eform.inc.php | searchcode

/assets/snippets/eform/eform.inc.php

https://github.com/garryn/evolution
PHP | 1119 lines | 819 code | 131 blank | 169 comment | 234 complexity | aa3b2a3dc903dd0337ae502785460b9e MD5 | raw file

<?php
# eForm 1.4.4.6 - Electronic Form Snippet
# Original created by: Raymond Irving 15-Dec-2004.
# Extended by: Jelle Jager (TobyL) September 2006
# -----------------------------------------------------
#
#
# Captcha image support - thanks to Djamoer
# Multi checkbox, radio, select support - thanks to Djamoer
# Form Parser and extended validation - by Jelle Jager
#
# see docs/eform.htm for installation and usage information
#
# VERSION HISTORY
# Work around for setting required class on check & radio labels
# fixed bug: If eform attibute is set on multiple check boxes only the last
#            value is set in values list
# For a full version history see the eform_history.htm file in the docs directory
#
# Some more fixes and problems:
# FIXED: reg expression failed for select and textarea boxes which have regex special
# characters in their name attribute. eg name="multipleSelection[]"
# FIXED: validation of multiple values with #LIST & #SELECT stopped after 1st value
# Caused by repeating $v variable naming (overwriting $v array)
# e.g.
# <select name="multipleSelection[]" multiple="multiple" eform="::1::"/>
#   <option value="1">1</option>
#   <option value="2">2</option>
#   <option value="3">3</option>
# </select>
# would only have the first selected value validated!
#
# bugfix: &jScript parameter doesn't accept chunks, only a link to a JS file if more than one chunk is declared (eg &jScript=`chunk1,chunk2)
# bugfix: &protectSubmit creates hash for all fields instead of fields declared in &protectSubmit
# bugfix: Auto respond email didn't honour the &sendAsText parameter
# bugfix: The #FUNCTION validation rule for select boxes never calls the function
# bugfix: Validation css class isn't being added to labels.
##

$GLOBALS['optionsName'] = "eform"; //name of pseudo attribute used for format settings
$GLOBALS['efPostBack'] = false;

function eForm($modx,$params) {
global $_lang;
global $debugText;
global $formats,$fields,$efPostBack;

$fields = array(); //reset fields array - needed in case of multiple forms

// define some variables used as array index
$_dfnMaxlength = 6;

	extract($params,EXTR_SKIP); // extract params into variables

	$fileVersion = '1.4.4';
	$version = isset($version)?$version:'prior to 1.4.2';

	#include default language file
	include_once($snipPath."lang/english.inc.php");

	#include other language file if set.
	$form_language = isset($language)?$language:$modx->config['manager_language'];
	if($form_language!="english" && $form_language!='') {
		if(file_exists($snipPath ."lang/".$form_language.".inc.php"))
			include_once $snipPath ."lang/".$form_language.".inc.php";
		else
			if( $isDebug ) $debugText .= "<strong>Language file '$form_language.inc.php' not found!</strong><br />"; //always in english!
	}

	# add debug warning - moved again...
	if( $isDebug ) $debugText .= $_lang['ef_debug_warning'];

	//check version differences
	if( $version != $fileVersion )
		return $_lang['ef_version_error'];

	# check for valid form key - moved to below fetching form template to allow id coming from form template

	$nomail = $noemail; //adjust variable name confusion
	# activate nomail if missing $to
	if (!$to) $nomail = 1;


	# load templates
	if($tpl==$modx->documentIdentifier) return $_lang['ef_is_own_id']."'$tpl'";

	//required
	if( $tmp=efLoadTemplate($tpl) ) $tpl=$tmp; else return $_lang['ef_no_doc'] . " '$tpl'";

	# check for valid form key
	if ($formid=="") return $_lang['ef_error_formid'];


	// try to get formid from <form> tag id
	preg_match('/<form[^>]*?id=[\'"]([^\'"]*?)[\'"]/i',$tpl,$matches);
	$form_id = isset($matches[1])?$matches[1]:'';
	//check for <input type='hidden name='formid'...>
	if( !preg_match('/<input[^>]*?name=[\'"]formid[\'"]/i',$tpl) ){
			//insert hidden formid field
			$tpl = str_replace('</form>',"<input type=\"hidden\" name=\"formid\" value=\"$form_id\" /></form>",$tpl);
	}

	$validFormId = ($formid==$_POST['formid'])?1:0;

	# check if postback mode
	$efPostBack = ($validFormId && count($_POST)>0)? true:false; //retain old variable?


	if($efPostBack){
		$report = (($tmp=efLoadTemplate($report))!==false)?$tmp:$_lang['ef_no_doc'] . " '$report'";
		if($thankyou) $thankyou = (($tmp=efLoadTemplate($thankyou))!==false )?$tmp:$_lang['ef_no_doc'] . " '$thankyou'";
		if($autotext) $autotext = (($tmp=efLoadTemplate($autotext))!==false )?$tmp:$_lang['ef_no_doc'] . " '$autotext'";
	}

	//these will be added to the HEAD section of the document when the form is displayed!
	if($cssStyle){
		$cssStyle = ( strpos($cssStyle,',') && strpos($cssStyle,'<style')===false ) ? explode(',',$cssStyle) : array($cssStyle);
		foreach( $cssStyle as $tmp ) $startupSource[]= array($tmp,'css');
	}
	if($jScript){
		$jScript = ( strpos($jScript,',') && strpos($jScript,'<script')===false ) ? explode(',',$jScript) : array($jScript);
		foreach( $jScript as $tmp )
		$startupSource[]= array($tmp,'javascript');
	}

	#New in 1.4.4 - run snippet to include 'event' functions
	if( strlen($runSnippet)>0 ){
		$modx->runSnippet($runSnippet, array('formid'=>$formid));
		//Sadly we cannot know if the snippet fails or if it exists as modx->runsnippet's return value
		//is ambiguous
	}

