Project

General

Profile

1
<?php
2

    
3
// $Id: view.php 762 2008-03-24 15:30:19Z thorn $
4

    
5
/*
6

    
7
 Website Baker Project <http://www.websitebaker.org/>
8
 Copyright (C) 2004-2008, Ryan Djurovich
9

    
10
 Website Baker is free software; you can redistribute it and/or modify
11
 it under the terms of the GNU General Public License as published by
12
 the Free Software Foundation; either version 2 of the License, or
13
 (at your option) any later version.
14

    
15
 Website Baker is distributed in the hope that it will be useful,
16
 but WITHOUT ANY WARRANTY; without even the implied warranty of
17
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18
 GNU General Public License for more details.
19

    
20
 You should have received a copy of the GNU General Public License
21
 along with Website Baker; if not, write to the Free Software
22
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23

    
24
*/
25

    
26
/*
27
The Website Baker Project would like to thank Rudolph Lartey <www.carbonect.com>
28
for his contributions to this module - adding extra field types
29
*/
30

    
31
// Must include code to stop this file being access directly
32
if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
33

    
34
// check if frontend.css file needs to be included into the <body></body> of view.php
35
if((!function_exists('register_frontend_modfiles') || !defined('MOD_FRONTEND_CSS_REGISTERED')) &&  
36
	file_exists(WB_PATH .'/modules/form/frontend.css')) {
37
	echo '<style type="text/css">';
38
	include(WB_PATH .'/modules/form/frontend.css');
39
	echo "\n</style>\n";
40
} 
41

    
42
require_once(WB_PATH.'/include/captcha/captcha.php');
43

    
44
// Function for generating an optionsfor a select field
45
if (!function_exists('make_option')) {
46
function make_option(&$n, $k, $values) {
47
	// start option group if it exists
48
	if (substr($n,0,2) == '[=') {
49
	 	$n = '<optgroup label="'.substr($n,2,strlen($n)).'">';
50
	} elseif ($n == ']') {
51
		$n = '</optgroup>';
52
	} else {
53
		if(in_array($n, $values)) {
54
			$n = '<option selected="selected" value="'.$n.'">'.$n.'</option>';
55
		} else {
56
			$n = '<option value="'.$n.'">'.$n.'</option>';
57
		}
58
	}
59
}
60
}
61
// Function for generating a checkbox
62
if (!function_exists('make_checkbox')) {
63
function make_checkbox(&$n, $idx, $params) {
64
	$field_id = $params[0][0];
65
	$seperator = $params[0][1];
66
	$label_id = 'wb_'.str_replace(" ", "_", $n);
67
	if(in_array($n, $params[1])) {
68
		$n = '<input class="field_checkbox" type="checkbox" id="'.$label_id.'" name="field'.$field_id.'['.$idx.']" value="'.$n.'" checked="checked" />'.'<label for="'.$label_id.'" class="checkbox_label">'.$n.'</lable>'.$seperator;
69
	} else {
70
		$n = '<input class="field_checkbox" type="checkbox" id="'.$label_id.'" name="field'.$field_id.'['.$idx.']" value="'.$n.'" />'.'<label for="'.$label_id.'" class="checkbox_label">'.$n.'</label>'.$seperator;
71
	}	
72
}
73
}
74
// Function for generating a radio button
75
if (!function_exists('make_radio')) {
76
function make_radio(&$n, $idx, $params) {
77
	$field_id = $params[0];
78
	$group = $params[1];
79
	$seperator = $params[2];
80
	$label_id = 'wb_'.str_replace(" ", "_", $n);
81
	if($n == $params[3]) { 
82
		$n = '<input class="field_radio" type="radio" id="'.$label_id.'" name="field'.$field_id.'" value="'.$n.'" checked="checked" />'.'<label for="'.$label_id.'" class="radio_label">'.$n.'</label>'.$seperator;
83
	} else {
84
		$n = '<input class="field_radio" type="radio" id="'.$label_id.'" name="field'.$field_id.'" value="'.$n.'" />'.'<label for="'.$label_id.'" class="radio_label">'.$n.'</label>'.$seperator;
85
	}
86
}
87
}
88
// Generate temp submission id
89
function new_submission_id() {
90
	$submission_id = '';
91
	$salt = "abchefghjkmnpqrstuvwxyz0123456789";
92
	srand((double)microtime()*1000000);
93
	$i = 0;
94
	while ($i <= 7) {
95
		$num = rand() % 33;
96
		$tmp = substr($salt, $num, 1);
97
		$submission_id = $submission_id . $tmp;
98
		$i++;
99
	}
100
	return $submission_id;
101
}
102

