_settings = $query_settings->fetchRow(MYSQL_ASSOC); + + $email_to = $fetch_settings['email_to']; + $email_from = $fetch_settings['email_from']; + if(substr($email_from, 0, 5) == 'field') { + // Set the email from field to what the user entered in the specified field + $email_from = htmlspecialchars($wb->add_slashes($_POST[$email_from])); + } + $email_fromname = $fetch_settings['email_fromname']; + if(substr($email_fromname, 0, 5) == 'field') { + // Set the email_fromname to field to what the user entered in the specified field + $email_fromname = htmlspecialchars($wb->add_slashes($_POST[$email_fromname])); + } + $email_subject = $fetch_settings['email_subject']; + $success_page = $fetch_settings['success_page']; + $success_email_to = $fetch_settings['success_email_to']; + if(substr($success_email_to, 0, 5) == 'field') { + // Set the success_email to field to what the user entered in the specified field + $success_email_to = htmlspecialchars($wb->add_slashes($_POST[$success_email_to])); + } + $success_email_from = $fetch_settings['success_email_from']; + $success_email_fromname = $fetch_settings['success_email_fromname']; + $success_email_text = htmlspecialchars($wb->add_slashes($fetch_settings['success_email_text'])); + $success_email_text = (($success_email_text != '') ? $success_email_text : $MOD_FORM['SUCCESS_EMAIL_TEXT']); + $success_email_subject = $fetch_settings['success_email_subject']; + $max_submissions = $fetch_settings['max_submissions']; + $stored_submissions = $fetch_settings['stored_submissions']; + $use_captcha = $fetch_settings['use_captcha']; + } else { + exit($TEXT['UNDER_CONSTRUCTION']); } - $email_fromname = $fetch_settings['email_fromname']; - $email_subject = $fetch_settings['email_subject']; - $success_page = $fetch_settings['success_page']; - $success_email_to = $fetch_settings['success_email_to']; - if(substr($success_email_to, 0, 5) == 'field') { - // Set the success_email to field to what the user entered in the specified field - $success_email_to = htmlspecialchars($wb->add_slashes($_POST[$success_email_to])); - } - $success_email_from = $fetch_settings['success_email_from']; - $success_email_fromname = $fetch_settings['success_email_fromname']; - $success_email_text = $fetch_settings['success_email_text']; - $success_email_subject = $fetch_settings['success_email_subject']; - $max_submissions = $fetch_settings['max_submissions']; - $stored_submissions = $fetch_settings['stored_submissions']; - $use_captcha = $fetch_settings['use_captcha']; - } else { - exit($TEXT['UNDER_CONSTRUCTION']); } $email_body = ''; - + // Create blank "required" array $required = array(); - + // Captcha if($use_captcha) { if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){ @@ -315,141 +318,163 @@ // Loop through fields and add to message body // Get list of fields - $query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC"); - if($query_fields->numRows() > 0) { - while($field = $query_fields->fetchRow()) { - // Add to message body - if($field['type'] != '') { - if(!empty($_POST['field'.$field['field_id']])) { - // do not allow droplets in user input! - if (is_array($_POST['field'.$field['field_id']])) { - $_SESSION['field'.$field['field_id']] = str_replace(array("[[", "]]"), array("[[", "]]"), $_POST['field'.$field['field_id']]); - } else { - $_SESSION['field'.$field['field_id']] = str_replace(array("[[", "]]"), array("[[", "]]"), htmlspecialchars($_POST['field'.$field['field_id']])); - } - // if the output filter is active, we need to revert (dot) to . and (at) to @ (using current filter settings) - // otherwise the entered mail will not be accepted and the recipient would see (dot), (at) etc. - if ($filter_settings['email_filter']) { - $field_value = $_POST['field'.$field['field_id']]; - $field_value = str_replace($filter_settings['at_replacement'], '@', $field_value); - $field_value = str_replace($filter_settings['dot_replacement'], '.', $field_value); - $_POST['field'.$field['field_id']] = $field_value; - } - if($field['type'] == 'email' AND $admin->validate_email($_POST['field'.$field['field_id']]) == false) { - $email_error = $MESSAGE['USERS']['INVALID_EMAIL']; - } - if($field['type'] == 'heading') { - $email_body .= $_POST['field'.$field['field_id']]."\n\n"; - } elseif (!is_array($_POST['field'.$field['field_id']])) { - $email_body .= $field['title'].': '.$_POST['field'.$field['field_id']]."\n\n"; - } else { - $email_body .= $field['title'].": \n"; - foreach ($_POST['field'.$field['field_id']] as $k=>$v) { - $email_body .= $v."\n"; + $sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_fields` '; + $sql .= 'WHERE `section_id` = '.(int)$section_id.' '; + $sql .= 'ORDER BY position ASC'; + if($query_fields = $database->query($sql)) { + if($query_fields->numRows() > 0) { + while($field = $query_fields->fetchRow(MYSQL_ASSOC)) { + // Add to message body + if($field['type'] != '') { + if(!empty($_POST['field'.$field['field_id']])) { + // do not allow droplets in user input! + if (is_array($_POST['field'.$field['field_id']])) { + $_SESSION['field'.$field['field_id']] = str_replace(array("[[", "]]"), array("[[", "]]"), $_POST['field'.$field['field_id']]); + } else { + $_SESSION['field'.$field['field_id']] = str_replace(array("[[", "]]"), array("[[", "]]"), htmlspecialchars($_POST['field'.$field['field_id']])); } - $email_body .= "\n"; + if($field['type'] == 'email' AND $admin->validate_email($_POST['field'.$field['field_id']]) == false) { + $email_error = $MESSAGE['USERS']['INVALID_EMAIL']; + } + if($field['type'] == 'heading') { + $email_body .= $_POST['field'.$field['field_id']]."\n\n"; + } elseif (!is_array($_POST['field'.$field['field_id']])) { + $email_body .= $field['title'].': '.$_POST['field'.$field['field_id']]."\n\n"; + } else { + $email_body .= $field['title'].": \n"; + foreach ($_POST['field'.$field['field_id']] as $k=>$v) { + $email_body .= $v."\n"; + } + $email_body .= "\n"; + } + } elseif($field['required'] == 1) { + $required[] = $field['title']; } - } elseif($field['required'] == 1) { - $required[] = $field['title']; } - } - } - } - - // Check if the user forgot to enter values into all the required fields - if($required != array()) { - if(!isset($MESSAGE['MOD_FORM']['REQUIRED_FIELDS'])) { - echo 'You must enter details for the following fields'; + } // while + } // numRows + } // query +// Check if the user forgot to enter values into all the required fields + if(sizeof($required )) { + + if(!isset($MESSAGE['MOD_FORM_REQUIRED_FIELDS'])) { + echo '