	# invoke onBeforeFormParse event set by another script
	if ($eFormOnBeforeFormParse) {
		if( $isDebug && !function_exists($eFormOnBeforeFormParse))
			$fields['debug'] .= "eFormOnBeforeFormParse event: Could not find the function " . $eFormOnBeforeFormParse;
		else{
			$templates = array('tpl'=>$tpl,'report'=>$report,'thankyou'=>$thankyou,'autotext'=>$autotext);
			if( $eFormOnBeforeFormParse($fields,$templates)===false )
				return "";
			elseif(is_array($templates))
				extract($templates); // extract back into original variables
		}
	}

# parse form for formats and generate placeholders
$tpl = eFormParseTemplate($tpl,$isDebug);

	if ($efPostBack) {

		foreach($formats as $k => $discard)
			if(!isset($fields[$k])) $fields[$k] = ""; // store dummy value inside $fields

		 $disclaimer = (($tmp=efLoadTemplate($disclaimer))!==false )? $tmp:'';

		//error message containers
		$vMsg = $rMsg = $rClass = array();

		# get user post back data
		foreach($_POST as $name => $value){
			if(is_array($value)){
				//remove empty values
				$fields[$name] = array_filter($value,create_function('$v','return (!empty($v));'));
			} else
				$fields[$name]	= stripslashes(($allowhtml || $formats[$name][2]=='html')? $value:$modx->stripTags($value));
		}

		# get uploaded files
		foreach($_FILES as $name => $value){
			$fields[$name] = $value;
		}

		# check vericode
		if($vericode) {
			//add support for captcha code - thanks to Djamoer
			$code = $_SESSION['veriword'] ? $_SESSION['veriword'] : $_SESSION['eForm.VeriCode'];
			if($fields['vericode']!=$code) {
				$vMsg[count($vMsg)]=$_lang['ef_failed_vericode'];
				$rClass['vericode']=$invalidClass; //added in 1.4.4
			}
		}

		# validate fields
		foreach($fields as $name => $value) {
			$fld = $formats[$name];
			if ($fld) {
				$desc		= $fld[1];
				$datatype 	= $fld[2];
				$isRequired = $fld[3];

				if ($isRequired==1 && $value=="" && $datatype!="file"){
					$rMsg[count($rMsg)]="$desc";
					$rClass[$name]=$requiredClass;

				}elseif( !empty($fld[5]) && $value!="" && $datatype!="file" ) {
					$value = validateField($value,$fld,$vMsg,$isDebug);

					if($value===false) $rClass[$name]=$invalidClass;
					//if returned value is not of type boolean replace value...
					elseif($value!==true) $fields[$name]=$value; //replace value.

				}else{ //value check
					switch ($datatype){
						case "integer":
						case "float":
							if (strlen($value)>0 && !is_numeric($value)){
								$vMsg[count($vMsg)]=$desc . $_lang["ef_invalid_number"];
								$rClass[$name]=$invalidClass;
							}
							break;
						case "date":
							if(strlen($value)==0) break;
							//corrected by xwisdom for php version differences
							$rt = strtotime($value); //php 5.1.0+ returns false while < 5.1.0 returns -1
							if ($rt===false||$rt===-1){
								$vMsg[count($vMsg)]=$desc . $_lang["ef_invalid_date"];
								$rClass[$name]=$invalidClass;
							}
							break;
						case "email":
							//stricter email validation - udated to allow + in local name part
							if (strlen($value)>0 &&  !preg_match(
							'/^(?:[a-z0-9+_-]+?\.)*?[a-z0-9_+-]+?@(?:[a-z0-9_-]+?\.)*?[a-z0-9_-]+?\.[a-z0-9]{2,5}$/i', $value) ){
								$vMsg[count($vMsg)] = isset($formats[$name][4]) ? $formats[$name][4] : $desc . $_lang["ef_invalid_email"];
								$rClass[$name]=$invalidClass;
							}
							break;
						case "file":
							if ($_FILES[$name]['error']==1 || $_FILES[$name]['error']==2){
								$vMsg[count($vMsg)]=$desc . $_lang['ef_upload_exceeded'];
								$rClass[$name]=$invalidClass;
							}elseif ($isRequired==1 && ($_FILES[$name] && $_FILES[$name]['type']=='')){
								$rMsg[count($rMsg)]=$desc;
								$rClass[$name]=$requiredClass;
							}elseif ($_FILES[$name]['tmp_name']){
								if( substr($fld[5],0,5)!="#LIST" || validateField($_FILES[$name]['name'],$fld,$vMsg,$isDebug) )
									$attachments[count($attachments)] = $_FILES[$name]['tmp_name'];
								else $rClass[$name]=$invalidClass;
							}
							break;
						case "html":
						case "checkbox":
						case "string":
						default:
							break;
					}
				}//end required test
			}
		}

// Changed in 1.4.4.5  - now expects 4 parameters
	if ($eFormOnValidate) {
		if( $isDebug && !function_exists($eFormOnValidate))
				$fields['debug'] .= "eformOnValidate event: Could not find the function " . $eFormOnValidate;
			else
				if ($eFormOnValidate($fields,$vMsg,$rMsg,$rClass)===false) return;
	}


	if(count($vMsg)>0 || count($rMsg)>0){

		//New in 1.4.2 - classes are set in labels and form elements for invalid fields
		foreach($rClass as $n => $class){
			$fields[$n.'_class'] = $fields[$n.'_class']?$fields[$n.'_class'].' '. $class:$class;
			$fields[$n.'_vClass'] = $fields[$n.'_vClass']?$fields[$n.'_vClass'].' '. $class:$class;
			//work around for checkboxes
			if( isset($formats[$n][6] )){ //have separate id's for check and option tags - set classes as well
				foreach( explode(',',$formats[$n][6]) as $id)
					$fields[$id.'_vClass'] =	$fields[$id.'_vClass'] ? $fields[$id.'_vClass'].' '. $class : $class;
			}
		}

