Revision 358
Added by ryan over 18 years ago
| trunk/wb/modules/form/view.php | ||
|---|---|---|
| 59 | 59 |
$n = '<input class="field_radio" type="radio" id="'.$n.'" name="field'.$field_id.'" value="'.$n.'">'.'<font class="radio_label" onclick="javascript: document.getElementById(\''.$n.'\').checked = true;">'.$n.'</font>'.$seperator; |
| 60 | 60 |
} |
| 61 | 61 |
|
| 62 |
// Generate temp submission id |
|
| 63 |
function new_submission_id() {
|
|
| 64 |
$submission_id = ''; |
|
| 65 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
| 66 |
srand((double)microtime()*1000000); |
|
| 67 |
$i = 0; |
|
| 68 |
while ($i <= 7) {
|
|
| 69 |
$num = rand() % 33; |
|
| 70 |
$tmp = substr($salt, $num, 1); |
|
| 71 |
$submission_id = $submission_id . $tmp; |
|
| 72 |
$i++; |
|
| 73 |
} |
|
| 74 |
return $submission_id; |
|
| 75 |
} |
|
| 76 |
|
|
| 62 | 77 |
// Work-out if the form has been submitted or not |
| 63 | 78 |
if($_POST == array()) {
|
| 64 | 79 |
|
| 65 |
// Generate temp submission id |
|
| 66 |
$submission_id = ''; |
|
| 67 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
| 68 |
srand((double)microtime()*1000000); |
|
| 69 |
$i = 0; |
|
| 70 |
while ($i <= 7) {
|
|
| 71 |
$num = rand() % 33; |
|
| 72 |
$tmp = substr($salt, $num, 1); |
|
| 73 |
$submission_id = $submission_id . $tmp; |
|
| 74 |
$i++; |
|
| 75 |
} |
|
| 80 |
// Set new submission ID in session |
|
| 81 |
$_SESSION['form_submission_id'] = new_submission_id(); |
|
| 76 | 82 |
|
| 77 |
// Set submission ID in session |
|
| 78 |
$_SESSION['form_submission_id'] = $submission_id; |
|
| 79 |
|
|
| 80 | 83 |
?> |
| 81 | 84 |
<style type="text/css"> |
| 82 | 85 |
.required {
|
| ... | ... | |
| 141 | 144 |
// Add form starter code |
| 142 | 145 |
?> |
| 143 | 146 |
<form name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> |
| 144 |
<input type="hidden" name="submission_id" value="<?php echo $submission_id; ?>" />
|
|
| 147 |
<input type="hidden" name="submission_id" value="<?php echo $_SESSION['form_submission_id']; ?>" />
|
|
| 145 | 148 |
<?php |
| 146 | 149 |
|
| 147 | 150 |
// Print header |
| ... | ... | |
| 228 | 231 |
// Check that submission ID matches |
| 229 | 232 |
if(isset($_SESSION['form_submission_id']) AND isset($_POST['submission_id']) AND $_SESSION['form_submission_id'] == $_POST['submission_id']) {
|
| 230 | 233 |
|
| 234 |
// Set new submission ID in session |
|
| 235 |
$_SESSION['form_submission_id'] = new_submission_id(); |
|
| 236 |
|
|
| 231 | 237 |
// Submit form data |
| 232 | 238 |
// First start message settings |
| 233 | 239 |
$query_settings = $database->query("SELECT email_to,email_from,email_subject,success_message,max_submissions,stored_submissions,use_captcha FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
|
| ... | ... | |
| 325 | 331 |
echo '<li>'.$captcha_error.'</li>'; |
| 326 | 332 |
echo '</ul><a href="javascript: history.go(-1);">'.$TEXT['BACK'].'</a>'; |
| 327 | 333 |
} else {
|
| 328 |
|
|
| 329 |
// Check how many times form has been submitted in last hour |
|
| 330 |
$last_hour = time()-3600; |
|
| 331 |
$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions WHERE submitted_when >= '$last_hour'");
|
|
| 332 |
if($query_submissions->numRows() > $max_submissions) {
|
|
| 333 |
// Too many submissions so far this hour |
|
| 334 |
echo $MESSAGE['MOD_FORM']['EXCESS_SUBMISSIONS']; |
|
| 335 |
$success = false; |
|
| 336 |
} else {
|
|
| 337 |
// Now send the email |
|
| 338 |
if($email_to != '') {
|
|
| 339 |
if($email_from != '') {
|
|
| 340 |
if($wb->mail($email_from,$email_to,$email_subject,$email_body)) { $success = true; }
|
|
| 341 |
} |
|
| 342 |
} |
|
| 343 |
// Write submission to database |
|
| 344 |
if(isset($admin) AND $admin->get_user_id() > 0) {
|
|
| 345 |