    
103
// Work-out if the form has been submitted or not
104
if($_POST == array()) {
105

    
106
// Set new submission ID in session
107
$_SESSION['form_submission_id'] = new_submission_id();
108

    
109
// Get settings
110
$query_settings = $database->query("SELECT header,field_loop,footer,use_captcha FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
111
if($query_settings->numRows() > 0) {
112
	$fetch_settings = $query_settings->fetchRow();
113
	$header = str_replace('{WB_URL}',WB_URL,$fetch_settings['header']);
114
	$field_loop = $fetch_settings['field_loop'];
115
	$footer = str_replace('{WB_URL}',WB_URL,$fetch_settings['footer']);
116
	$use_captcha = $fetch_settings['use_captcha'];
117
} else {
118
	$header = '';
119
	$field_loop = '';
120
	$footer = '';
121
}
122

    
123
?>
124
<form name="form" action="<?php echo htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])); ?>" method="post">
125
<input type="hidden" name="submission_id" value="<?php echo $_SESSION['form_submission_id']; ?>" />
126
<?php
127
if(ENABLED_ASP) { // first add some honeypot-fields
128
?>
129
<input type="hidden" name="submitted_when" value="<?php $t=time(); echo $t; $_SESSION['submitted_when']=$t; ?>" />
130
<p class="nixhier">
131
email address:
132
<label for="email">Leave this field email-address blank:</label>
133
<input id="email" name="email" size="56" value="" /><br />
134
Homepage:
135
<label for="homepage">Leave this field homepage blank:</label>
136
<input id="homepage" name="homepage" size="55" value="" /><br />
137
URL:
138
<label for="url">Leave this field url blank:</label>
139
<input id="url" name="url" size="61" value="" /><br />
140
Comment:
141
<label for="comment">Leave this field comment blank:</label>
142
<textarea id="comment" name="comment" cols="50" rows="10"></textarea><br />
143
</p>
144

    
145
<?php }
146

    
147
// Print header
148
echo $header;
149

    
150
// Get list of fields
151
$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
152