		//add debugging info to fields array
		if($isDebug){
			ksort($fields);
			if($isDebug>1){
				$debugText .= "<br /><strong>Formats array:</strong><pre>". var_export($formats,true).'</pre>';
				$debugText .= "<br /><strong>Fields array:</strong><pre>". var_export($fields,true).'</pre>';
				$debugText .= "<br /><strong>Classes parsed :</strong><pre>" . var_export($rClass,true) ."</pre>";
			}
			$debugText .= "<br /><strong>eForm configuration:</strong><pre>\n". var_export($params,true).'</pre>';
			$fields['debug']=$debugText;
		}

			#set validation message
			$tmp = (count($rMsg)>0)?str_replace("{fields}", implode(", ",$rMsg),$_lang['ef_required_message']):"";
			$tmp .= implode("<br />",$vMsg);
			if(!strstr($tpl,'[+validationmessage+]'))
				$modx->setPlaceholder('validationmessage',str_replace('[+ef_wrapper+]', $tmp, $_lang['ef_validation_message']));
			else
				$fields['validationmessage'] .= str_replace('[+ef_wrapper+]', $tmp, $_lang['ef_validation_message']);
	} else {

			# format report fields
			foreach($fields as $name => $value) {
				$fld = $formats[$name];
				if ($fld) {
					$datatype = $fld[2];
					switch ($datatype)  {

						case "integer":
							$value = number_format($value);
							break;
						case "float":
							$localeInfo = localeconv();
							$th_sep = empty($_lang['ef_thousands_separator'])?$localeInfo['thousands_sep']:$_lang['ef_thousands_separator'];
							$dec_point= $localeInfo['decimal_point'];
$debugText .= 'Locale<pre>'.var_export($localeInfo,true).'</pre>';
							$value = number_format($value, 2, $dec_point, $th_sep);
							break;
						case "date":
							$format_string = isset($_lang['ef_date_format']) ? $_lang['ef_date_format'] : '%d-%b-%Y %H:%M:%S';
							$value = ($value)? strftime($format_string,strtotime($value)):"";
							$value=str_replace("00:00:00","",$value);// remove trailing zero time values
							break;
						case "html":
							// convert \n to <br />
							if(!$sendAsText ) $value = preg_replace('#(\n<br[ /]*?>|<br[ /]*?>\n|\n)#i','<br />',$value);
							break;
						case "file":
							// set file name
							if($value['type']!="" && $value['type']!=""){
								$value = $value["name"];
								$patharray = explode(((strpos($value,"/")===false)? "\\":"/"), $value);
								$value = $patharray[count($patharray)-1];
							}
							else {
								$value = "";
							}
							break;
					}
					$fields[$name] = $value;
				}
			}
			# set postdate
			$fields['postdate'] = strftime("%d-%b-%Y %H:%M:%S",time());

			//check against email injection and replace suspect content
			if( hasMailHeaders($fields) ){

				//send email to webmaster??
				if ($reportAbuse){ //set in snippet configuration tab
					$body = $_lang['ef_mail_abuse_message'];
					$body .="<table>";
					foreach($fields as $key => $value)
						$body .= "<tr><td>$key</td><td><pre>$value</pre></td></tr>";
					$body .="</table>";
					include_once "manager/includes/controls/class.phpmailer.php";
				# send abuse alert
					$mail = new PHPMailer();
					$mail->IsMail();
					$mail->IsHTML($isHtml);
					$mail->From		= $modx->config['emailsender'];
					$mail->FromName	= $modx->config['site_name'];
					$mail->Subject	= $_lang['ef_mail_abuse_subject'];
					$mail->Body		= $body;
					AddAddressToMailer($mail,"to",$modx->config['emailsender']);
					$mail->send(); //ignore mail errors in this case
				}
				//return empty form with error message
				//register css and/or javascript
				if( isset($startupSource) ) efRegisterStartupBlock($startupSource);
				return formMerge($tpl,array('validationmessage'=> $_lang['ef_mail_abuse_error']));
			}

			# added in 1.4.2 - Limit the time between form submissions
			if($submitLimit>0){
				if( time()<$submitLimit+$_SESSION[$formid.'_limit'] ){
					return formMerge($_lang['ef_submit_time_limit'],$fields);
				}
				else unset($_SESSION[$formid.'_limit'], $_SESSION[$formid.'_hash']); //time expired
			}

			# invoke OnBeforeMailSent event set by another script
			if ($eFormOnBeforeMailSent) {
				if( $isDebug && !function_exists($eFormOnBeforeMailSent))
					$fields['debug'] .= "eFormOnBeforeMailSent event: Could not find the function " . $eFormOnBeforeMailSent;
				elseif ($eFormOnBeforeMailSent($fields)===false) {
					if( isset($fields['validationmessage']) && !empty($fields['validationmessage']) ){
						//register css and/or javascript
						if( isset($startupSource) ) efRegisterStartupBlock($startupSource);
						return formMerge($tpl,$fields);
					}
					else
						return;
				}
			}

			if( $protectSubmit ){
				$hash = '';
				# create a hash of key data
				if(!is_numeric($protectSubmit)){ //supplied field names
					$protectSubmit = (strpos($protectSubmit,','))? explode(',',$protectSubmit):array($protectSubmit);
					foreach($protectSubmit as $fld) $hash .= isset($fields[$fld]) ? $fields[$fld] : '';
				}else //all required fields
					foreach($formats as $fld) $hash .= ($fld[3]==1) ? $fields[$fld[0]] : '';
				if($hash) $hash = md5($hash);

				if( $isDebug ) $debugText .= "<strong>SESSION HASH</strong>:".$_SESSION[$formid.'_hash']."<br />"."<b>FORM HASH</b>:".$hash."<br />";

				# check if already succesfully submitted with same data
				if( isset($_SESSION[$formid.'_hash']) && $_SESSION[$formid.'_hash'] == $hash && $hash!='' )
						return formMerge($_lang['ef_multiple_submit'],$fields);
			}

			$fields['disclaimer'] = ($disclaimer)? formMerge($disclaimer,$fields):"";
			$subject	= isset($fields['subject'])?$fields['subject']:(($subject)? formMerge($subject,$fields):$category);
			$fields['subject'] = $subject; //make subject available in report & thank you page
			$report	= ($report)? formMerge($report,$fields):"";
			$keywords	= ($keywords)? formMerge($keywords,$fields):"";
			$from = ($from)? formMerge($from,$fields):"";
			$fromname	= ($from)? formMerge($fromname,$fields):"";