You must enter details for the following fields

'; } else { - echo $MESSAGE['MOD_FORM']['REQUIRED_FIELDS']; + echo '

'.$MESSAGE['MOD_FORM_REQUIRED_FIELDS'].'

'; } - echo ':

'.$field_title; + echo '
'.$field_title.PHP_EOL; } if(isset($email_error)) { - echo '
'.$email_error.'
'.$email_error.'
'.$captcha_error.'
'.$captcha_error.'

'.$TEXT['BACK'].'

'.PHP_EOL; + echo '

'.PHP_EOL.'

'.$TEXT['BACK'].'

'.PHP_EOL; } else { if(isset($email_error)) { - echo '

'.$email_error.'

'.$TEXT['BACK'].''; + echo '

'.$email_error.'

'.PHP_EOL; + echo ''.$TEXT['BACK'].''; } elseif(isset($captcha_error)) { - echo '

'.$captcha_error.'

'.$TEXT['BACK'].''; + echo '

'.$captcha_error.'

'.PHP_EOL; + echo '

'.PHP_EOL.'

'.$TEXT['BACK'].'

'.PHP_EOL; } else { // Check how many times form has been submitted in last hour $last_hour = time()-3600; - $query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions WHERE submitted_when >= '$last_hour'"); - if($query_submissions->numRows() > $max_submissions) { - // Too many submissions so far this hour - echo $MESSAGE['MOD_FORM']['EXCESS_SUBMISSIONS']; - $success = false; - } else { - /** - * Adding the IP to the body and try to send the email - */ - // $email_body .= "\n\nIP: ".$_SERVER['REMOTE_ADDR']; + $sql = 'SELECT `submission_id` FROM `'.TABLE_PREFIX.'mod_form_submissions` '; + $sql .= 'WHERE `submitted_when` >= '.$last_hour.''; + $sql .= ''; + if($query_submissions = $database->query($sql)){ + if($query_submissions->numRows() > $max_submissions) { + // Too many submissions so far this hour + echo $MESSAGE['MOD_FORM_EXCESS_SUBMISSIONS']; + $success = false; + } else { + // Adding the IP to the body and try to send the email + // $email_body .= "\n\nIP: ".$_SERVER['REMOTE_ADDR']; + $recipient = preg_replace( "/[^a-z0-9 !?:;,.\/_\-=+@#$&\*]/im", "", $email_fromname ); + $email_fromname = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $recipient ); + $email_body = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $email_body ); + if($email_to != '') { + if($email_from != '') { + if($wb->mail($email_from,$email_to,$email_subject,$email_body,$email_fromname)) { + $success = true; + } + } else { + if($wb->mail('',$email_to,$email_subject,$email_body,$email_fromname)) { + $success = true; + } + } + } - if($email_to != '') { - if($email_from != '') { - if($wb->mail($email_from,$email_to,$email_subject,$email_body,$email_fromname)) { - $success = true; + $recipient = preg_replace( "/[^a-z0-9 !?:;,.\/_\-=+@#$&\*]/im", "", $success_email_fromname ); + $success_email_fromname = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $recipient ); + $success_email_text = preg_replace( "/(content-type:|bcc:|cc:|to:|from:)/im", "", $success_email_text ); + if($success_email_to != '') { + if($success_email_from != '') { + if($wb->mail($success_email_from,$success_email_to,$success_email_subject,$success_email_text,$success_email_fromname)) { + $success = true; + } + } else { + if($wb->mail('',$success_email_to,$success_email_subject,$success_email_text,$success_email_fromname)) { + $success = true; + } } - } else { - if($wb->mail('',$email_to,$email_subject,$email_body,$email_fromname)) { - $success = true; - } } - } - if($success_email_to != '') { - if($success_email_from != '') { - if($wb->mail($success_email_from,$success_email_to,$success_email_subject,$success_email_text,$success_email_fromname)) { - $success = true; - } + + // Write submission to database + if(isset($admin) AND $admin->is_authenticated() AND $admin->get_user_id() > 0) { + $submitted_by = $admin->get_user_id(); } else { - if($wb->mail('',$success_email_to,$success_email_subject,$success_email_text,$success_email_fromname)) { - $success = true; - } + $submitted_by = 0; } - } - - // Write submission to database - if(isset($admin) AND $admin->is_authenticated() AND $admin->get_user_id() > 0) { - $submitted_by = $admin->get_user_id(); - } else { - $submitted_by = 0; - } - $email_body = htmlspecialchars($wb->add_slashes($email_body)); - $database->query("INSERT INTO ".TABLE_PREFIX."mod_form_submissions (page_id,section_id,submitted_when,submitted_by,body) VALUES ('".PAGE_ID."','$section_id','".time()."','$submitted_by','$email_body')"); - // Make sure submissions table isn't too full - $query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when"); - $num_submissions = $query_submissions->numRows(); - if($num_submissions > $stored_submissions) { - // Remove excess submission - $num_to_remove = $num_submissions-$stored_submissions; - while($submission = $query_submissions->fetchRow()) { - if($num_to_remove > 0) { - $submission_id = $submission['submission_id']; - $database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'"); - $num_to_remove = $num_to_remove-1; + $email_body = htmlspecialchars($wb->add_slashes($email_body)); + $sql = 'INSERT INTO '.TABLE_PREFIX.'mod_form_submissions '; + $sql .= 'SET '; + $sql .= 'page_id='.$wb->page_id.','; + $sql .= 'section_id='.$section_id.','; + $sql .= 'submitted_when='.time().','; + $sql .= 'submitted_by=\''.$submitted_by.'\', '; + $sql .= 'body=\''.$email_body.'\' '; + if($database->query($sql)) { +/* + // Make sure submissions table isn't too full + $query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when"); + $num_submissions = $query_submissions->numRows(); + if($num_submissions > $stored_submissions) { + // Remove excess submission + $num_to_remove = $num_submissions-$stored_submissions; + while($submission = $query_submissions->fetchRow(MYSQL_ASSOC)) { + if($num_to_remove > 0) { + $submission_id = $submission['submission_id']; + $database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'"); + $num_to_remove = $num_to_remove-1; + } } } - } - if(!$database->is_error()) { - $success = true; - } - } - } - } +*/ + if(!$database->is_error()) { + $success = true; + } + } // numRows + } + } + } + } // email_error + } else { + + echo '

'.PHP_EOL.'

'.$TEXT['BACK'].'

