PageRenderTime 46ms CodeModel.GetById 18ms RepoModel.GetById 1ms app.codeStats 0ms

/wp-content/plugins/form-maker/frontend/models/FMModelForm_submissions.php

https://gitlab.com/hunt9310/ras
PHP | 296 lines | 240 code | 32 blank | 24 comment | 58 complexity | 06cede83011100edd3c8106908d12882 MD5 | raw file
    

  1. <?php

    2. 

  2. 

    3. 

  3. class FMModelForm_submissions {

    4. 

  4.   ////////////////////////////////////////////////////////////////////////////////////////

    5. 

  5.   // Events                                                                             //

    6. 

  6.   ////////////////////////////////////////////////////////////////////////////////////////

    7. 

  7.   ////////////////////////////////////////////////////////////////////////////////////////

    8. 

  8.   // Constants                                                                          //

    9. 

  9.   ////////////////////////////////////////////////////////////////////////////////////////

    10. 

  10.   ////////////////////////////////////////////////////////////////////////////////////////

    11. 

  11.   // Variables                                                                          //

    12. 

  12.   ////////////////////////////////////////////////////////////////////////////////////////

    13. 

  13.   ////////////////////////////////////////////////////////////////////////////////////////

    14. 

  14.   // Constructor & Destructor                                                           //

    15. 

  15.   ////////////////////////////////////////////////////////////////////////////////////////

    16. 

  16.   public function __construct() {

    17. 

  17.   }

    18. 

  18.   ////////////////////////////////////////////////////////////////////////////////////////

    19. 

  19.   // Public Methods                                                                     //

    20. 

  20.   ////////////////////////////////////////////////////////////////////////////////////////

    21. 

  21.   function showsubmissions($form_id, $startdate, $enddate, $submit_date, $submitter_ip, $username, $useremail, $form_fields, $csv, $xml, $title, $search, $ordering, $entries, $views, $conversion_rate, $pagination, $stats) {

    22. 

  22. 		global $wpdb;

    23. 

  23. 	

    24. 

  24. 		$user = wp_get_current_user();

    25. 

  25. 		$userGroups = $wpdb->get_var($wpdb->prepare("SELECT `user_id_wd` FROM " . $wpdb->prefix . "formmaker WHERE id='%d'", $form_id));    

    26. 

  26. 		$users = explode(',', $userGroups);

    27. 

  27. 		$users = array_slice($users, 0, count($users) - 1); 

    28. 

  28. 		$show_submits = false;

    29. 

  29. 		if(!is_user_logged_in()) {

    30. 

  30. 			if(!in_array('guest', $users))

    31. 

  31. 				return false;

    32. 

  32. 		}

    33. 

  33. 		else {

    34. 

  34. 			foreach($user->roles as $user_role) {

    35. 

  35. 				if(in_array($user_role, $users))

    36. 

  36. 					$show_submits = true;

    37. 

  37. 			}

    38. 

  38. 			if(!$show_submits)

    39. 

  39. 				return false;

    40. 

  40. 		}

    41. 

  41. 		$from = $startdate;

    42. 

  42. 		$to = $enddate;

    43. 

  43. 		

    44. 

  44. 		$filter_order = ((isset($_POST['order_by']) && esc_html(stripslashes($_POST['order_by'])) != '') ? esc_html(stripslashes($_POST['order_by'])) : 'group_id');

    45. 

  45. 		$filter_order_Dir = ((isset($_POST['asc_or_desc']) && ($_POST['asc_or_desc'] == 'asc' || $_POST['asc_or_desc'] == 'desc')) ? esc_html($_POST['asc_or_desc']) : 'asc');

    46. 

  46. 		

    47. 

  47. 		$ip_search = $submitter_ip;

    48. 

  48. 		$username_search = strtolower($username);

    49. 

  49. 		$useremail_search = strtolower($useremail);

    50. 

  50. 

    51. 

  51. 		$where = array();

    52. 

  52. 		$lists['startdate'] = ((isset($_POST['startdate'])) ? esc_html(stripslashes($_POST['startdate'])) : '');

    53. 

  53. 		$lists['enddate'] = ((isset($_POST['enddate'])) ? esc_html(stripslashes($_POST['enddate'])) : '');

    54. 

  54. 		$lists['hide_label_list'] = ((isset($_POST['hide_label_list'])) ? esc_html(stripslashes($_POST['hide_label_list'])) : '');

    55. 

  55.     

    56. 

  56. 		$lists['ip_search'] = ((isset($_POST['ip_search'])) ? esc_html(stripslashes($_POST['ip_search'])) : '');

    57. 

