Project

General

Profile

1
<?php
2

    
3
// $Id$
4

    
5
/*
6

    
7
 Website Baker Project <http://www.websitebaker.org/>
8
 Copyright (C) 2004-2008, Ryan Djurovich
9

    
10
 Website Baker is free software; you can redistribute it and/or modify
11
 it under the terms of the GNU General Public License as published by
12
 the Free Software Foundation; either version 2 of the License, or
13
 (at your option) any later version.
14

    
15
 Website Baker is distributed in the hope that it will be useful,
16
 but WITHOUT ANY WARRANTY; without even the implied warranty of
17
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
 GNU General Public License for more details.
19

    
20
 You should have received a copy of the GNU General Public License
21
 along with Website Baker; if not, write to the Free Software
22
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23

    
24
*/
25

    
26
/*
27
The Website Baker Project would like to thank Rudolph Lartey <www.carbonect.com>
28
for his contributions to this module - adding extra field types
29
*/
30

    
31
// Must include code to stop this file being access directly
32
if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
33

    
34
// check if frontend.css file needs to be included into the <body></body> of view.php
35
if((!function_exists('register_frontend_modfiles') || !defined('MOD_FRONTEND_CSS_REGISTERED')) &&  file_exists(WB_PATH .'/modules/form/frontend.css')) {
36
   echo '<style type="text/css">';
37
   include(WB_PATH .'/modules/form/frontend.css');
38
   echo "\n</style>\n";
39
} 
40

    
41
// Function for generating an optionsfor a select field
42
if (!function_exists(make_option)) {
43
function make_option(&$n) {
44
	// start option group if it exists
45
	if (substr($n,0,2) == '[=') {
46
	 	$n = '<optgroup label="'.substr($n,2,strlen($n)).'">';
47
	} elseif ($n == ']') {
48
		$n = '</optgroup>';
49
	} else {
50
		$n = '<option value="'.$n.'">'.$n.'</option>';
51
	}
52
}
53
}
54
// Function for generating a checkbox
55
if (!function_exists(make_checkbox)) {
56
function make_checkbox(&$n, $idx, $params) {
57
	$field_id = $params[0];
58
	$seperator = $params[1];
59
	//$n = '<input class="field_checkbox" type="checkbox" id="'.$n.'" name="field'.$field_id.'" value="'.$n.'">'.'<font class="checkbox_label" onclick="javascript: document.getElementById(\''.$n.'\').checked = !document.getElementById(\''.$n.'\').checked;">'.$n.'</font>'.$seperator;
60
	$n = '<input class="field_checkbox" type="checkbox" id="'.$n.'" name="field'.$field_id.'['.$idx.']" value="'.$n.'">'.'<font class="checkbox_label" onclick="javascript: document.getElementById(\''.$n.'\').checked = !document.getElementById(\''.$n.'\').checked;">'.$n.'</font>'.$seperator;
61
}
62
}
63
// Function for generating a radio button
64
if (!function_exists(make_radio)) {
65
function make_radio(&$n, $idx, $params) {
66
	$field_id = $params[0];
67
	$group = $params[1];
68
	$seperator = $params[2];
69
	$n = '<input class="field_radio" type="radio" id="'.$n.'" name="field'.$field_id.'" value="'.$n.'">'.'<font class="radio_label" onclick="javascript: document.getElementById(\''.$n.'\').checked = true;">'.$n.'</font>'.$seperator;
70
}
71
}
72
// Generate temp submission id
73
function new_submission_id() {
74
	$submission_id = '';
75
	$salt = "abchefghjkmnpqrstuvwxyz0123456789";
76
	srand((double)microtime()*1000000);
77
	$i = 0;
78
	while ($i <= 7) {
79
		$num = rand() % 33;
80
		$tmp = substr($salt, $num, 1);
81
		$submission_id = $submission_id . $tmp;
82
		$i++;
83
	}
84
	return $submission_id;
85
}
86

    
87
// Work-out if the form has been submitted or not
88
if($_POST == array()) {
89