'.PHP_EOL; } - + // Now check if the email was sent successfully if(isset($success) AND $success == true) { if ($success_page=='none') { @@ -457,15 +482,15 @@ } else { $query_menu = $database->query("SELECT link,target FROM ".TABLE_PREFIX."pages WHERE `page_id` = '$success_page'"); if($query_menu->numRows() > 0) { - $fetch_settings = $query_menu->fetchRow(); + $fetch_settings = $query_menu->fetchRow(MYSQL_ASSOC); $link = WB_URL.PAGES_DIRECTORY.$fetch_settings['link'].PAGE_EXTENSION; echo ""; - } + } } // clearing session on success $query_fields = $database->query("SELECT field_id FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id'"); - while($field = $query_fields->fetchRow()) { - $field_id = $field[0]; + while($field = $query_fields->fetchRow(MYSQL_ASSOC)) { + $field_id = $field['field_id']; if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]); } } else { @@ -473,4 +498,5 @@ echo $TEXT['ERROR']; } } + } Index: branches/2.8.x/wb/modules/form/delete_submission.php =================================================================== --- branches/2.8.x/wb/modules/form/delete_submission.php (revision 1552) +++ branches/2.8.x/wb/modules/form/delete_submission.php (revision 1553) @@ -22,7 +22,7 @@ require(WB_PATH.'/modules/admin.php'); // Get id -$submission_id = $admin->checkIDKEY('submission_id', false, 'GET'); +$submission_id = intval($admin->checkIDKEY('submission_id', false, 'GET')); if (!$submission_id) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id); } Index: branches/2.8.x/wb/modules/form/save_settings.php =================================================================== --- branches/2.8.x/wb/modules/form/save_settings.php (revision 1552) +++ branches/2.8.x/wb/modules/form/save_settings.php (revision 1553) @@ -30,6 +30,12 @@ } $admin->print_header(); +$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); + +// load module language file +$lang = (dirname(__FILE__)) . '/languages/' . LANGUAGE . '.php'; +require_once(!file_exists($lang) ? (dirname(__FILE__)) . '/languages/EN.php' : $lang ); + // This code removes any ', ''); @@ -37,20 +43,33 @@ $field_loop = $admin->add_slashes($_POST['field_loop']); $footer = $admin->add_slashes($_POST['footer']); $email_to = $admin->add_slashes($_POST['email_to']); +$email_to = ($email_to != '' ? $email_to : SERVER_EMAIL); $use_captcha = $admin->add_slashes($_POST['use_captcha']); -if($_POST['email_from_field'] == '') { + +if( isset($_POST['email_from_field']) && ($_POST['email_from_field'] != '')) { + $email_from = $admin->add_slashes($_POST['email_from_field']); +} else { $email_from = $admin->add_slashes($_POST['email_from']); +} + +if( isset($_POST['email_fromname_field']) && ($_POST['email_fromname_field'] != '')) { + $email_fromname = $admin->add_slashes($_POST['email_fromname_field']); } else { - $email_from = $admin->add_slashes($_POST['email_from_field']); + $email_fromname = $admin->add_slashes($_POST['email_fromname']); } -$email_fromname = $admin->add_slashes($_POST['email_fromname']); + $email_subject = $admin->add_slashes($_POST['email_subject']); +$email_subject = ($email_subject != '') ? $email_subject : $MOD_FORM['EMAIL_SUBJECT']; $success_page = $admin->add_slashes($_POST['success_page']); $success_email_to = $admin->add_slashes($_POST['success_email_to']); $success_email_from = $admin->add_slashes($_POST['success_email_from']); $success_email_fromname = $admin->add_slashes($_POST['success_email_fromname']); +$success_email_fromname = ($success_email_fromname != '' ? $success_email_fromname : WBMAILER_DEFAULT_SENDERNAME); $success_email_text = $admin->add_slashes($_POST['success_email_text']); +$success_email_text = (($success_email_text != '') ? $success_email_text : $MOD_FORM['SUCCESS_EMAIL_TEXT']); $success_email_subject = $admin->add_slashes($_POST['success_email_subject']); +$success_email_subject = ($success_email_subject != '') ? $success_email_subject : $MOD_FORM['SUCCESS_EMAIL_SUBJECT']; + if(!is_numeric($_POST['max_submissions'])) { $max_submissions = 50; } else { @@ -65,16 +84,34 @@ if($max_submissions > $stored_submissions) { $max_submissions = $stored_submissions; } +$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); // Update settings -$database->query("UPDATE ".TABLE_PREFIX."mod_form_settings SET header = '$header', field_loop = '$field_loop', footer = '$footer', email_to = '$email_to', email_from = '$email_from', email_fromname = '$email_fromname', email_subject = '$email_subject', success_page = '$success_page', success_email_to = '$success_email_to', success_email_from = '$success_email_from', success_email_fromname = '$success_email_fromname', success_email_text = '$success_email_text', success_email_subject = '$success_email_subject', max_submissions = '$max_submissions', stored_submissions = '$stored_submissions', use_captcha = '$use_captcha' WHERE section_id = '$section_id'"); - +$sql = 'UPDATE `'.TABLE_PREFIX.'mod_form_settings` SET '; +$sql .