Project

General

Profile

1
<?php
2

    
3
// $Id: view.php 596 2008-01-25 21:29:33Z thorn $
4

    
5
/*
6

    
7
 Website Baker Project <http://www.websitebaker.org/>
8
 Copyright (C) 2004-2008, Ryan Djurovich
9

    
10
 Website Baker is free software; you can redistribute it and/or modify
11
 it under the terms of the GNU General Public License as published by
12
 the Free Software Foundation; either version 2 of the License, or
13
 (at your option) any later version.
14

    
15
 Website Baker is distributed in the hope that it will be useful,
16
 but WITHOUT ANY WARRANTY; without even the implied warranty of
17
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
 GNU General Public License for more details.
19

    
20
 You should have received a copy of the GNU General Public License
21
 along with Website Baker; if not, write to the Free Software
22
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23

    
24
*/
25

    
26
/*
27
The Website Baker Project would like to thank Rudolph Lartey <www.carbonect.com>
28
for his contributions to this module - adding extra field types
29
*/
30

    
31
// Must include code to stop this file being access directly
32
if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
33

    
34
// check if frontend.css file needs to be included into the <body></body> of view.php
35
if((!function_exists('register_frontend_modfiles') || !defined('MOD_FRONTEND_CSS_REGISTERED')) &&  
36
	file_exists(WB_PATH .'/modules/form/frontend.css')) {
37
	echo '<style type="text/css">';
38
	include(WB_PATH .'/modules/form/frontend.css');
39
	echo "\n</style>\n";
40
} 
41

    
42
require_once(WB_PATH.'/include/captcha/captcha.php');
43
require_once(WB_PATH.'/include/captcha/asp.php');
44

    
45
// Function for generating an optionsfor a select field
46
if (!function_exists('make_option')) {
47
function make_option(&$n) {
48
	// start option group if it exists
49
	if (substr($n,0,2) == '[=') {
50
	 	$n = '<optgroup label="'.substr($n,2,strlen($n)).'">';
51
	} elseif ($n == ']') {
52
		$n = '</optgroup>';
53
	} else {
54
		$n = '<option value="'.$n.'">'.$n.'</option>';
55
	}
56
}
57
}
58
// Function for generating a checkbox
59
if (!function_exists('make_checkbox')) {
60
function make_checkbox(&$n, $idx, $params) {
61
	$field_id = $params[0];
62
	$seperator = $params[1];
63
	//$n = '<input class="field_checkbox" type="checkbox" id="'.$n.'" name="field'.$field_id.'" value="'.$n.'">'.'<font class="checkbox_label" onclick="javascript: document.getElementById(\''.$n.'\').checked = !document.getElementById(\''.$n.'\').checked;">'.$n.'</font>'.$seperator;
64
	$n = '<input class="field_checkbox" type="checkbox" id="'.$n.'" name="field'.$field_id.'['.$idx.']" value="'.$n.'">'.'<font class="checkbox_label" onclick="javascript: document.getElementById(\''.$n.'\').checked = !document.getElementById(\''.$n.'\').checked;">'.$n.'</font>'.$seperator;
65
}
66
}
67
// Function for generating a radio button
68
if (!function_exists('make_radio')) {
69
function make_radio(&$n, $idx, $params) {
70
	$field_id = $params[0];
71
	$group = $params[1];
72
	$seperator = $params[2];
73
	$n = '<input class="field_radio" type="radio" id="'.$n.'" name="field'.$field_id.'" value="'.$n.'">'.'<font class="radio_label" onclick="javascript: document.getElementById(\''.$n.'\').checked = true;">'.$n.'</font>'.$seperator;
74
}
75
}
76
// Generate temp submission id
77
function new_submission_id() {
78
	$submission_id = '';
79
	$salt = "abchefghjkmnpqrstuvwxyz0123456789";
80
	srand((double)microtime()*1000000);
81
	$i = 0;
82
	while ($i <= 7) {
83
		$num = rand() % 33;
84
		$tmp = substr($salt, $num, 1);
85
		$submission_id = $submission_id . $tmp;
86
		$i++;
87
	}
88
	return $submission_id;
89
}
90

    
91
// Work-out if the form has been submitted or not
92
if($_POST == array()) {
93

    
94
// Set new submission ID in session
95
$_SESSION['form_submission_id'] = new_submission_id();
96