    
90
// Set new submission ID in session
91
$_SESSION['form_submission_id'] = new_submission_id();
92

    
93
// Get settings
94
$query_settings = $database->query("SELECT header,field_loop,footer,use_captcha FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
95
if($query_settings->numRows() > 0) {
96
	$fetch_settings = $query_settings->fetchRow();
97
	$header = str_replace('{WB_URL}',WB_URL,$fetch_settings['header']);
98
	$field_loop = $fetch_settings['field_loop'];
99
	$footer = str_replace('{WB_URL}',WB_URL,$fetch_settings['footer']);
100
	$use_captcha = $fetch_settings['use_captcha'];
101
} else {
102
	$header = '';
103
	$field_loop = '';
104
	$footer = '';
105
}
106

    
107
$java_fields = '';
108
$java_titles = '';
109
$java_tween = ''; // I know kinda stupid, anyone better idea?
110
$java_mailcheck = '';
111

    
112
// Add form starter code
113
?>
114
<form name="form" onsubmit="return formCheck(this);" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
115
<input type="hidden" name="submission_id" value="<?php echo $_SESSION['form_submission_id']; ?>" />
116
<?php
117

    
118
// Print header
119
echo $header;
120

    
121
// Get list of fields
122
$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
123
if($query_fields->numRows() > 0) {
124
	while($field = $query_fields->fetchRow()) {
125
		// Set field values
126
		$field_id = $field['field_id'];
127
		$value = $field['value'];
128
		// Print field_loop after replacing vars with values
129
		$vars = array('{TITLE}', '{REQUIRED}');
130
		$values = array($field['title']);
131
		if($field['required'] == 1) {
132
			$values[] = '<font class="required">*</font>';
133
			$java_fields .= $java_tween.'"field'.$field_id.'"';
134
			$java_titles .= $java_tween.'"'.$field['title'].'"';
135
			$java_tween = ', ';
136
		} else {
137
			$values[] = '';
138
		}
139
		if($field['type'] == 'textfield') {
140
			$vars[] = '{FIELD}';
141
			$values[] = '<input type="text" name="field'.$field_id.'" id="field'.$field_id.'" maxlength="'.$field['extra'].'" value="'.$value.'" class="textfield" />';
142
		} elseif($field['type'] == 'textarea') {
143
			$vars[] = '{FIELD}';
144
			$values[] = '<textarea name="field'.$field_id.'" id="field'.$field_id.'" class="textarea">'.$value.'</textarea>';
145
		} elseif($field['type'] == 'select') {
146
			$vars[] = '{FIELD}';
147
			$options = explode(',', $value);
148
			array_walk($options, 'make_option');
149
			$field['extra'] = explode(',',$field['extra']); 
150
			$values[] = '<select name="field'.$field_id.'[]" id="field'.$field_id.'" size="'.$field['extra'][0].'" '.$field['extra'][1].' class="select">'.implode($options).'</select>';
151
		} elseif($field['type'] == 'heading') {
152
			$vars[] = '{FIELD}';
153
			$values[] = '<input type="hidden" name="field'.$field_id.'" id="field'.$field_id.'" value="===['.$field['title'].']===" />';
154
			$tmp_field_loop = $field_loop;		// temporarily modify the field loop template
155
			$field_loop = $field['extra'];
156
		} elseif($field['type'] == 'checkbox') {
157
			$vars[] = '{FIELD}';
158
			$options = explode(',', $value);
159
			array_walk($options, 'make_checkbox',array($field_id,$field['extra']));
160
			$options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra']));
161
			$values[] = implode($options);
162
		} elseif($field['type'] == 'radio') {
163
			$vars[] = '{FIELD}';
164
			$options = explode(',', $value);
165
			array_walk($options, 'make_radio',array($field_id,$field['title'],$field['extra']));
166
			$options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra']));
167
			$values[] = implode($options);
168
		} elseif($field['type'] == 'email') {
169
			$vars[] = '{FIELD}';
170
			$values[] = '<input type="text" name="field'.$field_id.'" onChange="return checkmail(this.form.field'.$field_id.')"  id="field'.$field_id.'" maxlength="'.$field['extra'].'" class="email" />';
171
			$java_mailcheck .= 'onChange="return checkmail(this.form'.$field_id.'" ';
172
		}
173
		if($field['type'] != '') {
174
			echo str_replace($vars, $values, $field_loop);
175
		}
176
		if (isset($tmp_field_loop)) $field_loop = $tmp_field_loop;
177
	}
178
}
179