    
153
if($query_fields->numRows() > 0) {
154
	while($field = $query_fields->fetchRow()) {
155
		// Set field values
156
		$field_id = $field['field_id'];
157
		$value = $field['value'];
158
		// Print field_loop after replacing vars with values
159
		$vars = array('{TITLE}', '{REQUIRED}');
160
		if (($field['type'] == "radio") || ($field['type'] == "checkbox")) {
161
			$field_title = $field['title'];
162
		} else {
163
			$field_title = '<label for="field'.$field_id.'">'.$field['title'].'</label>';
164
		}
165
		$values = array($field_title);
166
		if ($field['required'] == 1) {
167
			$values[] = '<span class="required">*</span>';
168
		} else {
169
			$values[] = '';
170
		}
171
		if($field['type'] == 'textfield') {
172
			$vars[] = '{FIELD}';
173
			$values[] = '<input type="text" name="field'.$field_id.'" id="field'.$field_id.'" maxlength="'.$field['extra'].'" value="'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:$value).'" class="textfield" />';
174
		} elseif($field['type'] == 'textarea') {
175
			$vars[] = '{FIELD}';
176
			$values[] = '<textarea name="field'.$field_id.'" id="field'.$field_id.'" class="textarea" cols="25" rows="5">'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:$value).'</textarea>';
177
		} elseif($field['type'] == 'select') {
178
			$vars[] = '{FIELD}';
179
			$options = explode(',', $value);
180
			array_walk($options, 'make_option', (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array()));
181
			$field['extra'] = explode(',',$field['extra']);
182
			$values[] = '<select name="field'.$field_id.'[]" id="field'.$field_id.'" size="'.$field['extra'][0].'" '.$field['extra'][1].'="'.$field['extra'][1].'" class="select">'.implode($options).'</select>';
183
		} elseif($field['type'] == 'heading') {
184
			$vars[] = '{FIELD}';
185
			$values[] = '<input type="hidden" name="field'.$field_id.'" id="field'.$field_id.'" value="===['.$field['title'].']===" />';
186
			$tmp_field_loop = $field_loop;		// temporarily modify the field loop template
187
			$field_loop = $field['extra'];
188
		} elseif($field['type'] == 'checkbox') {
189
			$vars[] = '{FIELD}';
190
			$options = explode(',', $value);
191
			array_walk($options, 'make_checkbox', array(array($field_id,$field['extra']),(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:array())));
192
			$options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra']));
193
			$values[] = implode($options);
194
		} elseif($field['type'] == 'radio') {
195
			$vars[] = '{FIELD}';
196
			$options = explode(',', $value);
197
			array_walk($options, 'make_radio', array($field_id,$field['title'],$field['extra'], (isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:'')));
198
			$options[count($options)-1]=substr($options[count($options)-1],0,strlen($options[count($options)-1])-strlen($field['extra']));
199
			$values[] = implode($options);
200
		} elseif($field['type'] == 'email') {
201
			$vars[] = '{FIELD}';
202
			$values[] = '<input type="text" name="field'.$field_id.'" id="field'.$field_id.'" value="'.(isset($_SESSION['field'.$field_id])?$_SESSION['field'.$field_id]:'').'" maxlength="'.$field['extra'].'" class="email" />';
203
		}
204
		if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]);
205
		if($field['type'] != '') {
206
			echo str_replace($vars, $values, $field_loop);
207
		}
208
		if (isset($tmp_field_loop)) $field_loop = $tmp_field_loop;
209
	}
210
}
211

    
212
// Captcha
213
if($use_captcha) { ?>
214
	<tr>
215
	<td class="field_title"><?php echo $TEXT['VERIFICATION']; ?>:</td>
216
	<td><?php call_captcha(); ?></td>
217
	</tr>
218
	<?php
219
}
220

    
221
// Print footer
222
echo $footer;
223

    
224
// Add form end code
225
?>
226
</form>
227
<?php
228

    
229
} else {
230
	
231
	// Check that submission ID matches
232
	if(isset($_SESSION['form_submission_id']) AND isset($_POST['submission_id']) AND $_SESSION['form_submission_id'] == $_POST['submission_id']) {
233
		
234
		// Set new submission ID in session
235
		$_SESSION['form_submission_id'] = new_submission_id();
236
		
237
		if(ENABLED_ASP && ( // form faked? Check the honeypot-fields.
238
			(!isset($_POST['submitted_when']) OR !isset($_SESSION['submitted_when'])) OR 
239
			($_POST['submitted_when'] != $_SESSION['submitted_when']) OR
240
			(!isset($_POST['email']) OR $_POST['email']) OR
241
			(!isset($_POST['homepage']) OR $_POST['homepage']) OR
242
			(!isset($_POST['comment']) OR $_POST['comment']) OR
243
			(!isset($_POST['url']) OR $_POST['url'])
244
		)) {
245
			exit(header("Location: ".WB_URL.PAGES_DIRECTORY.""));
246
		}
247

    
248
		// Submit form data
249
		// First start message settings
250
		$query_settings = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_settings WHERE section_id = '$section_id'");
251
		if($query_settings->numRows() > 0) {
252
			$fetch_settings = $query_settings->fetchRow();
253
			$email_to = $fetch_settings['email_to'];
254
			$email_from = $fetch_settings['email_from'];
255
			if(substr($email_from, 0, 5) == 'field') {
256
				// Set the email from field to what the user entered in the specified field
257
				$email_from = htmlspecialchars($wb->add_slashes($_POST[$email_from]));
258
			}
259
			$email_fromname = $fetch_settings['email_fromname'];
260
			$email_subject = $fetch_settings['email_subject'];
261
			$success_page = $fetch_settings['success_page'];
262
			$success_email_to = $fetch_settings['success_email_to'];
263
			if(substr($success_email_to, 0, 5) == 'field') {
264
				// Set the success_email to field to what the user entered in the specified field
265
				$success_email_to = htmlspecialchars($wb->add_slashes($_POST[$success_email_to]));
266
			}
267
			$success_email_from = $fetch_settings['success_email_from'];
268
			$success_email_fromname = $fetch_settings['success_email_fromname'];
269
			$success_email_text = $fetch_settings['success_email_text'];
270
			$success_email_subject = $fetch_settings['success_email_subject'];		
271
			$max_submissions = $fetch_settings['max_submissions'];
272
			$stored_submissions = $fetch_settings['stored_submissions'];
273
			$use_captcha = $fetch_settings['use_captcha'];
274
		} else {
275
			exit($TEXT['UNDER_CONSTRUCTION']);
276
		}
277
		$email_body = '';
278
		