    
97
// Get settings
98
$query_settings = $database->query("SELECT header,field_loop,footer,use_captcha FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
99
if($query_settings->numRows() > 0) {
100
	$fetch_settings = $query_settings->fetchRow();
101
	$header = str_replace('{WB_URL}',WB_URL,$fetch_settings['header']);
102
	$field_loop = $fetch_settings['field_loop'];
103
	$footer = str_replace('{WB_URL}',WB_URL,$fetch_settings['footer']);
104
	$use_captcha = $fetch_settings['use_captcha'];
105
} else {
106
	$header = '';
107
	$field_loop = '';
108
	$footer = '';
109
}
110

    
111
$java_fields = '';
112
$java_titles = '';
113
$java_tween = ''; // I know kinda stupid, anyone better idea?
114
$java_mailcheck = '';
115

    
116
// Add form starter code
117
?>
118
<form name="form" onsubmit="return formCheck(this);" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
119
<input type="hidden" name="submission_id" value="<?php echo $_SESSION['form_submission_id']; ?>" />
120
<?php
121

    
122
// Print header
123
echo $header;
124

    
125
if(ENABLED_ASP) { // first add some honeypot-fields
126
?>
127
<input type="hidden" name="submitted_when" value="<?php $t=time(); echo $t; $_SESSION['submitted_when']=$t; ?>" />
128
<p class="nixhier">
129
email address:
130
<label for="email">Your e-mail address is not relevant Leave this field blank:</label>
131
<input id="email" name="email" size="56" value="" /><br />
132
Homepage:
133
<label for="homepage">Do not enter a homepage-url www.whatever.com here:</label>
134
<input id="homepage" name="homepage" size="55" value="" /><br />
135
URL:
136
<label for="url">Don't write anything in this field:</label>
137
<input id="url" name="url" size="61" value="" /><br />
138
Comment:
139
<label for="comment">Enter not your comment here:</label>
140
<textarea name="comment" cols="50" rows="10"></textarea><br />
141
</p>
142
<?php }
143

    
144
// Get list of fields
145
$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
146
if($query_fields->numRows() > 0) {
147
	while($field = $query_fields->fetchRow()) {
148
		// Set field values
149
		$field_id = $field['field_id'];
150
		$value = $field['value'];
151
		// Print field_loop after replacing vars with values
152
		$vars = array('{TITLE}', '{REQUIRED}');
153
		$values = array($field['title']);
154
		if($field['required'] == 1) {
155
			$values[] = '<font class="required">*</font>';
156
			$java_fields .= $java_tween.'"field'.$field_id.'"';
157
			$java_titles .= $java_tween.'"'.$field['title'].'"';
158
			$java_tween = ', ';
159
		} else {
160
			$values[] = '';
161
		}
162
		if($field['type'] == 'textfield') {
163
			$vars[] = '{FIELD}';
164
			$values[] = '<input type="text" name="field'.$field_id.'" id="field'.$field_id.'" maxlength="'.$field['extra'].'" value="'.$value.'" class="textfield" />';
165
		} elseif($field['type'] == 'textarea') {
166
			$vars[] = '{FIELD}';
167
			$values[] = '<textarea name="field'.$field_id.'" id="field'.$field_id.'" class="textarea">'.$value.'</textarea>';
168
		} elseif($field['type'] == 'select') {
169
			$vars[] = '{FIELD}';
170
			$options = explode(',', $value);
171
			array_walk($options, 'make_option');
172
			$field['extra'] = explode(',',$field['extra']); 
173
			$values[] = '<select name="field'.$field_id.'[]" id="field'.$field_id.'" size="'.$field['extra'][0].'" '.$field['extra'][1].' class="select">'.implode($options).'</select>';
174
		} elseif($field['type'] == 'heading') {
175
			$vars[] = '{FIELD}';
176
			$values[] = '<input type="hidden" name="field'.$field_id.'" id="field'.$field_id.'" value="===['.$field['title'].']===" />';
177
			$tmp_field_loop = $field_loop;		// temporarily modify the field loop template
178
			$field_loop = $field['extra'];
179
		} elseif($field['type'] == 'checkbox') {
180
			$vars[] = '{FIELD}';
181
			$options = explode(',', $value);
182
			array_walk($options, 'make_checkbox',array($field_id,$field['extra']));
183
			$options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra']));
184
			$values[] = implode($options);
185
		} elseif($field['type'] == 'radio') {
186
			$vars[] = '{FIELD}';
187
			$options = explode(',', $value);
188
			array_walk($options, 'make_radio',array($field_id,$field['title'],$field['extra']));
189
			$options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra']));
190
			$values[] = implode($options);
191
		} elseif($field['type'] == 'email') {
192
			$vars[] = '{FIELD}';
193
			$values[] = '<input type="text" name="field'.$field_id.'" onChange="return checkmail(this.form.field'.$field_id.')"  id="field'.$field_id.'" maxlength="'.$field['extra'].'" class="email" />';
194
			$java_mailcheck .= 'onChange="return checkmail(this.form'.$field_id.'" ';
195
		}
196
		if($field['type'] != '') {
197
			echo str_replace($vars, $values, $field_loop);
198
		}
199
		if (isset($tmp_field_loop)) $field_loop = $tmp_field_loop;
200
	}
201
}
202