= '`header` = \''.$header.'\', '; +$sql .= '`field_loop` = \''.$field_loop.'\', '; +$sql .= '`footer` = \''.$footer.'\', '; +$sql .= '`email_to` = \''.$email_to.'\', '; +$sql .= '`email_from` = \''.$email_from.'\', '; +$sql .= '`email_fromname` = \''.$email_fromname.'\', '; +$sql .= '`email_subject` = \''.$email_subject.'\', '; +$sql .= '`success_page` = \''.$success_page.'\', '; +$sql .= '`success_email_to` = \''.$success_email_to.'\', '; +$sql .= '`success_email_from` = \''.$success_email_from.'\', '; +$sql .= '`success_email_fromname` = \''.$success_email_fromname.'\', '; +$sql .= '`success_email_text` = \''.$success_email_text.'\', '; +$sql .= '`success_email_subject` = \''.$success_email_subject.'\', '; +$sql .= '`max_submissions` = \''.$max_submissions.'\', '; +$sql .= '`stored_submissions` = \''.$stored_submissions.'\', '; +$sql .= '`use_captcha` = \''.$use_captcha.'\' '; +$sql .= 'WHERE `section_id` = '.(int)$section_id.' '; +$sql .= ''; +if($database->query($sql)) { + $admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id.$sec_anchor); +} // Check if there is a db error, otherwise say successful if($database->is_error()) { - $admin->print_error($database->get_error(), ADMIN_URL.'/pages/modify.php?page_id='.$page_id); -} else { - $admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id); + $admin->print_error($database->get_error(), ADMIN_URL.'/pages/modify.php?page_id='.$page_id.$sec_anchor); } - // Print admin footer $admin->print_footer(); Index: branches/2.8.x/wb/modules/form/languages/NL.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/NL.php (revision 1552) +++ branches/2.8.x/wb/modules/form/languages/NL.php (revision 1553) @@ -27,6 +27,12 @@ $module_description = 'Deze module makt het mogelijk om aangepaste online formulieren te maken zoals een feedback formulier. Met dank aan Rudolph Lartey voor het aanpassen van deze module.'; //Variables for the backend -$MOD_FORM['SETTINGS'] = 'Formulier instellingen'; +$MOD_FORM['SETTINGS'] = 'Form Settings'; +$MOD_FORM['CONFIRM'] = 'Confirmation'; +$MOD_FORM['SUBMIT_FORM'] = 'Submit'; +$MOD_FORM['EMAIL_SUBJECT'] = 'Delivering a message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_TEXT'] = 'Thank you for sending your message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_SUBJECT'] = 'You have submitted a message to '.WEBSITE_TITLE; -?> \ No newline at end of file +$MOD_TEXT['FROM'] = 'Sender'; +$MOD_TEXT['TO'] = 'Recipient'; Index: branches/2.8.x/wb/modules/form/languages/NO.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/NO.php (revision 1552) +++ branches/2.8.x/wb/modules/form/languages/NO.php (revision 1553) @@ -27,6 +27,12 @@ $module_description = 'Med denne modulen kan du lage díne egne spesialtilpassede elektroniske skjemaer, som for eksempe et tilbakemeldings skjema. En stor takk til Rudolph Lartey for hjelpen med å videreutvikkle denne modulen, og for bidrag med koding av ekstra felt typer , osv.'; //Variables for the backend -$MOD_FORM['SETTINGS'] = 'Skjema Innstillinger'; - -?> \ No newline at end of file +$MOD_FORM['SETTINGS'] = 'Form Settings'; +$MOD_FORM['CONFIRM'] = 'Confirmation'; +$MOD_FORM['SUBMIT_FORM'] = 'Submit'; +$MOD_FORM['EMAIL_SUBJECT'] = 'Delivering a message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_TEXT'] = 'Thank you for sending your message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_SUBJECT'] = 'You have submitted a message to '.WEBSITE_TITLE; + +$MOD_TEXT['FROM'] = 'Sender'; +$MOD_TEXT['TO'] = 'Recipient'; Index: branches/2.8.x/wb/modules/form/languages/EN.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/EN.php (revision 1552) +++ branches/2.8.x/wb/modules/form/languages/EN.php (revision 1553) @@ -28,5 +28,11 @@ //Variables for the backend $MOD_FORM['SETTINGS'] = 'Form Settings'; +$MOD_FORM['CONFIRM'] = 'Confirmation'; +$MOD_FORM['SUBMIT_FORM'] = 'Submit'; +$MOD_FORM['EMAIL_SUBJECT'] = 'Delivering a message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_TEXT'] = 'Thank you for sending your message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_SUBJECT'] = 'You have submitted a message to '.WEBSITE_TITLE; -?> \ No newline at end of file +$MOD_TEXT['FROM'] = 'Sender'; +$MOD_TEXT['TO'] = 'Recipient'; Index: branches/2.8.x/wb/modules/form/languages/DA.