279
		// Create blank "required" array
280
		$required = array();
281
		
282
		// Captcha
283
		if($use_captcha) {
284
			if(isset($_POST['captcha']) AND $_POST['captcha'] != ''){
285
				// Check for a mismatch
286
				if(!isset($_POST['captcha']) OR !isset($_SESSION['captcha']) OR $_POST['captcha'] != $_SESSION['captcha']) {
287
					$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
288
				}
289
			} else {
290
				$captcha_error = $MESSAGE['MOD_FORM']['INCORRECT_CAPTCHA'];
291
			}
292
		}
293
		if(isset($_SESSION['captcha'])) { unset($_SESSION['captcha']); }
294

    
295
		// Loop through fields and add to message body
296
		// Get list of fields
297
		$query_fields = $database->query("SELECT * FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' ORDER BY position ASC");
298
		if($query_fields->numRows() > 0) {
299
			while($field = $query_fields->fetchRow()) {
300
				// Add to message body
301
				if($field['type'] != '') {
302
					if(!empty($_POST['field'.$field['field_id']])) {
303
						if (is_array($_POST['field'.$field['field_id']])) {
304
							$_SESSION['field'.$field['field_id']] = $_POST['field'.$field['field_id']];
305
						} else {
306
							$_SESSION['field'.$field['field_id']] = htmlspecialchars($_POST['field'.$field['field_id']]);
307
						}
308
						if($field['type'] == 'email' AND $admin->validate_email($_POST['field'.$field['field_id']]) == false) {
309
							$email_error = $MESSAGE['USERS']['INVALID_EMAIL'];
310
						}
311
						if($field['type'] == 'heading') {
312
							$email_body .= $_POST['field'.$field['field_id']]."\n\n";
313
						} elseif (!is_array($_POST['field'.$field['field_id']])) {
314
							$email_body .= $field['title'].': '.$_POST['field'.$field['field_id']]."\n\n";
315
						} else {
316
							$email_body .= $field['title'].": \n";
317
							foreach ($_POST['field'.$field['field_id']] as $k=>$v) {
318
								$email_body .= $v."\n";
319
							}
320
							$email_body .= "\n";
321
						}
322
					} elseif($field['required'] == 1) {
323
						$required[] = $field['title'];
324
					}
325
				}
326
			}
327
		}
328
	