  57. 		$lists['username_search'] = ((isset($_POST['username_search'])) ? esc_html(stripslashes($_POST['username_search'])) : '');

    58. 

  58. 		$lists['useremail_search'] = ((isset($_POST['useremail_search'])) ? esc_html(stripslashes($_POST['useremail_search'])) : '');

    59. 

  59.     $limit = ((isset($_POST['page_number'])) ? ((int) $_POST['page_number'] - 1) * 20 : 0);

    60. 

  60. 		

    61. 

  61. 		if ( $lists['ip_search'] ) {

    62. 

  62. 			$where[] = 'ip LIKE "%' . esc_sql($lists['ip_search']) . '%"';

    63. 

  63. 		}		

    64. 

  64. 		if ( $lists['username_search'] ) {

    65. 

  65. 			$where[] = 'user_id_wd IN (SELECT `id` FROM `' . $wpdb->prefix . 'users` WHERE `display_name` LIKE "%' . esc_sql($lists['username_search']) . '%")';

    66. 

  66. 		}

    67. 

  67. 		if ( $lists['useremail_search'] ) {

    68. 

  68. 			$where[] = 'user_id_wd IN (SELECT `id` FROM `' . $wpdb->prefix . 'users` WHERE `user_email` LIKE "%' . esc_sql($lists['useremail_search']) . '%")';

    69. 

  69. 		}

    70. 

  70. 		

    71. 

  71. 		if($from) {

    72. 

  72. 			if($lists['startdate'] != '') {

    73. 

  73. 				if(strtotime($from) > strtotime($lists['startdate']))

    74. 

  74. 					$where[] = "`date` >= '" . $from . " 00:00:00'";

    75. 

  75. 				else

    76. 

  76. 					$where[] ="`date`>='" . $lists['startdate'] . " 00:00:00' ";

    77. 

  77. 			}

    78. 

  78. 			else

    79. 

  79. 				$where[] = "`date` >= '" . $from . " 00:00:00'";

    80. 

  80. 		}

    81. 

  81. 		else {

    82. 

  82. 			if($lists['startdate']!='')

    83. 

  83.         $where[] ="  `date`>='".$lists['startdate']." 00:00:00' ";

    84. 

  84. 		}

    85. 

  85. 		if($to) {

    86. 

  86. 			if($lists['enddate']!='') {

    87. 

  87. 				if(strtotime($to) < strtotime($lists['enddate']))

    88. 

  88. 					$where[] = "`date` <= '".$to." 23:59:59'";

    89. 

  89. 				else

    90. 

  90. 					$where[] ="`date`<='".$lists['enddate']." 23:59:59' ";

    91. 

  91. 			}

    92. 

  92. 			else

    93. 

  93. 				$where[] = "`date` <= '".$to." 23:59:59'";

    94. 

  94. 		}

    95. 

  95. 		else {

    96. 

  96. 			if($lists['enddate']!='')

    97. 

  97.         $where[] ="`date`<='".$lists['enddate']." 23:59:59' ";

    98. 

  98. 		}

    99. 

  99. 					

    100. 

  100. 		$form_title = $wpdb->get_var($wpdb->prepare("SELECT `title` FROM " . $wpdb->prefix . "formmaker WHERE id='%d'", $form_id));

    101. 

  101. 

    102. 

  102. 		$where[] = 'form_id="' . (int)$form_id . '"';

    103. 

  103. 		$where 		= ( count( $where ) ? '  ' . implode( ' AND ', $where ) : '' );

    104. 

  104. 		$orderby 	= ' ';

    105. 

  105. 		if ($filter_order == 'id' or $filter_order == 'title' or $filter_order == 'mail') {

    106. 

  106. 			$orderby 	= ' ORDER BY `date` desc';

    107. 

  107. 		}

    108. 

  108. 		else {

    109. 

  109. 			if ($filter_order == 'group_id' or $filter_order == 'date' or $filter_order == 'ip') {

    110. 

  110. 					$orderby 	= ' ORDER BY '.$filter_order .' '. $filter_order_Dir .'';

    111. 

  111. 			} 

    112. 

  112. 			else {

    113. 

  113. 				if ($filter_order == 'display_name' or $filter_order == 'user_email') {

    114. 

  114. 					$orderby 	= ' ORDER BY (SELECT `'.$filter_order.'` FROM `' . $wpdb->prefix . 'users` WHERE id=user_id_wd) '. $filter_order_Dir .'';

    115. 

  115. 				}

    116. 

  116.       }

    117. 

  117. 		}

    118. 