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/DA.php (revision 1552) +++ branches/2.8.x/wb/modules/form/languages/DA.php (revision 1553) @@ -1,32 +1,40 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -//Modul Description -$module_description = 'Dette modul giver mulighed for at lave tilpassede online formularer, f.eks. en kontaktformular. Tak til Rudolph Lartey som har hjulpet med at forbedre dette modul ved at lave kode for ekstra felttyper osv.'; - -//Variables for the backend -$MOD_FORM['SETTINGS'] = 'Formularindstillinger'; - -?> + + Copyright (C) 2004-2009, Ryan Djurovich + + Website Baker is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + Website Baker is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with Website Baker; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +*/ + +//Modul Description +$module_description = 'Dette modul giver mulighed for at lave tilpassede online formularer, f.eks. en kontaktformular. Tak til Rudolph Lartey som har hjulpet med at forbedre dette modul ved at lave kode for ekstra felttyper osv.'; + +//Variables for the backend +$MOD_FORM['SETTINGS'] = 'Form Settings'; +$MOD_FORM['CONFIRM'] = 'Confirmation'; +$MOD_FORM['SUBMIT_FORM'] = 'Submit'; +$MOD_FORM['EMAIL_SUBJECT'] = 'Delivering a message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_TEXT'] = 'Thank you for sending your message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_SUBJECT'] = 'You have submitted a message to '.WEBSITE_TITLE; + +$MOD_TEXT['FROM'] = 'Sender'; +$MOD_TEXT['TO'] = 'Recipient'; + + Index: branches/2.8.x/wb/modules/form/languages/RU.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/RU.php (revision 1552) +++ branches/2.8.x/wb/modules/form/languages/RU.php (revision 1553) @@ -27,6 +27,12 @@ $module_description = 'Модуль позволяет создавать различные настраиваемые формы, например формы обратной связи. Rudolph Lartey помог улучшить данный модуль.'; //Variables for the backend -$MOD_FORM['SETTINGS'] = 'Настройки формы'; +$MOD_FORM['SETTINGS'] = 'Form Settings'; +$MOD_FORM['CONFIRM'] = 'Confirmation'; +$MOD_FORM['SUBMIT_FORM'] = 'Submit'; +$MOD_FORM['EMAIL_SUBJECT'] = 'Delivering a message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_TEXT'] = 'Thank you for sending your message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_SUBJECT'] = 'You have submitted a message to '.WEBSITE_TITLE; -?> +$MOD_TEXT['FROM'] = 'Sender'; +$MOD_TEXT['TO'] = 'Recipient'; Index: branches/2.8.x/wb/modules/form/languages/FR.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/FR.php (revision 1552) +++ branches/2.8.x/wb/modules/form/languages/FR.php (revision 1553) @@ -1,35 +1,41 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - - - ----------------------------------------------------------------------------------------- - FRENCH LANGUAGE FILE FOR THE MODULE: FORM - ----------------------------------------------------------------------------------------- -*/ -//Module Description -$module_description = 'This module allows you to create customised online forms, such as a feedback form. Thank-you to Rudolph Lartey who help enhance this module, providing code for extra field types, etc.'; - -//Variables for the backend -$MOD_FORM['SETTINGS'] = 'Configurations du formulaire'; - -?> \ No newline at end of file + + Copyright (C) 2004-2009, Ryan Djurovich + + Website Baker is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + Website Baker is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with Website Baker; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + + ----------------------------------------------------------------------------------------- + FRENCH LANGUAGE FILE FOR THE MODULE: FORM + ----------------------------------------------------------------------------------------- +*/ +//Module Description +$module_description = 'This module allows you to create customised online forms, such as a feedback form. Thank-you to Rudolph Lartey who help enhance this module, providing code for extra field types, etc.'; + +//Variables for the backend +$MOD_FORM['SETTINGS'] = 'Form Settings'; +$MOD_FORM['CONFIRM'] = 'Confirmation'; +$MOD_FORM['SUBMIT_FORM'] = 'Submit'; +$MOD_FORM['EMAIL_SUBJECT'] = 'Delivering a message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_TEXT'] = 'Thank you for sending your message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_SUBJECT'] = 'You have submitted a message to '.WEBSITE_TITLE; + +$MOD_TEXT['FROM'] = 'Sender'; +$MOD_TEXT['TO'] = 'Recipient'; Index: branches/2.8.x/wb/modules/form/languages/DE.php =================================================================== --- branches/2.8.x/wb/modules/form/languages/DE.php (revision 1552) +++ branches/2.8.x/wb/modules/form/languages/DE.php (revision 1553) @@ -28,5 +28,15 @@ //Variablen fuer backend Texte $MOD_FORM['SETTINGS'] = 'Formular Einstellungen'; - -?