$admin->get_user_id(); |
|
| 334 |
|
|
| 335 |
// Check how many times form has been submitted in last hour |
|
| 336 |
$last_hour = time()-3600; |
|
| 337 |
$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions WHERE submitted_when >= '$last_hour'");
|
|
| 338 |
if($query_submissions->numRows() > $max_submissions) {
|
|
| 339 |
// Too many submissions so far this hour |
|
| 340 |
echo $MESSAGE['MOD_FORM']['EXCESS_SUBMISSIONS']; |
|
| 341 |
$success = false; |
|
| 346 | 342 |
} else {
|
| 347 |
$submitted_by = 0; |
|
| 348 |
} |
|
| 349 |
$email_body = $wb->add_slashes($email_body); |
|
| 350 |
$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_submissions (page_id,section_id,submitted_when,submitted_by,body) VALUES ('".PAGE_ID."','$section_id','".mktime()."','$submitted_by','$email_body')");
|
|
| 351 |
// Make sure submissions table isn't too full |
|
| 352 |
$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when");
|
|
| 353 |
$num_submissions = $query_submissions->numRows(); |
|
| 354 |
if($num_submissions > $stored_submissions) {
|
|
| 355 |
// Remove excess submission |
|
| 356 |
$num_to_remove = $num_submissions-$stored_submissions; |
|
| 357 |
while($submission = $query_submissions->fetchRow()) {
|
|
| 358 |
if($num_to_remove > 0) {
|
|
| 359 |
$submission_id = $submission['submission_id']; |
|
| 360 |
$database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'");
|
|
| 361 |
$num_to_remove = $num_to_remove-1; |
|
| 343 |
// Now send the email |
|
| 344 |
if($email_to != '') {
|
|
| 345 |
if($email_from != '') {
|
|
| 346 |
if($wb->mail($email_from,$email_to,$email_subject,$email_body)) { $success = true; }
|
|
| 362 | 347 |
} |
| 348 |
} |
|
| 349 |
// Write submission to database |
|
| 350 |
if(isset($admin) AND $admin->get_user_id() > 0) {
|
|
| 351 |
$admin->get_user_id(); |
|
| 352 |
} else {
|
|
| 353 |
$submitted_by = 0; |
|
| 363 | 354 |
} |
| 355 |
$email_body = $wb->add_slashes($email_body); |
|
| 356 |
$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_submissions (page_id,section_id,submitted_when,submitted_by,body) VALUES ('".PAGE_ID."','$section_id','".mktime()."','$submitted_by','$email_body')");
|
|
| 357 |
// Make sure submissions table isn't too full |
|
| 358 |
$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when");
|
|
| 359 |
$num_submissions = $query_submissions->numRows(); |
|
| 360 |
if($num_submissions > $stored_submissions) {
|
|
| 361 |
// Remove excess submission |
|
| 362 |
$num_to_remove = $num_submissions-$stored_submissions; |
|
| 363 |
while($submission = $query_submissions->fetchRow()) {
|
|
| 364 |
if($num_to_remove > 0) {
|
|
| 365 |
$submission_id = $submission['submission_id']; |
|
| 366 |
$database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'");
|
|
| 367 |
$num_to_remove = $num_to_remove-1; |
|
| 368 |
} |
|
| 369 |
} |
|
| 370 |
} |
|
| 371 |
if(!$database->is_error()) {
|
|
| 372 |
$success = true; |
|
| 373 |
} |
|
| 364 | 374 |
} |
| 365 |
if(!$database->is_error()) {
|
|
| 366 |
$success = true; |
|
| 367 |
} |
|
| 368 |
} |
|
| 369 |
|
|
| 375 |
} |
|
| 370 | 376 |
} |
| 371 |
|
|
| 372 |
// Now check if the email was sent successfully |
|
| 373 |
if(isset($success) AND $success == true) {
|
|
| 374 |
echo $success_message; |
|
| 375 |
} else {
|
|
| 376 |
echo $TEXT['ERROR']; |
|
| 377 |
} |
|
| 378 |
|
|
| 379 |
} |
|
| 380 | 377 |
} |
| 381 | 378 |
|
| 379 |
// Now check if the email was sent successfully |
|
| 380 |
if(isset($success) AND $success == true) {
|
|
| 381 |
echo $success_message; |
|
| 382 |
} else {
|
|
| 383 |
echo $TEXT['ERROR']; |
|
| 384 |
} |
|
| 385 |
|
|
| 382 | 386 |
} |
| 383 | 387 |
|
| 384 | 388 |
?> |
Also available in: Unified diff
Fixed problems that weren't fully addressed in changeset 356