    
203
// Captcha
204
if($use_captcha) { ?>
205
	<tr>
206
	<td class="field_title"><?php echo $TEXT['VERIFICATION']; ?>:</td>
207
	<td><?php call_captcha(); ?></td>
208
	</tr>
209
	<?php
210
}
211
echo '
212
<script language="JavaScript">
213
<!--
214

    
215
/***********************************************
216
* Required field(s) validation v1.10- By NavSurf
217
* Visit Nav Surf at http://navsurf.com
218
* Visit http://www.dynamicdrive.com/ for full source code
219
***********************************************/
220

    
221
function formCheck(formobj){
222
	// Enter name of mandatory fields
223
	var fieldRequired = Array('.$java_fields.');
224
	// Enter field description to appear in the dialog box
225
	var fieldDescription = Array('.$java_titles.');
226
	// dialog message
227
	var alertMsg = "'.$MESSAGE['MOD_FORM']['REQUIRED_FIELDS'].':\n";
228
	
229
	var l_Msg = alertMsg.length;
230
	
231
	for (var i = 0; i < fieldRequired.length; i++){
232
		var obj = formobj.elements[fieldRequired[i]];
233
		if (obj){
234
			switch(obj.type){
235
			case "select-one":
236
				if (obj.selectedIndex == -1 || obj.options[obj.selectedIndex].text == ""){
237
					alertMsg += " - " + fieldDescription[i] + "\n";
238
				}
239
				break;
240
			case "select-multiple":
241
				if (obj.selectedIndex == -1){
242
					alertMsg += " - " + fieldDescription[i] + "\n";
243
				}
244
				break;
245
			case "text":
246
			case "textarea":
247
				if (obj.value == "" || obj.value == null){
248
					alertMsg += " - " + fieldDescription[i] + "\n";
249
				}
250
				break;
251
			default:
252
			}
253
			if (obj.type == undefined){
254
				var blnchecked = false;
255
				for (var j = 0; j < obj.length; j++){
256
					if (obj[j].checked){
257
						blnchecked = true;
258
					}
259
				}
260
				if (!blnchecked){
261
					alertMsg += " - " + fieldDescription[i] + "\n";
262
				}
263
			}
264
		}
265
	}
266

    
267
	if (alertMsg.length == l_Msg){
268
		return true;
269
	}else{
270
		alert(alertMsg);
271
		return false;
272
	}
273
}
274
/***********************************************
275
* Email Validation script- ? Dynamic Drive (www.dynamicdrive.com)
276
* This notice must stay intact for legal use.
277
* Visit http://www.dynamicdrive.com/ for full source code
278
***********************************************/
279

    
280
var emailfilter=/^\w+[\+\.\w-]*@([\w-]+\.)*\w+[\w-]*\.([a-z]{2,4}|\d+)$/i
281

    
282
function checkmail(e){
283
var returnval=emailfilter.test(e.value);
284
if (returnval==false){
285
alert("Please enter a valid email address.");
286
e.select();
287
}
288
return returnval;
289
}
290
-->
291