> \ No newline at end of file +$MOD_FORM['CONFIRM'] = 'Bestätigung'; +$MOD_FORM['SUBMIT_FORM'] = 'Absenden'; +$MOD_FORM['EMAIL_SUBJECT'] = 'Erhalten einer Nachricht von '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_TEXT'] = 'E-Mail wurde erfolgreich über '.WEBSITE_TITLE.' gesendet!'; +$MOD_FORM['SUCCESS_EMAIL_SUBJECT'] = 'Sie haben ein Forumlar an '.WEBSITE_TITLE.' gesendet'; +/* +$MOD_FORM['EMAIL_SUBJECT'] = 'Delivering a message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_TEXT'] = 'Thank you for sending your message from '.WEBSITE_TITLE; +$MOD_FORM['SUCCESS_EMAIL_SUBJECT'] = 'You have submitted a message'; +*/ +$MOD_TEXT['FROM'] = 'Absender'; +$MOD_TEXT['TO'] = 'Empfänger'; Index: branches/2.8.x/wb/modules/form/frontend.css =================================================================== --- branches/2.8.x/wb/modules/form/frontend.css (revision 1552) +++ branches/2.8.x/wb/modules/form/frontend.css (revision 1553) @@ -1,46 +1,14 @@ -.required { - color: #FF0000; -} -.field_title { - font-size: 12px; - width: 100px; - vertical-align: top; - text-align:right; -} -.textfield { - font-size: 12px; - width: 200px; -} -.textarea { - font-size: 12px; - width: 90%; - height: 100px; -} -.field_heading { - font-size: 12px; - font-weight: bold; - border-bottom-width: 2px; - border-bottom-style: solid; - border-bottom-color: #666666; - padding-top: 10px; - color: #666666; -} -.select { - font-size: 12px; -} -.checkbox_label { - font-size: 11px; - cursor: pointer; -} -.radio_label { - font-size: 11px; - cursor: pointer; -} -.email { - font-size: 12px; - width: 200px; -} -/*** Don't remove the class nixhier, this is required for ASP ***/ -.nixhier { - display:none; -} \ No newline at end of file +.frm-required { color :#ff0000; } +.frm-field_title { font-size :12px; width :25%; vertical-align :top; white-space :nowrap; text-align :right; } +.frm-textfield { font-size :12px; width :90%; } +.frm-textarea { font-size :12px; width :100%; height :100px; } +.frm-field_heading { font-size :12px; font-weight :bold; border-bottom-width :2px; border-bottom-style :solid; border-bottom-color :#666666; padding-top :10px; color :#666666; } +.frm-select { font-size :12px; width :50%; } +.frm-select option { font-size :12px; width :95%; } +.frm-field_checkbox { font-size :11px; cursor :pointer; width :30px; vertical-align :middle; } +.frm-checkbox_label { font-size :11px; cursor :pointer; width :auto; } +.frm-radio_label { font-size :11px; cursor :pointer; } +.frm-email { font-size :12px; width : 90%; } +/*** Don't remove the class nixhier, this is required for ASP ***/ +.frm-nixhier { display :none; } +.frm-submission { margin :0 auto; position :relative; width :auto; } \ No newline at end of file Index: branches/2.8.x/wb/modules/form/view_submission.php =================================================================== --- branches/2.8.x/wb/modules/form/view_submission.php (revision 1552) +++ branches/2.8.x/wb/modules/form/view_submission.php (revision 1553) @@ -21,28 +21,33 @@ // Include WB admin wrapper script require(WB_PATH.'/modules/admin.php'); /* */ + // Get id -$submission_id = $admin->checkIDKEY('submission_id', false, 'GET'); +$submission_id = intval($admin->checkIDKEY('submission_id', false, 'GET')); if (!$submission_id) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id); } // Get submission details -$query_content = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'"); -$submission = $query_content->fetchRow(); - +$sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_submissions` '; +$sql .= 'WHERE submission_id = '.$submission_id.' '; +if($query_content = $database->query($sql)) { + $submission = $query_content->fetchRow(MYSQL_ASSOC); +} // Get the user details of whoever did this submission -$query_user = "SELECT username,display_name FROM ".TABLE_PREFIX."users WHERE user_id = '".$submission['submitted_by']."'"; -$get_user = $database->query($query_user); -if($get_user->numRows() != 0) { - $user = $get_user->fetchRow(); -} else { - $user['display_name'] = 'Unknown'; - $user['username'] = 'unknown'; +$sql = 'SELECT `username`,`display_name` FROM `'.TABLE_PREFIX.'users` '; +$sql .= 'WHERE `user_id` = '.$submission['submitted_by']; +if($get_user = $database->query($sql)) { + if($get_user->numRows() != 0) { + $user = $get_user->fetchRow(MYSQL_ASSOC); + } else { + $user['display_name'] = 'Unknown'; + $user['username'] = 'unknown'; + } } - +$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); ?> - +