329
		// Check if the user forgot to enter values into all the required fields
330
		if($required != array()) {
331
			if(!isset($MESSAGE['MOD_FORM']['REQUIRED_FIELDS'])) {
332
				echo 'You must enter details for the following fields';
333
			} else {
334
				echo $MESSAGE['MOD_FORM']['REQUIRED_FIELDS'];
335
			}
336
			echo ':<br /><ul>';
337
			foreach($required AS $field_title) {
338
				echo '<li>'.$field_title;
339
			}
340
			if(isset($email_error)) {
341
				echo '<li>'.$email_error.'</li>';
342
			}
343
			if(isset($captcha_error)) {
344
				echo '<li>'.$captcha_error.'</li>';
345
			}
346
			echo '</ul><a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.$TEXT['BACK'].'</a>';
347
		} else {
348
			if(isset($email_error)) {
349
				echo '<br /><ul>';
350
				echo '<li>'.$email_error.'</li>';
351
				echo '</ul><a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.$TEXT['BACK'].'</a>';
352
			} elseif(isset($captcha_error)) {
353
				echo '<br /><ul>';
354
				echo '<li>'.$captcha_error.'</li>';
355
				echo '</ul><a href="'.htmlspecialchars(strip_tags($_SERVER['PHP_SELF'])).'">'.$TEXT['BACK'].'</a>';
356
			} else {
357
				// Check how many times form has been submitted in last hour
358
				$last_hour = time()-3600;
359
				$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions WHERE submitted_when >= '$last_hour'");
360
				if($query_submissions->numRows() > $max_submissions) {
361
					// Too many submissions so far this hour
362
					echo $MESSAGE['MOD_FORM']['EXCESS_SUBMISSIONS'];
363
					$success = false;
364
				} else {
365
					// Now send the email
366
					if($email_to != '') {
367
						if($email_from != '') {
368
							if($wb->mail($email_from,$email_to,$email_subject,$email_body,$email_fromname)) {
369
								$success = true;
370
							}
371
						} else {
372
							if($wb->mail('',$email_to,$email_subject,$email_body,$email_fromname)) { 
373
								$success = true; 
374
							}
375
						}
376
					}				
377
					if($success_email_to != '') {
378
						if($success_email_from != '') {
379
							if($wb->mail($success_email_from,$success_email_to,$success_email_subject,$success_email_text,$success_email_fromname)) {
380
								$success = true;
381
							}
382
						} else {
383
							if($wb->mail('',$success_email_to,$success_email_subject,$success_email_text,$success_email_fromname)) {
384
								$success = true;
385
							}
386
						}
387
					}				
388
			
389
					// Write submission to database
390
					if(isset($admin) AND $admin->is_authenticated() AND $admin->get_user_id() > 0) {
391
						$submitted_by = $admin->get_user_id();
392
					} else {
393
						$submitted_by = 0;
394
					}
395
					$email_body = $wb->add_slashes($email_body);
396
					$database->query("INSERT INTO ".TABLE_PREFIX."mod_form_submissions (page_id,section_id,submitted_when,submitted_by,body) VALUES ('".PAGE_ID."','$section_id','".mktime()."','$submitted_by','$email_body')");
397
					// Make sure submissions table isn't too full
398
					$query_submissions = $database->query("SELECT submission_id FROM ".TABLE_PREFIX."mod_form_submissions ORDER BY submitted_when");
399
					$num_submissions = $query_submissions->numRows();
400
					if($num_submissions > $stored_submissions) {
401
						// Remove excess submission
402
						$num_to_remove = $num_submissions-$stored_submissions;
403
						while($submission = $query_submissions->fetchRow()) {
404
							if($num_to_remove > 0) {
405
								$submission_id = $submission['submission_id'];
406
								$database->query("DELETE FROM ".TABLE_PREFIX."mod_form_submissions WHERE submission_id = '$submission_id'");
407
								$num_to_remove = $num_to_remove-1;
408
							}
409
						}
410
					}
411
					if(!$database->is_error()) {
412
						$success = true;
413
					}
414
				}
415
			}	
416
		}
417
	}
418
	
419
	// Now check if the email was sent successfully
420
	if(isset($success) AND $success == true) {
421
	   if ($success_page=='none') {
422
			echo str_replace("\n","<br />",$success_email_text);
423
  		} else {
424
			$query_menu = $database->query("SELECT link,target FROM ".TABLE_PREFIX."pages WHERE `page_id` = '$success_page'");
425
			if($query_menu->numRows() > 0) {
426
  	        	$fetch_settings = $query_menu->fetchRow();
427
			   $link = WB_URL.PAGES_DIRECTORY.$fetch_settings['link'].PAGE_EXTENSION;
428
			   echo "<script type='text/javascript'>location.href='".$link."';</script>";
429
			}    
430
		}
431
		// clearing session on success
432
		$query_fields = $database->query("SELECT field_id FROM ".TABLE_PREFIX."mod_form_fields WHERE section_id = '$section_id' AND required = 1");
433
		while($field = $query_fields->fetchRow()) {
434
			$field_id = $field[0];
435
			if(isset($_SESSION['field'.$field_id])) unset($_SESSION['field'.$field_id]);
436
		}
437
	} else {
438
		if(isset($success) AND $success == false) {
439
			echo $TEXT['ERROR'];
440
		}
441
	}	
442
}
443

    
444
?>
(22-22/23)