  118. 		$query = "SELECT distinct element_label FROM " . $wpdb->prefix . "formmaker_submits WHERE ". $where;

    119. 

  119. 		$labels = $wpdb->get_col($query);

    120. 

  120. 

    121. 

  121. 		$query = $wpdb->prepare("SELECT id FROM " . $wpdb->prefix . "formmaker_submits WHERE form_id='%d' and element_label=0 limit 0, 1", $form_id);    

    122. 

  122. 		$ispaypal = $wpdb->get_var($query);

    123. 

  123. 

    124. 

  124. 		$query = $wpdb->prepare('SELECT count(distinct group_id) FROM ' . $wpdb->prefix . 'formmaker_submits where form_id ="%d"', $form_id);    

    125. 

  125. 		$total_entries = $wpdb->get_var($query);

    126. 

  126. 	

    127. 

  127. 		$sorted_labels_type= array();

    128. 

  128. 		$sorted_labels_id= array();

    129. 

  129. 		$sorted_labels= array();

    130. 

  130. 		$label_titles=array();

    131. 

  131. 		$rows_ord = array();

    132. 

  132. 		$rows = array();

    133. 

  133. 		$total = 0;	

    134. 

  134. 		$join_count='';

    135. 

  135.     $checked_ids = '';

    136. 

  136.     $stats_fields = '';

    137. 

  137.     

    138. 

  138. 		if($labels) {

    139. 

  139. 			$label_id= array();

    140. 

  140. 			$label_order= array();

    141. 

  141. 			$label_order_original= array();

    142. 

  142. 			$label_type= array();			

    143. 

  143. 			$this_form = $wpdb->get_row($wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "formmaker WHERE id='%d'", $form_id));

    144. 

  144.       $checked_ids = $this_form->frontend_submit_fields;

    145. 

  145.       $stats_fields = $this_form->frontend_submit_stat_fields;

    146. 

  146. 			

    147. 

  147. 			if(strpos($this_form->label_order, 'type_paypal_')) {

    148. 

  148. 				$this_form->label_order=$this_form->label_order."item_total#**id**#Item Total#**label**#type_paypal_payment_total#****#total#**id**#Total#**label**#type_paypal_payment_total#****#0#**id**#Payment Status#**label**#type_paypal_payment_status#****#";

    149. 

  149. 			}

    150. 

  150. 			$label_all	= explode('#****#',$this_form->label_order);

    151. 

  151. 			$label_all 	= array_slice($label_all,0, count($label_all)-1);

    152. 

  152. 			foreach($label_all as $key => $label_each) {

    153. 

  153. 				$label_id_each=explode('#**id**#',$label_each);

    154. 

  154. 				array_push($label_id, $label_id_each[0]);

    155. 

  155. 				

    156. 

  156. 				$label_order_each=explode('#**label**#', $label_id_each[1]);	

    157. 

  157. 				array_push($label_order_original, $label_order_each[0]);

    158. 

  158. 				

    159. 

  159. 				$ptn = "/[^a-zA-Z0-9_]/";

    160. 

  160. 				$rpltxt = "";

    161. 

  161. 				$label_temp=preg_replace($ptn, $rpltxt, $label_order_each[0]);

    162. 

  162. 				array_push($label_order, $label_temp);		

    163. 

  163. 				array_push($label_type, $label_order_each[1]);

    164. 

  164. 			}

    165. 

  165. 			

    166. 

  166. 			$join_query=array();

    167. 

  167. 			$join_where=array();

    168. 

  168. 			$join='';

    169. 

  169. 			$is_first=true;

    170. 

  170. 			

    171. 

  171. 			foreach($label_id as $key => $label) {

    172. 

  172. 				if(in_array($label, $labels)) {

    173. 

  173. 					array_push($sorted_labels_type, $label_type[$key]);

    174. 

  174. 					array_push($sorted_labels, $label_order[$key]);

    175. 

  175. 					array_push($sorted_labels_id, $label);

    176. 

  176. 					array_push($label_titles, $label_order_original[$key]);

    177. 

  177. 					$search_temp = isset($_POST[$form_id.'_'.$label.'_search']) ? $_POST[$form_id.'_'.$label.'_search'] : '';

    178. 

  178. 					$search_temp = strtolower( $search_temp );

    179. 

  179. 					$lists[$form_id.'_'.$label.'_search']	 = $search_temp;					

    180. 

  180. 					if ( $search_temp ) {

    181. 

  181. 						$join_query[]	='search';

    182. 

  182. 						$join_where[]	=array('label'=>$label, 'search'=>esc_sql($search_temp));

    183. 

  183. 					}

    184. 