@@ -50,7 +55,7 @@ - + @@ -69,11 +74,9 @@
- +print_footer(); - -?> \ No newline at end of file Index: branches/2.8.x/wb/modules/form/modify.php =================================================================== --- branches/2.8.x/wb/modules/form/modify.php (revision 1552) +++ branches/2.8.x/wb/modules/form/modify.php (revision 1553) @@ -28,12 +28,21 @@ if(function_exists('ini_set')) { ini_set('arg_separator.output', '&'); } +include_once(WB_PATH.'/framework/functions.php'); +$sec_anchor = (defined( 'SEC_ANCHOR' ) && ( SEC_ANCHOR != '' ) ? '#'.SEC_ANCHOR.$section['section_id'] : '' ); + //Delete all form fields with no title -$database->query("DELETE FROM ".TABLE_PREFIX."mod_form_fields WHERE page_id = '$page_id' and section_id = '$section_id' and title=''"); +$sql = 'DELETE FROM `'.TABLE_PREFIX.'mod_form_fields` '; +$sql .= 'WHERE page_id = '.(int)$page_id.' '; +$sql .= 'AND section_id = '.(int)$section_id.' '; +$sql .= 'AND title=\'\' '; +if( !$database->query($sql) ) { +// error msg +} ?> -

:
:
:

@@ -50,96 +59,123 @@ query("SELECT * FROM `".TABLE_PREFIX."mod_form_fields` WHERE section_id = '$section_id' ORDER BY position ASC"); -if($query_fields->numRows() > 0) { - $num_fields = $query_fields->numRows(); - $row = 'a'; - ?> - - fetchRow()) { +$sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_fields` '; +$sql .= 'WHERE `section_id` = '.(int)$section_id.' '; +$sql .= 'ORDER BY `position` ASC'; +if($query_fields = $database->query($sql)) { + if($query_fields->numRows() > 0) { + $num_fields = $query_fields->numRows(); + $row = 'a'; ?> - - - -

- -

- - - -

+ + + + + + + + + + + fetchRow(MYSQL_ASSOC)) { + ?> + + + + + + - - + + + + + - - - - - + } + ?> +

	ID				+	+ +
+ + + +	+ + + +	+ + + +	+ +	+ -	- -	+	+ +	+ + + + + +	+ + + + + +	+getIDKEY($field['field_id'])) + ?> + + + +
- - - - - -	- - - - - -	- - - -

-

@@ -149,40 +185,47 @@ query("SELECT * FROM `".TABLE_PREFIX."mod_form_submissions` WHERE section_id = '$section_id' ORDER BY submitted_when ASC"); -if($query_submissions->numRows() > 0) { - ?> - - fetchRow()) { +$sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_form_submissions` '; +$sql .= 'WHERE `section_id` = '.(int)$section_id.' '; +$sql .= 'ORDER BY `submitted_when` ASC '; +if($query_submissions = $database->query($sql)) { + if($query_submissions->numRows() > 0) { ?> - - - - - - +

- -

- -

fetchRow(MYSQL_ASSOC)) { + ?> + + + + + + + +

+ +

+getIDKEY($submission['submission_id'])) + ?> + +

+ +

+ -

- '; -$field_loop = '{TITLE}{REQUIRED}:{FIELD}'; -$footer = ' - - - - -'; +$header = ''; +$field_loop = ''.PHP_EOL.''.PHP_EOL.''.PHP_EOL.''; +$footer = ''.PHP_EOL.''.PHP_EOL.' +'.PHP_EOL.' +'.PHP_EOL.' +

{TITLE}{REQUIRED}:	{FIELD}
	'.PHP_EOL.' +'.PHP_EOL.' +

'.PHP_EOL; $email_to = $admin->get_email(); $email_from = ''; $email_fromname = ''; -$email_subject = 'Results from form on website...'; +$email_subject = $MOD_FORM['EMAIL_SUBJECT']; $success_page = 'none'; -$success_email_to = ''; +$success_email_to = SERVER_EMAIL; $success_email_from = $admin->get_email(); -$success_email_fromname = ''; -$success_email_text = 'Thank you for submitting your form on '.WEBSITE_TITLE; +$success_email_fromname = WBMAILER_DEFAULT_SENDERNAME; +$success_email_text = $MOD_FORM['SUCCESS_EMAIL_TEXT']; $success_email_text = addslashes($success_email_text); -$success_email_subject = 'You have submitted a form'; +$success_email_subject = $MOD_FORM['SUCCESS_EMAIL_SUBJECT']; $max_submissions = 50; $stored_submissions = 50; $use_captcha = true; -$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_settings (page_id,section_id,header,field_loop,footer,email_to,email_from,email_fromname,email_subject,success_page,success_email_to,success_email_from,success_email_fromname,success_email_text,success_email_subject,max_submissions,stored_submissions,use_captcha) VALUES ('$page_id','$section_id','$header','$field_loop','$footer','$email_to','$email_from','$email_fromname','$email_subject','$success_page','$success_email_to','$success_email_from','$success_email_fromname','$success_email_text','$success_email_subject','$max_submissions','$stored_submissions','$use_captcha')"); + +// $database->query("INSERT INTO ".TABLE_PREFIX."mod_form_settings (page_id,section_id,header,field_loop,footer,email_to,email_from,email_fromname,email_subject,success_page,success_email_to,success_email_from,success_email_fromname,success_email_text,success_email_subject,max_submissions,stored_submissions,use_captcha) VALUES ('$page_id','$section_id','$header','$field_loop','$footer','$email_to','$email_from','$email_fromname','$email_subject','$success_page','$success_email_to','$success_email_from','$success_email_fromname','$success_email_text','$success_email_subject','$max_submissions','$stored_submissions','$use_captcha')"); + +// Insert settings +$sql = 'INSERT INTO `'.TABLE_PREFIX.'mod_form_settings` SET '; +$sql .= '`section_id` = \''.$section_id.'\', '; +$sql .= '`page_id` = \''.$page_id.'\', '; +$sql .= '`header` = \''.$header.'\', '; +$sql .= '`field_loop` = \''.$field_loop.'\', '; +$sql .= '`footer` = \''.$footer.'\', '; +$sql .= '`email_to` = \''.$email_to.'\', '; +$sql .= '`email_from` = \''.$email_from.'\', '; +$sql .= '`email_fromname` = \''.$email_fromname.'\', '; +$sql .= '`email_subject` = \''.$email_subject.'\', '; +$sql .= '`success_page` = \''.$success_page.'\', '; +$sql .= '`success_email_to` = \''.$success_email_to.'\', '; +$sql .= '`success_email_from` = \''.$success_email_from.'\', '; +$sql .= '`success_email_fromname` = \''.$success_email_fromname.'\', '; +$sql .= '`success_email_text` = \''.$success_email_text.'\', '; +$sql .= '`success_email_subject` = \''.$success_email_subject.'\', '; +$sql .= '`max_submissions` = \''.$max_submissions.'\', '; +$sql .= '`stored_submissions` = \''.$stored_submissions.'\', '; +$sql .= '`use_captcha` = \''.$use_captcha.'\' '; +$sql .= ''; +if($database->query($sql)) { + // $admin->print_success($TEXT['SUCCESS'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id.$sec_anchor); +}