			$to = formMerge($to,$fields);
			if(empty($to) || !strpos($to,'@')) $nomail=1;

			if(!$nomail){

				# check for mail selector field - select an email from to list
				if ($mselector && $fields[$mselector]) {
					$i = (int)$fields[$mselector];
					$ar = explode(",",$to);
					if ($i>0) $i--;
					if ($ar[$i]) $to = $ar[$i];
					else $to = $ar[0];
				}

				//set reply-to address
				//$replyto snippet parameter must contain email or fieldname
				if(!strstr($replyto,'@'))
					$replyto = ( $fields[$replyto] && strstr($fields[$replyto],'@') )?$fields[$replyto]:$from;

				# include PHP Mailer
				include_once "manager/includes/controls/class.phpmailer.php";

				# send form
				//defaults to html so only test sendasText
				$isHtml = ($sendAsText==1 || strstr($sendAsText,'report'))?false:true;

				if(!$noemail) {
					if($sendirect) $to = $fields['email'];
					$mail = new PHPMailer();
					$mail->IsMail();
					$mail->CharSet = $modx->config['modx_charset'];
					$mail->IsHTML($isHtml);
					$mail->From		= $from;
					$mail->FromName	= $fromname;
					$mail->Subject	= $subject;
					$mail->Body		= $report;
					AddAddressToMailer($mail,"replyto",$replyto);
					AddAddressToMailer($mail,"to",$to);
					AddAddressToMailer($mail,"cc",$cc);
					AddAddressToMailer($mail,"bcc",$bcc);
					AttachFilesToMailer($mail,$attachments);
					if(!$mail->send()) return 'Main mail: ' . $_lang['ef_mail_error'] . $mail->ErrorInfo;
				}

				# send user a copy of the report
				if($ccsender && $fields['email']) {
					$mail = new PHPMailer();
					$mail->IsMail();
					$mail->CharSet = $modx->config['modx_charset'];
					$mail->IsHTML($isHtml);
					$mail->From		= $from;
					$mail->FromName	= $fromname;
					$mail->Subject	= $subject;
					$mail->Body		= $report;
					AddAddressToMailer($mail,"to",$fields['email']);
					AttachFilesToMailer($mail,$attachments);
					if(!$mail->send()) return 'CCSender: ' . $_lang['ef_mail_error'] . $mail->ErrorInfo;
				}

				# send auto-respond email
				//defaults to html so only test sendasText
				$isHtml = ($sendAsText==1 || strstr($sendAsText,'autotext'))?false:true;
				if ($autotext && $fields['email']!='') {
					$autotext = formMerge($autotext,$fields);
					$mail = new PHPMailer();
					$mail->IsMail();
					$mail->CharSet = $modx->config['modx_charset'];
					$mail->IsHTML($isHtml);
					$mail->From		= ($autosender)? $autosender:$from;
					$mail->FromName	= ($autoSenderName)?$autoSenderName:$fromname;
					$mail->Subject	= $subject;
					$mail->Body		= $autotext;
					AddAddressToMailer($mail,"to",$fields['email']);
					if(!$mail->send()) return 'AutoText: ' . $_lang['ef_mail_error'] . $mail->ErrorInfo;
				}

				//defaults to text - test for sendAsHtml
				$isHTML = ($sendAsHTML==1 || strstr($sendAsHtml,'mobile'))?true:false;
				# send mobile email
				if ($mobile && $mobiletext) {
					$mobiletext = formMerge($mobiletext,$fields);
					$mail = new PHPMailer();
					$mail->IsMail();
					$mail->CharSet = $modx->config['modx_charset'];
					$mail->IsHTML($isHtml);
					$mail->From		= $from;
					$mail->FromName	= $fromname;
					$mail->Subject	= $subject;
					$mail->Body		= $mobiletext;
					AddAddressToMailer($mail,"to",$mobile);
					$mail->send();
				}

			}//end test nomail
			 # added in 1.4.2 - Protection against multiple submit with same form data
			 if($protectSubmit) $_SESSION[$formid.'_hash'] = $hash; //hash is set earlier

			 # added in 1.4.2 - Limit the time between form submissions
			 if($submitLimit>0) $_SESSION[$formid.'_limit'] = time();

				# invoke OnMailSent event set by another script
				if ($eFormOnMailSent) {
					if( $isDebug && !function_exists($eFormOnMailSent) )
						$fields['debug'] .= "eFormOnMailSent event: Could not find the function" . $eFormOnMailSent;
					else
						if ($eFormOnMailSent($fields)===false) return;
				}


			if($isDebug){
				$debugText .="<strong>Mail Headers:</strong><br />From: $from ($fromname)<br />Reply-to:$replyto<br />To: $to<br />Subject: $subject<br />CC: $cc<br /> BCC:$bcc<br />";
			if($isDebug>1){
				$debugText .= "<br /><strong>Formats array:</strong><pre>". var_export($formats,true).'</pre>';
				$debugText .= "<br /><strong>Fields array:</strong><pre>". var_export($fields,true).'</pre>';
			}
				$fields['debug'] = $debugText;
			}

			# show or redirect to thank you page
			if ($gid==$modx->documentIdentifier){

				if(!empty($thankyou) ){
					if($isDebug && !strstr($thankyou,'[+debug+]')) $thankyou .= '[+debug+]';
					if( isset($startupSource) ) efRegisterStartupBlock($startupSource,true);	//skip scripts
					if( $sendAsText ){
						foreach($formats as $key => $fmt)
							if($fmt[2]=='html') $fields[$key] = str_replace("\n",'<br />',$fields[$key]);
					}
					$thankyou = formMerge($thankyou,$fields);
					return $thankyou;
				}else{
					return $_lang['ef_thankyou_message'];
				}
			}
			else {
				$url = $modx->makeURL($gid);
				$modx->sendRedirect($url);
			}
			return; // stop here
		}
	}else{ //not postback