    
180
// Captcha
181
if($use_captcha) {
182
	$_SESSION['captcha'] = '';
183
	for($i = 0; $i < 5; $i++) {
184
		$_SESSION['captcha'] .= rand(0,9);
185
	}
186
	?><tr><td class="field_title"><?php echo $TEXT['VERIFICATION']; ?>:</td><td>
187
	<table cellpadding="2" cellspacing="0" border="0">
188
	<tr><td><img src="<?php echo WB_URL; ?>/include/captcha.php?t=<?php echo time(); ?>" alt="Captcha" /></td>
189
	<td><input type="text" name="captcha" maxlength="5" /></td>
190
	</tr></table>
191
	</td></tr>
192
	<?php
193
}
194
echo '
195
<script language="JavaScript">
196
<!--
197

    
198
/***********************************************
199
* Required field(s) validation v1.10- By NavSurf
200
* Visit Nav Surf at http://navsurf.com
201
* Visit http://www.dynamicdrive.com/ for full source code
202
***********************************************/
203

    
204
function formCheck(formobj){
205
	// Enter name of mandatory fields
206
	var fieldRequired = Array('.$java_fields.');
207
	// Enter field description to appear in the dialog box
208
	var fieldDescription = Array('.$java_titles.');
209
	// dialog message
210
	var alertMsg = "'.$MESSAGE['MOD_FORM']['REQUIRED_FIELDS'].':\n";
211
	
212
	var l_Msg = alertMsg.length;
213
	
214
	for (var i = 0; i < fieldRequired.length; i++){
215
		var obj = formobj.elements[fieldRequired[i]];
216
		if (obj){
217
			switch(obj.type){
218
			case "select-one":
219
				if (obj.selectedIndex == -1 || obj.options[obj.selectedIndex].text == ""){
220
					alertMsg += " - " + fieldDescription[i] + "\n";
221
				}
222
				break;
223
			case "select-multiple":
224
				if (obj.selectedIndex == -1){
225
					alertMsg += " - " + fieldDescription[i] + "\n";
226
				}
227
				break;
228
			case "text":
229
			case "textarea":
230
				if (obj.value == "" || obj.value == null){
231
					alertMsg += " - " + fieldDescription[i] + "\n";
232
				}
233
				break;
234
			default:
235
			}
236
			if (obj.type == undefined){
237
				var blnchecked = false;
238
				for (var j = 0; j < obj.length; j++){
239
					if (obj[j].checked){
240
						blnchecked = true;
241
					}
242
				}
243
				if (!blnchecked){
244
					alertMsg += " - " + fieldDescription[i] + "\n";
245
				}
246
			}
247
		}
248
	}
249

    
250
	if (alertMsg.length == l_Msg){
251
		return true;
252
	}else{
253
		alert(alertMsg);
254
		return false;
255
	}
256
}
257
/***********************************************
258
* Email Validation script- ? Dynamic Drive (www.dynamicdrive.com)
259
* This notice must stay intact for legal use.
260
* Visit http://www.dynamicdrive.com/ for full source code
261
***********************************************/
262

    
263
var emailfilter=/^\w+[\+\.\w-]*@([\w-]+\.)*\w+[\w-]*\.([a-z]{2,4}|\d+)$/i
264

    
265
function checkmail(e){
266
var returnval=emailfilter.test(e.value);
267
if (returnval==false){
268
alert("Please enter a valid email address.");
269
e.select();
270
}
271
return returnval;
272
}
273
-->
274