  184. 				}

    185. 

  185.       }

    186. 

  186. 			if(strpos($filter_order,"_field")) {

    187. 

  187. 				if (in_array(str_replace("_field", "", $filter_order), $labels)) {

    188. 

  188. 					$join_query[]	='sort';

    189. 

  189. 					$join_where[]	=array('label'=>str_replace("_field", "", $filter_order));

    190. 

  190. 				}

    191. 

  191. 			}

    192. 

  192. 			$cols 	= 'group_id';

    193. 

  193. 			if ($filter_order == 'date' or $filter_order == 'ip') {

    194. 

  194. 				$cols 	= 'group_id, date, ip';

    195. 

  195. 			}

    196. 

  196. 		

    197. 

  197. 			switch(count($join_query)) {

    198. 

  198. 				case 0:

    199. 

  199. 					$join='SELECT distinct group_id FROM ' . $wpdb->prefix . 'formmaker_submits WHERE '. $where;

    200. 

  200.           break;

    201. 

  201. 				case 1:

    202. 

  202. 					if($join_query[0]=='sort') {

    203. 

  203. 						$join		=	'SELECT group_id FROM ' . $wpdb->prefix . 'formmaker_submits WHERE '.$where.' AND element_label="'.$join_where[0]['label'].'" ';

    204. 

  204. 						$join_count	=	'SELECT count(group_id) FROM ' . $wpdb->prefix . 'formmaker_submits WHERE form_id="'.esc_sql((int)$form_id).'" AND element_label="'.$join_where[0]['label'].'" ';

    205. 

  205. 						$orderby 	= 	' ORDER BY `element_value` '. $filter_order_Dir .'';

    206. 

  206. 					}

    207. 

  207. 					else

    208. 

  208. 						$join='SELECT group_id FROM ' . $wpdb->prefix . 'formmaker_submits WHERE element_label="'.$join_where[0]['label'].'" AND  element_value LIKE "%'.$join_where[0]['search'].'%" AND '. $where;

    209. 

  209.           break;						

    210. 

  210. 				default:

    211. 

  211. 					$join='SELECT t.group_id FROM (SELECT '.$cols.'  FROM ' . $wpdb->prefix . 'formmaker_submits WHERE '.$where.' AND element_label="'.$join_where[0]['label'].'" AND  element_value LIKE "%'.$join_where[0]['search'].'%" ) as t ';					

    212. 

  212. 					for($key=1; $key< count($join_query); $key++) {

    213. 

  213. 						if($join_query[$key]=='sort') {

    214. 

  214. 							$join.='LEFT JOIN (SELECT group_id as group_id'.$key.', element_value   FROM ' . $wpdb->prefix . 'formmaker_submits WHERE '.$where.' AND element_label="'.$join_where[$key]['label'].'") as t'.$key.' ON t'.$key.'.group_id'.$key.'=t.group_id ';

    215. 

  215. 							$orderby 	= 	' ORDER BY t'.$key.'.`element_value` '. $filter_order_Dir .'';

    216. 

  216. 						}

    217. 

  217. 						else

    218. 

  218. 							$join.='INNER JOIN (SELECT group_id as group_id'.$key.' FROM ' . $wpdb->prefix . 'formmaker_submits WHERE '.$where.' AND element_label="'.$join_where[$key]['label'].'" AND  element_value LIKE "%'.$join_where[$key]['search'].'%" ) as t'.$key.' ON t'.$key.'.group_id'.$key.'=t.group_id ';

    219. 

  219.           }

    220. 

  220.           break;

    221. 

  221. 			}

    222. 

  222. 			

    223. 

  223. 			$pos = strpos($join, 'SELECT t.group_id');		

    224. 

  224. 			if ($pos === false) 

    225. 

  225. 				$query = str_replace(array('SELECT group_id','SELECT distinct group_id'), array('SELECT count(distinct group_id)','SELECT count(distinct group_id)'),  $join);

    226. 

  226. 			else

    227. 

  227. 				$query = str_replace('SELECT t.group_id', 'SELECT count(t.group_id)',  $join);

    228. 

  228. 			$total = $wpdb->get_var($query);

    229. 

  229. 			

    230. 

  230. 			$query = $join.' '.$orderby . ($pagination ? ' limit ' . $limit . ', 20 ' : '') . ' ';

    231. 

  231. 			

    232. 

  232. 			$rows_ord = $wpdb->get_col($query);

    233. 

  233. 			

    234. 

  234. 			$where2 = array();

    235. 

  235. 				$where2 [] ="group_id='0'";			

    236. 

  236. 			foreach($rows_ord as $rows_ordd) {

    237. 