		//add debugging info to fields array
		if($isDebug){
			$debugText .= "<br /><strong>eForm configuration:</strong><pre>". var_export($params,true).'</pre>';
			$fields['debug']=$debugText;
		}

		//strip the eform attribute
		$regExpr = "#eform=([\"'])[^\\1]*?\\1#si";
		$tpl = preg_replace($regExpr,'',$tpl);
	}

	// set vericode
	if($vericode) {
		$_SESSION['eForm.VeriCode'] = $fields['vericode'] = substr(uniqid(''),-5);
		$fields['verimageurl'] = $modx->config['base_url'].'manager/includes/veriword.php?rand='.rand();
	}

	# get SESSION data - thanks to sottwell
	if($sessionVars){
		$sessionVars = (strpos($sessionVars,',',0))?explode(',',$sessionVars):array($sessionVars);
		foreach( $sessionVars as $varName ){
			if( empty($varName) ) continue;
			$varName = trim($varName);
			if( isset($_SESSION[$varName]) && !empty($_SESSION[$varName]) )
				$fields[$varName] = ( isset($fields[$varName]) && $postOverides )?$fields[$varName]:$_SESSION[$varName];
		}
	}

	# invoke OnBeforeFormMerge event set by another script
	if ($eFormOnBeforeFormMerge) {
		if( $isDebug && !function_exists($eFormOnBeforeFormMerge))
				$fields['debug'] .= "eFormOnBeforeFormMerge event: Could not find the function " . $eFormOnBeforeFormMerge;
			else
				if ($eFormOnBeforeFormMerge($fields)===false) return;
	}

	# build form
	if($isDebug && !$fields['debug']) $fields['debug'] = $debugText;
	if($isDebug && !strstr($tpl,'[+debug+]')) $tpl .= '[+debug+]';
	//register css and/or javascript
	if( isset($startupSource) ) efRegisterStartupBlock($startupSource);
	return formMerge($tpl,$fields);
}

# Form Merge
function formMerge($docText, $docFields, $vClasses='') {
	global $formats;
	$lastitems;
	if(!$docText) return '';

	preg_match_all('~\[\+(.*?)\+\]~', $docText, $matches);
	for($i=0;$i<count($matches[1]);$i++) {
		$name = $matches[1][$i];
		list($listName,$listValue) = explode(":",$name);
		$value = isset($docFields[$listName])? $docFields[$listName]:'';

// support for multi checkbox, radio and select - Djamoer
		if(is_array($value)) $value=implode(', ', $value);

		$fld = $formats[$name];
		if (!isset($fld)){
			// listbox, checkbox, radio select
			$colonPost = strpos($name, ':');
			$listName = substr($name, 0, $colonPost);
			$listValue = substr($name, $colonPost+1);
			$datatype = $formats[$listName][2];
			if(is_array($docFields[$listName])) {
				if($datatype=="listbox" && in_array($listValue, $docFields[$listName])) $docText = str_replace("[+$listName:$listValue+]","selected='selected'",$docText);
				if(($datatype=="checkbox"||$datatype=="radio") && in_array($listValue, $docFields[$listName])) $docText = str_replace("[+$listName:$listValue+]","checked='checked'",$docText);
			}
			else {
				if($datatype=="listbox" && $listValue==$docFields[$listName]) $docText = str_replace("[+$listName:$listValue+]","selected='selected'",$docText);
				if(($datatype=="checkbox"||$datatype=="radio") && $listValue==$docFields[$listName]) $docText = str_replace("[+$listName:$listValue+]","checked='checked'",$docText);
			}
		}
		if(strpos($name,":")===false) $docText = str_replace("[+$name+]",$value,$docText);
		else {
			// this might be a listbox item.
			// we'll remove this field later
			$lastitems[count($lastitems)]="[+$name+]";
		}
	}
	$lastitems[count($lastitems)] = "class=\"\""; //removal off empty class attributes
	$docText = str_replace($lastitems,"",$docText);
	return $docText;
}

# Adds Addresses to Mailer
function AddAddressToMailer(&$mail,$type,$addr){
	$a = explode(",",$addr);
	for($i=0;$i<count($a);$i++){
		if(!empty($a[$i])) {
			if ($type=="to") $mail->AddAddress($a[$i]);
			elseif ($type=="cc") $mail->AddCC($a[$i]);
			elseif ($type=="bcc") $mail->AddBCC($a[$i]);
			elseif ($type=="replyto") $mail->AddReplyTo($a[$i]);
		}
	}
}

# Attach Files to Mailer
function AttachFilesToMailer(&$mail,&$attachFiles) {
	if(count($attachFiles)>0){
		foreach($attachFiles as $attachFile){
			if(!file_exists($attachFile)) continue;
			$FileName = $attachFile;
			$contentType = "application/octetstream";
			if (is_uploaded_file($attachFile)){
				foreach($_FILES as $n => $v){
					if($_FILES[$n]['tmp_name']==$attachFile) {
						$FileName = $_FILES[$n]['name'];
						$contentType = $_FILES[$n]['type'];
					}
				}
			}
			$patharray = explode(((strpos($FileName,"/")===false)? "\\":"/"), $FileName);
			$FileName = $patharray[count($patharray)-1];
			$mail->AddAttachment($attachFile,$FileName,"base64",$contentType);
		}
	}
}

/*--- Form Parser stuff----------------------*/
function  eFormParseTemplate($tpl, $isDebug=false ){
	global $modx,$formats,$optionsName,$_lang,$debugText,$fields,$validFormId;
	global $efPostBack;

	$formats =""; //clear formats so values don't persist through multiple snippet calls
	$labels = "";