    
275
</script>';
276

    
277

    
278
// Print footer
279
echo $footer;
280

    
281
// Add form end code
282
?>
283
</form>
284
<?php
285

    
286
} else {
287
	
288
	// Check that submission ID matches
289
	if(isset($_SESSION['form_submission_id']) AND isset($_POST['submission_id']) AND $_SESSION['form_submission_id'] == $_POST['submission_id']) {
290
		
291
		// Set new submission ID in session
292
		$_SESSION['form_submission_id'] = new_submission_id();
293
		
294
		// Submit form data
295
		// First start message settings
296
		$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
297
		if($query_settings->numRows() > 0) {
298
			$fetch_settings = $query_settings->fetchRow();
299
			$email_to = $fetch_settings['email_to'];
300
			$email_from = $fetch_settings['email_from'];
301
			if(substr($email_from, 0, 5) == 'field') {
302
				// Set the email from field to what the user entered in the specified field
303
				$email_from = $wb->add_slashes($_POST[$email_from]);
304
			}
305
			$email_subject = $fetch_settings['email_subject'];
306
			$success_page = $fetch_settings['success_page'];
307
			$success_email_to = $fetch_settings['success_email_to'];
308
			if(substr($success_email_to, 0, 5) == 'field') {
309
				// Set the success_email to field to what the user entered in the specified field
310
				$success_email_to = $wb->add_slashes($_POST[$success_email_to]);
311
			}
312
			$success_email_from = $fetch_settings['success_email_from'];
313
			$success_email_text = $fetch_settings['success_email_text'];
314
			$success_email_subject = $fetch_settings['success_email_subject'];		
315
			$max_submissions = $fetch_settings['max_submissions'];
316
			$stored_submissions = $fetch_settings['stored_submissions'];
317
			$use_captcha = $fetch_settings['use_captcha'];
318
		} else {
319
			exit($TEXT['UNDER_CONSTRUCTION']);
320
		}
321
		$email_body = '';
322
		
323
		// Create blank "required" array
324
		$required = array();
325
		
326
		// Loop through fields and add to message body
327
		// Get list of fields
328
		$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
329
		if($query_fields->numRows() > 0) {
330
			while($field = $query_fields->fetchRow()) {
331
				// Add to message body
332
				if($field['type'] != '') {
333
					if(!empty($_POST['field'.$field['field_id']])) {
334
						if($field['type'] == 'email' AND $admin->validate_email($_POST['field'.$field['field_id']]) == false) {
335
							$email_error = $MESSAGE['USERS']['INVALID_EMAIL'];
336
						}
337
						if($field['type'] == 'heading') {
338
							$email_body .= $_POST['field'.$field['field_id']]."\n\n";
339
						} elseif (!is_array($_POST['field'.$field['field_id']])) {
340
							$email_body .= $field['title'].': '.$_POST['field'.$field['field_id']]."\n\n";
341
						} else {
342
							$email_body .= $field['title'].": \n";
343
							foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
344
								$email_body .= $v."\n";
345
							}
346
							$email_body .= "\n";
347
						}
348
					} elseif($field['required'] == 1) {
349
						$required[] = $field['title'];
350
					}
351
				}
352
			}
353
		}
354
		
355
		// Captcha
356
		if(extension_loaded('gd') AND function_exists('imageCreateFromJpeg')) { /* Make's sure GD library is installed */
357
			if($use_captcha) {
358
				if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
359
					// Check for a mismatch
360
					if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
361
						$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
362
					}
363
				} else {
364
					$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
365
				}
366
			}
367
		}
368
		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
369
		
370
		// Addslashes to email body - proposed by Icheb in topic=1170.0
371
		// $email_body = $wb->add_slashes($email_body);
372
		
373
		// Check if the user forgot to enter values into all the required fields
374
		if($required != array()) {
375
			if(!isset($MESSAGE['MOD_FORM']['REQUIRED_FIELDS'])) {
376
				echo 'You must enter details for the following fields';
377
			} else {
378
				echo $MESSAGE['MOD_FORM']['REQUIRED_FIELDS'];
379
			}
380
			echo ':<br /><ul>';
381
			foreach($required AS $field_title) {
382
				echo '<li>'.$field_title;
383
			}
384
			if(isset($email_error)) { echo '<li>'.$email_error.'</li>'; }
385
			if(isset($captcha_error)) { echo '<li>'.$captcha_error.'</li>'; }
386
			echo '</ul><a href="javascript: history.go(-1);">'.$TEXT['BACK'].'</a>';
387
			