    
292
</script>';
293

    
294

    
295
// Print footer
296
echo $footer;
297

    
298
// Add form end code
299
?>
300
</form>
301
<?php
302

    
303
} else {
304
	
305
	// Check that submission ID matches
306
	if(isset($_SESSION['form_submission_id']) AND isset($_POST['submission_id']) AND $_SESSION['form_submission_id'] == $_POST['submission_id']) {
307
		
308
		// Set new submission ID in session
309
		$_SESSION['form_submission_id'] = new_submission_id();
310
		
311
		if(ENABLED_ASP && ( // form faked? Check the honeypot-fields.
312
			(!isset($_POST['submitted_when']) OR !isset($_SESSION['submitted_when'])) OR 
313
			($_POST['submitted_when'] != $_SESSION['submitted_when']) OR
314
			(!isset($_POST['email']) OR $_POST['email']) OR
315
			(!isset($_POST['homepage']) OR $_POST['homepage']) OR
316
			(!isset($_POST['comment']) OR $_POST['comment']) OR
317
			(!isset($_POST['url']) OR $_POST['url'])
318
		)) {
319
			exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
320
		}
321

    
322
		// Submit form data
323
		// First start message settings
324
		$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
325
		if($query_settings->numRows() > 0) {
326
			$fetch_settings = $query_settings->fetchRow();
327
			$email_to = $fetch_settings['email_to'];
328
			$email_from = $fetch_settings['email_from'];
329
			if(substr($email_from, 0, 5) == 'field') {
330
				// Set the email from field to what the user entered in the specified field
331
				$email_from = $wb->add_slashes($_POST[$email_from]);
332
			}
333
			$email_subject = $fetch_settings['email_subject'];
334
			$success_page = $fetch_settings['success_page'];
335
			$success_email_to = $fetch_settings['success_email_to'];
336
			if(substr($success_email_to, 0, 5) == 'field') {
337
				// Set the success_email to field to what the user entered in the specified field
338
				$success_email_to = $wb->add_slashes($_POST[$success_email_to]);
339
			}
340
			$success_email_from = $fetch_settings['success_email_from'];
341
			$success_email_text = $fetch_settings['success_email_text'];
342
			$success_email_subject = $fetch_settings['success_email_subject'];		
343
			$max_submissions = $fetch_settings['max_submissions'];
344
			$stored_submissions = $fetch_settings['stored_submissions'];
345
			$use_captcha = $fetch_settings['use_captcha'];
346
		} else {
347
			exit($TEXT['UNDER_CONSTRUCTION']);
348
		}
349
		$email_body = '';
350
		
351
		// Create blank "required" array
352
		$required = array();
353
		
354
		// Loop through fields and add to message body
355
		// Get list of fields
356
		$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
357
		if($query_fields->numRows() > 0) {
358
			while($field = $query_fields->fetchRow()) {
359
				// Add to message body
360
				if($field['type'] != '') {
361
					if(!empty($_POST['field'.$field['field_id']])) {
362
						if($field['type'] == 'email' AND $admin->validate_email($_POST['field'.$field['field_id']]) == false) {
363
							$email_error = $MESSAGE['USERS']['INVALID_EMAIL'];
364
						}
365
						if($field['type'] == 'heading') {
366
							$email_body .= $_POST['field'.$field['field_id']]."\n\n";
367
						} elseif (!is_array($_POST['field'.$field['field_id']])) {
368
							$email_body .= $field['title'].': '.$_POST['field'.$field['field_id']]."\n\n";
369
						} else {
370
							$email_body .= $field['title'].": \n";
371
							foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
372
								$email_body .= $v."\n";
373
							}
374
							$email_body .= "\n";
375
						}
376
					} elseif($field['required'] == 1) {
377
						$required[] = $field['title'];
378
					}
379
				}
380
			}
381
		}
382
		
383
		// Captcha
384
		if($use_captcha) {
385
			if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
386
				// Check for a mismatch
387
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
388
					$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
389
				}
390
			} else {
391
				$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
392
			}
393
		}
394
		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
395
		
396
		// Addslashes to email body - proposed by Icheb in topic=1170.0
397
		// $email_body = $wb->add_slashes($email_body);
398
		