	$regExpr = "#(<label[^>]*?>)(.*?)</label>#si";;
	preg_match_all($regExpr,$tpl,$matches);
	foreach($matches[1] as $key => $fld){
		$attr = attr2array($fld);
		if(isset($attr['for'])){
				$name = substr($attr['for'],1,-1);
				//add class to fields array
				$fields[$name."_vClass"] = isset($attr['class'])?substr($attr['class'],1,-1):'';
				$labels[$name] = strip_tags($matches[2][$key]);
				//create placeholder for class
				$attr['class'] = '"[+'.$name.'_vClass+]"';
				$newTag = buildTagPlaceholder('label',$attr,$name);
				$tpl = str_replace($fld,$newTag,$tpl);
		}
	}

	//retrieve all the form fields
	$regExpr = "#(<(input|select|textarea)[^>]*?>)#si";
	preg_match_all($regExpr,$tpl,$matches);

	$fieldTypes = $matches[2];
	$fieldTags = $matches[1];

	for($i=0;$i<count($fieldTypes);$i++){
		$type = $fieldTypes[$i];

		//get array of html attributes
		$tagAttributes = attr2array($fieldTags[$i]);
		//attribute values are stored including quotes
		//strip quotes as well as any brackets to get the raw name
		$name = str_replace(array("'",'"','[',']'),'',$tagAttributes['name']);

		#skip vericode field - updated in 1.4.4
		#special case. We need to set the class placeholder but forget about the rest
		if($name=="vericode"){
			if(isset($tagAttributes['class'])){
				$fields[$name.'_class'] = substr($tagAttributes['class'],1,-1);
			}
			$tagAttributes['class'] = '"[+'.$name.'_class+]"';
			$tagAttributes['value'] = '';
			$newTag = buildTagPlaceholder('input',$tagAttributes,$name);
			$tpl = str_replace($fieldTags[$i],$newTag,$tpl);
			continue;
		}

		//store the field options
			if (isset($tagAttributes[$optionsName])){
				//split to max of 5 so validation rule can contain ':'
				$formats[$name] = explode(":",stripTagQuotes($tagAttributes[$optionsName]),5) ;
				array_unshift($formats[$name],$name);
		}else{
			if(!isset($formats[$name])) $formats[$name]=array($name,'','',0);
		}
		//added for 1.4 - use label if it is defined
		if(empty($formats[$name][1]))
			$formats[$name][1]=(isset($labels[$name])) ? $labels[$name] : $name;

		if(isset($id)) $formats[6] = $id; //added in 1.4.4.1

		unset($tagAttributes[$optionsName]);

		//added in 1.4.2 - add placeholder to class attribute
		if(isset($tagAttributes['class'])){
			$fields[$name.'_class'] = substr($tagAttributes['class'],1,-1);
		}
		$tagAttributes['class'] = '"[+'.$name.'_class+]"';

		switch($type){
			case "select":
				//replace with 'cleaned' tag and added placeholder
				$newTag = buildTagPlaceholder('select',$tagAttributes,$name);
				$tpl = str_replace($fieldTags[$i],$newTag,$tpl);
				if($formats[$name]) $formats[$name][2]='listbox';

				//Get the whole select block with option tags
				//escape any regex characters!
				$regExp = "#<select [^><]*?name=".preg_quote($tagAttributes['name'],'#')."[^>]*?".">(.*?)</select>#si";
				preg_match($regExp,$tpl,$matches);
				$optionTags = $matches[1];

				$select = $newSelect = $matches[0];
				//get separate option tags and split them up
				preg_match_all("#(<option [^>]*?>)#si",$optionTags,$matches);
				$validValues = array();
				foreach($matches[1] as $option){
					$attr = attr2array($option);
//* debug */ print __LINE__.': <pre>'.print_r($attr,true) .'</pre><br />';
					$value = substr($attr['value'],1,-1); //strip outer quotes
					if( trim($value)!='' ) $validValues[] = $value;
					$newTag = buildTagPlaceholder('option',$attr,$name);
					$newSelect = str_replace($option,$newTag,$newSelect);
					//if no postback, retain any checked values
					if(!$efPostBack && !empty($attr['selected'])) $fields[$name][]=$value;
				}
				//replace complete select block
				$tpl = str_replace($select,$newSelect,$tpl);
				//add valid values to formats... (extension to $formats)

				if($formats[$name] && !$formats[$name][5]){
					$formats[$name][4] = $_lang['ef_failed_default'];
					//convert commas in values to something else !
					$formats[$name][5]= "#LIST " . implode(",",str_replace(',','&#44;',$validValues));
				}
				break;

			case "textarea":
				// add support for maxlength attribute for textarea
				// attribute get's stripped form form //
				if( $tagAttributes['maxlength'] ){
					$formats[$name][$_dfnMaxlength] == $tagAttributes['maxlength'];
					unset($tagAttributes['maxlength']);
				}
				$newTag = buildTagPlaceholder($type,$tagAttributes,$name);
				$regExp = "#<textarea [^>]*?name=" . $tagAttributes["name"] . "[^>]*?" . ">(.*?)</textarea>#si";
				preg_match($regExp,$tpl,$matches);
				//if nothing Posted retain the content between start/end tags
				$placeholderValue = ($efPostBack)?"[+$name+]":$matches[1];

				$tpl = str_replace($matches[0],$newTag.$placeholderValue."</textarea>",$tpl);
				break;
			default: //all the rest, ie. "input"
				$newTag = buildTagPlaceholder($type,$tagAttributes,$name);
				  $fieldType = stripTagQuotes($tagAttributes['type']);
					//validate on maxlength...
					if( $fieldType=='text' && $tagAttributes['maxlength'] ){
						$formats[$name][$_dfnMaxlength] == $tagAttributes['maxlength'];
					}
					if($formats[$name] && !$formats[$name][2]) $formats[$name][2]=($fieldType=='text')?"string":$fieldType;
					//populate automatic validation values for hidden, checkbox and radio fields
					if($fieldType=='hidden'){
						if(!$isDebug) $formats[$name][1] = "[undefined]"; //do not want to disclose hidden field names
						if(!isset($formats[$name][4])) $formats[$name][4]= $_lang['ef_tamper_attempt'];
						if(!isset($formats[$name][5])) $formats[$name][5]= "#VALUE ". stripTagQuotes($tagAttributes['value']);
					}elseif($fieldType=='checkbox' || $fieldType=='radio'){
						$formats[$name][4]= $_lang['ef_failed_default'];
						$formats[$name][5] .= isset($formats[$name][5])?",":"#LIST ";
						//convert embedded comma's in values!
						$formats[$name][5] .= str_replace(',','&#44;',stripTagQuotes($tagAttributes['value']));
						//store the id as well
						//if no postback, retain any checked values
						if(!$efPostBack && !empty($tagAttributes['checked'])) $fields[$name][]=stripTagQuotes($tagAttributes['value']);
						//
						$formats[$name][6] .= ( isset($formats[$name][6])?",":"").stripTagQuotes($tagAttributes['id']);
					}elseif(empty($fields[$name])){ //plain old text input field
						//retain default value set in form template if not already set in code
						$fields[$name] = stripTagQuotes($tagAttributes['value']);
					}