388
		} else {
389
			
390
			if(isset($email_error)) {
391
				echo '<br /><ul>';
392
				echo '<li>'.$email_error.'</li>';
393
				echo '</ul><a href="javascript: history.go(-1);">'.$TEXT['BACK'].'</a>';
394
			} elseif(isset($captcha_error)) {
395
				echo '<br /><ul>';
396
				echo '<li>'.$captcha_error.'</li>';
397
				echo '</ul><a href="javascript: history.go(-1);">'.$TEXT['BACK'].'</a>';
398
			} else {
399
				
400
				// Check how many times form has been submitted in last hour
401
				$last_hour = time()-3600;
402
				$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions WHERE submitted_when >= '$last_hour'");
403
				if($query_submissions->numRows() > $max_submissions) {
404
					// Too many submissions so far this hour
405
					echo $MESSAGE['MOD_FORM']['EXCESS_SUBMISSIONS'];
406
					$success = false;
407
				} else {
408
					// Now send the email
409
					if($email_to != '') {
410
						if($email_from != '') {
411
							if($wb->mail($email_from,$email_to,$email_subject,$email_body)) {
412
								$success = true;
413
							}
414
						} else {
415
							if($wb->mail('',$email_to,$email_subject,$email_body)) { 
416
								$success = true; 
417
							}
418
						}
419
					}				
420
					if($success_email_to != '') {
421
						if($success_email_from != '') {
422
							if($wb->mail($success_email_from,$success_email_to,$success_email_subject,$success_email_text)) {
423
								$success = true;
424
							}
425
						} else {
426
							if($wb->mail('',$success_email_to,$success_email_subject,$success_email_text)) {
427
								$success = true;
428
							}
429
						}
430
					}				
431
			
432
					// Write submission to database
433
					if(isset($admin) AND $admin->get_user_id() > 0) {
434
						$admin->get_user_id();
435
					} else {
436
						$submitted_by = 0;
437
					}
438
					$email_body = $wb->add_slashes($email_body);
439
					$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_submissions (page_id,section_id,submitted_when,submitted_by,body) VALUES ('".PAGE_ID."','$section_id','".mktime()."','$submitted_by','$email_body')");
440
					// Make sure submissions table isn't too full
441
					$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when");
442
					$num_submissions = $query_submissions->numRows();
443
					if($num_submissions > $stored_submissions) {
444
						// Remove excess submission
445
						$num_to_remove = $num_submissions-$stored_submissions;
446
						while($submission = $query_submissions->fetchRow()) {
447
							if($num_to_remove > 0) {
448
								$submission_id = $submission['submission_id'];
449
								$database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'");
450
								$num_to_remove = $num_to_remove-1;
451
							}
452
						}
453
					}
454
					if(!$database->is_error()) {
455
						$success = true;
456
					}
457
				}
458
			}	
459
		}
460
	}
461
	
462
	// Now check if the email was sent successfully
463
	if(isset($success) AND $success == true) {
464
	    if ($success_page=='none') {
465
			echo str_replace("\n","<br />",$success_email_text);
466
  		} else {
467
			$query_menu = $database->query("SELECT link,target FROM ".TABLE_PREFIX."pages WHERE `page_id` = '$success_page'");
468
			if($query_menu->numRows() > 0) {
469
  	         	$fetch_settings = $query_menu->fetchRow();
470
			    $link = WB_URL.PAGES_DIRECTORY.$fetch_settings['link'].PAGE_EXTENSION;
471
			    echo "<script type='text/javascript'>location.href='".$link."';</script>";
472
			}    
473
		}
474
	} else {
475
		echo $TEXT['ERROR'];
476
	}
477
	
478
}
479

    
480
?>
(22-22/23)