399
		// Check if the user forgot to enter values into all the required fields
400
		if($required != array()) {
401
			if(!isset($MESSAGE['MOD_FORM']['REQUIRED_FIELDS'])) {
402
				echo 'You must enter details for the following fields';
403
			} else {
404
				echo $MESSAGE['MOD_FORM']['REQUIRED_FIELDS'];
405
			}
406
			echo ':<br /><ul>';
407
			foreach($required AS $field_title) {
408
				echo '<li>'.$field_title;
409
			}
410
			if(isset($email_error)) { echo '<li>'.$email_error.'</li>'; }
411
			if(isset($captcha_error)) { echo '<li>'.$captcha_error.'</li>'; }
412
			echo '</ul><a href="javascript: history.go(-1);">'.$TEXT['BACK'].'</a>';
413
			
414
		} else {
415
			
416
			if(isset($email_error)) {
417
				echo '<br /><ul>';
418
				echo '<li>'.$email_error.'</li>';
419
				echo '</ul><a href="javascript: history.go(-1);">'.$TEXT['BACK'].'</a>';
420
			} elseif(isset($captcha_error)) {
421
				echo '<br /><ul>';
422
				echo '<li>'.$captcha_error.'</li>';
423
				echo '</ul><a href="javascript: history.go(-1);">'.$TEXT['BACK'].'</a>';
424
			} else {
425
				
426
				// Check how many times form has been submitted in last hour
427
				$last_hour = time()-3600;
428
				$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions WHERE submitted_when >= '$last_hour'");
429
				if($query_submissions->numRows() > $max_submissions) {
430
					// Too many submissions so far this hour
431
					echo $MESSAGE['MOD_FORM']['EXCESS_SUBMISSIONS'];
432
					$success = false;
433
				} else {
434
					// Now send the email
435
					if($email_to != '') {
436
						if($email_from != '') {
437
							if($wb->mail($email_from,$email_to,$email_subject,$email_body)) {
438
								$success = true;
439
							}
440
						} else {
441
							if($wb->mail('',$email_to,$email_subject,$email_body)) { 
442
								$success = true; 
443
							}
444
						}
445
					}				
446
					if($success_email_to != '') {
447
						if($success_email_from != '') {
448
							if($wb->mail($success_email_from,$success_email_to,$success_email_subject,$success_email_text)) {
449
								$success = true;
450
							}
451
						} else {
452
							if($wb->mail('',$success_email_to,$success_email_subject,$success_email_text)) {
453
								$success = true;
454
							}
455
						}
456
					}				
457
			
458
					// Write submission to database
459
					if(isset($admin) AND $admin->is_authenticated() AND $admin->get_user_id() > 0) {
460
						$submitted_by = $admin->get_user_id();
461
					} else {
462
						$submitted_by = 0;
463
					}
464
					$email_body = $wb->add_slashes($email_body);
465
					$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_submissions (page_id,section_id,submitted_when,submitted_by,body) VALUES ('".PAGE_ID."','$section_id','".mktime()."','$submitted_by','$email_body')");
466
					// Make sure submissions table isn't too full
467
					$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when");
468
					$num_submissions = $query_submissions->numRows();
469
					if($num_submissions > $stored_submissions) {
470
						// Remove excess submission
471
						$num_to_remove = $num_submissions-$stored_submissions;
472
						while($submission = $query_submissions->fetchRow()) {
473
							if($num_to_remove > 0) {
474
								$submission_id = $submission['submission_id'];
475
								$database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'");
476
								$num_to_remove = $num_to_remove-1;
477
							}
478
						}
479
					}
480
					if(!$database->is_error()) {
481
						$success = true;
482
					}
483
				}
484
			}	
485
		}
486
	}
487
	
488
	// Now check if the email was sent successfully
489
	if(isset($success) AND $success == true) {
490
	    if ($success_page=='none') {
491
			echo str_replace("\n","<br />",$success_email_text);
492
  		} else {
493
			$query_menu = $database->query("SELECT link,target FROM ".TABLE_PREFIX."pages WHERE `page_id` = '$success_page'");
494
			if($query_menu->numRows() > 0) {
495
  	         	$fetch_settings = $query_menu->fetchRow();
496
			    $link = WB_URL.PAGES_DIRECTORY.$fetch_settings['link'].PAGE_EXTENSION;
497
			    echo "<script type='text/javascript'>location.href='".$link."';</script>";
498
			}    
499
		}
500
	} else {
501
		echo $TEXT['ERROR'];
502
	}
503
	
504
}
505

    
506
?>
(22-22/23)