				$tpl = str_replace($fieldTags[$i],$newTag,$tpl);
				break;
		}
	}
	if($isDebug>2) $debugText .= "<strong>Parsed template</strong><p style=\"border:1px solid black;padding:2px;\">" . str_replace("\n",'<br />',str_replace('+','&#043;',htmlspecialchars($tpl)))."</p><hr>";
	return $tpl;
}

function stripTagQuotes($value){
	return substr($value,1,-1);
}

function buildTagPlaceholder($tag,$attributes,$name){
	$type = stripTagQuotes($attributes["type"]);
	$quotedValue = $attributes['value'];
	$val = stripTagQuotes($quotedValue);

	foreach ($attributes as $k => $v)
			$t .= ($k!='value' && $k!='checked' && $k!='selected')?" $k=$v":"";

	switch($tag){
		case "select":
			return "<$tag$t>"; //only the start tag mind you
		case "option":
			return "<$tag$t value=".$quotedValue." [+$name:$val+]>";
		case "input":
			switch($type){
				case 'radio':
				case 'checkbox':
					return "<input$t value=".$quotedValue." [+$name:$val+] />";
				case 'text':
					if($name=='vericode') return "<input$t value=\"\" />";
					//else pass on to next
				case 'password':
					return "<input$t value=\"[+$name+]\" />";
				default: //leave as is - no placeholder
					return "<input$t value=".$quotedValue." />";
			}
		case "file": //no placeholder!
		case "textarea": //placeholder needs to be added in calling code
			return "<$tag$t>";
		case "label":
			return "<$tag$t>";
		default:
			return "<input$t value=\"[+$name+]\" />";
	} // switch
	return ""; //if we've arrived here we're in trouble
}

function attr2array($tag){
	$expr = "#([a-z0-9_]*?)=(([\"'])[^\\3]*?\\3)#si";
	preg_match_all($expr,$tag,$matches);
	foreach($matches[1] as $i => $key)
		$rt[$key]= $matches[2][$i];
	return $rt;
}

function validateField($value,$fld,&$vMsg,$isDebug=false){
	global $modx,$_lang, $debugText,$fields;
	$output = true;
	$desc = $fld[1];
	$fldMsg = trim($fld[4]);
	if(empty($fld[5])) return $output; //if no rule value validates

	list($cmd,$param) = explode(" ",trim($fld[5]),2);
		$cmd = strtoupper(trim($cmd));
	if (substr($cmd,0,1)!='#'){
		$vMsg[count($vMsg)] = "$desc &raquo;" . $_lang['ef_error_validation_rule'];
		return false;
	}

	$valList = (is_array($value))?$value:array($value);
	//init vars
	$errMsg='';
	unset($vlist);

	for($i=0;$i<count($valList);$i++){
		$value = $valList[$i]; //re-using $value, destroying original!!

		switch ($cmd) {
			//really only used internally for hidden fields
			case "#VALUE":
				if($value!=$param) $errMsg = $_lang['ef_failed_default'];
				break;
			case "#RANGE":
				if(!isset($vlist)) $vlist = explode(',',strtolower(trim($param))); //cached
				//the crude way first - will have to refine this
				foreach($vlist as $p){
					if( strpos($p,'~')>0)
						$range = explode('~',$p);
					else
						$range = array($p,$p); //yes,.. I know - cheating :)

					if($isDebug && (!is_numeric($range[0]) || !is_numeric($range[1])) )
						$modx->messageQuit('Error in validating form field!', '',$false,E_USER_WARNING,__FILE__,'','#RANGE rule contains non-numeric values: '.$fld[5],__LINE__);
					sort($range);
					if( $value>=$range[0] && $value<=$range[1] ) break 2; //valid
				}
				$errMsg = $_lang['ef_failed_range'];
				break;

			case "#LIST":		// List of comma separated values (not case sensitive)
				//added in 1.4 - file upload filetype test
//FS#960 - removed trimming of $param - values with leading or trailing spaces would always fail validation
				if($fld[2]=='file')$value = substr($value,strrpos($value,'.')+1); //file extension
				if(!isset($vlist)){
					$vlist = 	explode(',',strtolower($param)); //cached
					foreach($vlist as $k =>$v ) $vlist[$k]=str_replace('&#44;',',',$v);