  237. 				$where2 [] ="group_id='".esc_sql($rows_ordd)."'";

    238. 

  238. 			}

    239. 

  239. 			$where2 = ( count( $where2 ) ? ' WHERE ' . implode( ' OR ', $where2 ).'' : '' );

    240. 

  240. 			$query = "SELECT * FROM " . $wpdb->prefix . "formmaker_submits ".$where2.'';

    241. 

  241. 

    242. 

  242. 			$rows = $wpdb->get_results($query);

    243. 

  243. 			

    244. 

  244. 			if($join_count) {

    245. 

  245. 				$total_sort = $wpdb->get_var($join_count);

    246. 

  246. 				if($total_sort != $total_entries)

    247. 

  247. 					$join_count = $total_sort;

    248. 

  248. 				else

    249. 

  249. 					$join_count = '';

    250. 

  250. 			}

    251. 

  251. 		}

    252. 

  252. 		

    253. 

  253. 		$query = $wpdb->prepare('SELECT views FROM ' . $wpdb->prefix . 'formmaker_views WHERE form_id="%d"', $form_id);    

    254. 

  254. 		$total_views = $wpdb->get_var($query);

    255. 

  255. 

    256. 

  256. 		$pageNav = "";// $pageNav = new JPagination( $total, $limitstart, $limit );	

    257. 

  257. 

    258. 

  258. 		$lists['order_Dir']	= $filter_order_Dir;

    259. 

  259. 		$lists['order']		= $filter_order;

    260. 

  260.     $lists['total'] = $total;

    261. 

  261.     $lists['limit'] = (int) ($limit / 20 + 1);

    262. 

  262. 		return array("rows" => $rows, "lists" => $lists, "pageNav" => $pageNav, "sorted_labels" => $sorted_labels, "label_titles" => $label_titles, "rows_ord" => $rows_ord, "sorted_labels_id" => $sorted_labels_id, "sorted_labels_type" => $sorted_labels_type, "total_entries" => $total_entries, "total_views" => $total_views, "join_count" => $join_count, "form_title" => $form_title, "checked_ids" => $checked_ids, "stats_fields" => $stats_fields);

    263. 

  263. 	}

    264. 

  264.   

    265. 

  265.   function show_stats() {

    266. 

  266. 		global $wpdb;

    267. 

  267. 		$form_id = (isset($_POST['form_id']) ? esc_html(stripslashes($_POST['form_id'])) : 0);

    268. 

  268. 		$id = (isset($_POST['stat_id']) ? esc_html(stripslashes($_POST['stat_id'])) : 0);

    269. 

  269. 		$from = (isset($_POST['from']) ? esc_html(stripslashes($_POST['from'])) : 0);

    270. 

  270. 		$to = (isset($_POST['to']) ? esc_html(stripslashes($_POST['to'])) : 0);

    271. 

  271. 		$where = ' AND form_id=' . $form_id;		

    272. 

  272. 		if($from != '')

    273. 

  273. 			$where .= " AND `date`>='".$from." 00:00:00' ";

    274. 

  274. 		if($to != '')

    275. 

  275. 			$where .= " AND `date`<='".$to." 23:59:59' ";

    276. 

  276. 		$query = "SELECT element_value FROM " . $wpdb->prefix . "formmaker_submits WHERE element_label='" . $id . "'" . $where;

    277. 

  277. 		$choices = $wpdb->get_col($query);

    278. 

  278. 		return $choices;

    279. 

  279. 	}

    280. 

  280.   

    281. 

  281.   function paypal_info($id) {

    282. 

  282.     global $wpdb;

    283. 

  283. 		$query = $wpdb->prepare("SELECT * FROM " . $wpdb->prefix . "formmaker_sessions where group_id='%d'", $id);    

    284. 

  284. 		return $wpdb->get_row($query);

    285. 

  285.   }

    286. 

  286. 

    287. 

  287.   ////////////////////////////////////////////////////////////////////////////////////////

    288. 

  288.   // Getters & Setters                                                                  //

    289. 

  289.   ////////////////////////////////////////////////////////////////////////////////////////

    290. 

  290.   ////////////////////////////////////////////////////////////////////////////////////////

    291. 

  291.   // Private Methods                                                                    //

    292. 

  292.   ////////////////////////////////////////////////////////////////////////////////////////

    293. 

  293.   ////////////////////////////////////////////////////////////////////////////////////////

    294. 

  294.   // Listeners                                                                          //

    295. 

  295.   ////////////////////////////////////////////////////////////////////////////////////////

    296. 

  296. }
    297.