				} //changes to make sure embedded commma's in values are recognized

				if( $isDebug && count($vlist)==1 && empty($vlist[0])  ){
					 //if debugging bail out big time
					 $modx->messageQuit('Error in validating form field!', '',$false,E_USER_WARNING,__FILE__,'','#LIST rule declared but no list values supplied: '.$fld[5],__LINE__);
				}elseif(!in_array(strtolower($value),$vlist))
					$errMsg = ($fld[2]=='file')? $_lang["ef_failed_upload"]: $_lang['ef_failed_list'];
				break;

			case "#SELECT":	//validates against a list of values from the cms database
				#cache all this
				if( !isset($vlist) ) {
					$rt = array();
					$param = 	str_replace('{DBASE}',$modx->db->config['dbase'],$param);
					$param = 	str_replace('{PREFIX}',$modx->db->config['table_prefix'],$param);
					//added in 1.4
					if( preg_match("/{([^}]*?)\}/",$param,$matches) ){
						$tmp = $modx->db->escape(formMerge('[+'.$matches[1].'+]',$fields));
						$param = str_replace('{'.$matches[1].'}',$tmp,$param);
					}
					$rs = $modx->db->query("SELECT $param;");
					//select value from 1st field in records only (not case sensitive)
					while( $v = $modx->db->getValue($rs) ) $vlist[]=strtolower($v);
				}
				if(!is_array($vlist)){
					//WARNING! if not debugging (and query fails) error is ignored, and value will validate!!
					//version 1.4 - replaced fatal error with friendly debug message when debugging
					$debugText .= ($isDebug)? "'<strong>$fld[1]</strong>' ".$_lang['ef_sql_no_result'].'<br />':'';
				}elseif(!in_array(strtolower($value),$vlist)){
					$errMsg = $_lang['ef_failed_list'];
				}
				break;

			case "#EVAL":	// php code should return true or false
				$tmp = $cmd; //just in case eval destroys cmd
				if( eval($param)===false )
					$errMsg = $_lang['ef_failed_eval'];
				if($isDebug) $debugText .= "<strong>$fld[1]</strong>: ".$_lang['ef_eval_deprecated']." $param";
				$cmd = $tmp;
				break;
			//added in 1.4
			case "#FUNCTION":
				$tmp = $cmd; //just in case function destroys cmd
				if( function_exists($param) )
					if( !@$param($value) ) $errMsg = $_lang['ef_failed_eval'];
				else
					if($isDebug) $debugText .= "<strong>$fld[1]</strong>: ".$_lang['ef_no_function']." $param";
				$cmd = $tmp;
				break;

			case "#REGEX":
				if( !$tmp=preg_match($param,$value) )
					$errMsg = $_lang['ef_failed_ereg'];
					if($isDebug && $tmp===false ) $debugText .= "<strong>$fld[1]</strong>: ".$_lang['ef_regex_error']." $param";
				break;

			case "#FILTER":
				$valList[$i] = filterEformValue($value,$param);
				break;

			default:
				$errMsg = $_lang['ef_error_validation_rule'];

		}//end switch
		if($isDebug) {
			$debugText .="'<strong>$fld[1]</strong>' ";
			$debugText .= (empty($errMsg))?'passed':'<span style="color:red;">Failed</span>';
			$debugText .= " using rule: $cmd ".$param.', (input='.htmlspecialchars($valList[$i]).")<br />\n";
		}
		if(!empty($errMsg)){
			$errMsg = ($fldMsg)?"$desc &raquo; $fldMsg":"$desc &raquo; $errMsg";
			$vMsg[count($vMsg)] = $errMsg;
			$output=false;
			break; //quit testing more values
		}
	}//end for


	//make sure we have correct return value in case of #filter
	$valList = (!is_array($value))?implode('',$valList):$valList;

	return ($cmd=="#FILTER")?$valList:$output;
}//end validateField

function filterEformValue($value,$param){
	list($cmd,$param) = explode(" ",trim($param),2);
	$cmd = trim($cmd);

	switch(strtoupper($cmd)){
		case "#REGEX":
			list($src,$dst) = explode("||",$param,2);
			$value = ( $v = preg_replace($src,$dst,$value) )?$v:$value;
			break;

		case "#LIST":
			$param = explode("||",$param,2);
			$src = strpos($param[0],',')?explode(',',$param[0]):$param[0];
			$dst = strpos($param[1],',')?explode(',',$param[1]):$param[1];
			$value = str_replace($src,$dst,$value);
			break;

		case "#EVAL":
			$value = ($v = @eval($param))?$v:$value;
			break;
	}
	return $value;
}

	function efLoadTemplate($key){
		global $modx;
		if( strlen($key)>50 ) return $key;
		$tpl = false;
		if( is_numeric($key) ) { //get from document id
			//try unpublished docs first
			$tpl = ( $doc=$modx->getDocument($key,'content',0) )? $doc['content'] :false;
			if(!$tpl )
				$tpl = ( $doc=$modx->getDocument($key,'content',1) )? $doc['content'] : false;

		}elseif( $key ){
			$tpl = ( $doc=$modx->getChunk($key) )? $doc : false;
			//try snippet if chunk is not found
            if(!$tpl) $tpl = ( $doc=$modx->runSnippet($key) )? $doc : false;
		}
		return $tpl;
	}


# registers css and/or javascript to modx class
function efRegisterStartupBlock($src_array,$noScript=false){
	global $modx;

	if(!array($src_array)) return;

	foreach($src_array as $item){
		list($src,$type) = $item;
		//skip scripts if told to do so
		if($type=='javascript' && $noScript) continue;
		//try to load from document or chunk
		if( $tmp = efLoadtemplate($src) )
				$src = $tmp;
		$src=trim($src);

 		if ( $type=='css' )
			$modx->regClientCSS($src);
		elseif ( $type == 'javascript' )
			$modx->regClientStartupScript($src);
		else
			$modx->regClientStartupHTMLBlock($src);

	}//end foreach
}

/**
* adapted from http://php.mirrors.ilisys.com.au/manual/en/ref.mail.php
* If any field contains newline followed by email-header specific string it is replaced by a harmless substitute
* (we hope) If any subsitutiosn are made the function returns true
* Currently tests for
* 	Content-Transfer-Encoding:
* 	MIME-Version:
* 	content-type:
* 	to:
* 	cc:
* 	bcc:
*/
function hasMailHeaders( &$fields ){
	$injectionAttempt = false;
	$re = "/(%0A|%0D|\n+|\r+)(Content-Transfer-Encoding:|MIME-Version:|content-type:|to:|cc:|bcc:)/i";
	foreach($fields as $fld => $text){
	 	if( ($match = preg_replace($re,'\\[\2]\\', $text))!=$text ){
			$injectionAttempt = true;
			$fields[$fld]=$match; //replace with 'disabled' version
		}
	}
	return ($injectionAttempt)?true:false;
}

?>