/components/com_rsform/controller/functions.php
PHP | 1718 lines | 1376 code | 232 blank | 110 comment | 159 complexity | bbda25cac03d4b32ef7903230cb761bd MD5 | raw file
Possible License(s): LGPL-2.1, GPL-2.0, AGPL-3.0, Apache-2.0, BSD-3-Clause, GPL-3.0
Large files files are truncated, but you can click here to view the full file
- <?php
- /**
- * @version 1.2.0
- * @package RSform!Pro 1.2.0
- * @copyright (C) 2007-2009 www.rsjoomla.com
- * @license Commercial License, http://www.rsjoomla.com/terms-and-conditions.html
- */
- if(!defined('_RSFORM_REVISION'))
- DEFINE('_RSFORM_REVISION','22');
-
- function RSgetValidationRules()
- {
- $RSadapter=$GLOBALS['RSadapter'];
-
- $pattern = '#function (.*?)\(#i';
- $file = file_get_contents(_RSFORM_FRONTEND_ABS_PATH.'/controller/validation.php');
- preg_match_all($pattern,$file,$matches);
-
- $results = isset($matches[1]) ? $matches[1] : array();
- foreach ($results as $i => $result)
- $results[$i] = trim($result);
-
- return implode("\n",$results);
- }
-
- function RSisCode($value)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- if (preg_match('/<code>/',$value))
- return eval($value);
- else
- return $value;
- }
-
- function RSisXMLCode($value)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- if(preg_match('/{RSadapter}/',$value))
- return ($RSadapter->$value);
- else return $value;
- }
-
- function RSinitForm($formId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $formId = intval($formId);
- $rez=mysql_query("SELECT `ComponentId`,`Order`,`ComponentTypeId`,`Published` FROM $RSadapter->tbl_rsform_components WHERE FormId=$formId ORDER BY `Order`");
- $i = 1;
- $j = 0;
- $returnVal='';
- while($r=mysql_fetch_assoc($rez))
- {
- $j = ($j) ? 0 : 1;
- $returnVal.='<tr class="row'.$j.'" style="height: auto">';
- $returnVal.='<td><input type="hidden" name="previewComponentId" value="'.$r['ComponentId'].'"/></td>';
- $returnVal.=RSshowSelectComponent($r['ComponentId']);
- $returnVal.=RSshowComponentName($r['ComponentId']);
- $returnVal.=RSpreviewComponent($formId,$r['ComponentId']);
- $returnVal.=RSshowEditComponentButton($r['ComponentTypeId'],$r['ComponentId']);
- $returnVal.=RSshowRemoveComponentButton($formId,$r['ComponentId']);
- $returnVal.=RSshowComponentOrdering($formId,$r['ComponentId'],$r['Order'],$i);
- $returnVal.=RSshowMoveUpComponent($formId,$r['ComponentId']);
- $returnVal.=RSshowMoveDownComponent($formId,$r['ComponentId']);
- $returnVal.=RSshowChangeStatusComponentButton($formId,$r['ComponentId'],$r['Published']);
- $returnVal.='</tr>';
- $i++;
- }
- echo $returnVal;
- }
-
- function RSshowSelectComponent($componentId)
- {
- return '<td><input type="checkbox" name="checks[]" value="'.$componentId.'"/></td>';
- }
-
- function RSshowComponentName($componentId)
- {
- $data=array();
- $data=RSgetComponentProperties($componentId);
- return '<td>'.$data['NAME'].'</td>';
- }
-
- function RSgetComponentProperties($componentId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $componentId = intval($componentId);
- $rez = mysql_query("SELECT PropertyName, PropertyValue FROM `$RSadapter->tbl_rsform_properties` WHERE ComponentId=$componentId");
- $data=array();
- while($r=mysql_fetch_assoc($rez))
- $data[$r['PropertyName']]=$r['PropertyValue'];
-
- $data['componentId'] = $componentId;
- return $data;
- }
-
- function RSpreviewComponent($formId,$componentId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $formId = intval($formId);
- $componentId = intval($componentId);
-
- $q="select
- $RSadapter->tbl_rsform_component_types.ComponentTypeName,
- $RSadapter->tbl_rsform_properties.PropertyName,
- $RSadapter->tbl_rsform_properties.PropertyValue
-
- from $RSadapter->tbl_rsform_components
- left join $RSadapter->tbl_rsform_forms on $RSadapter->tbl_rsform_components.FormId=$RSadapter->tbl_rsform_forms.FormId
- left join $RSadapter->tbl_rsform_component_types on $RSadapter->tbl_rsform_components.ComponentTypeId=$RSadapter->tbl_rsform_component_types.ComponentTypeId
- left join $RSadapter->tbl_rsform_properties on $RSadapter->tbl_rsform_components.ComponentId=$RSadapter->tbl_rsform_components.ComponentId
-
- where $RSadapter->tbl_rsform_forms.FormId=$formId and $RSadapter->tbl_rsform_components.ComponentId=$componentId";
- $r = mysql_fetch_assoc(mysql_query($q));
- $out='';
- switch($r['ComponentTypeName'])
- {
- case 'textBox':
- {
- $data = RSgetComponentProperties($componentId);
- $defaultValue = RSisCode($data['DEFAULTVALUE']);
-
- $out.='<td>'.$data['CAPTION'].'</td>';
- $out.='<td><input type="text" value="'.$defaultValue.'" size="'.$data['SIZE'].'"/></td>';
- }
- break;
-
- case 'textArea':
- {
- $data = RSgetComponentProperties($componentId);
- $defaultValue = RSisCode($data['DEFAULTVALUE']);
-
- $out.='<td>'.$data['CAPTION'].'</td>';
- $out.='<td><textarea cols="'.$data['COLS'].'" rows="'.$data['ROWS'].'">'.$defaultValue.'</textarea></td>';
- }
- break;
-
- case 'selectList':
- {
- $data=RSgetComponentProperties($componentId);
-
- $out.='<td>'.$data['CAPTION'].'</td>';
- $out.='<td><select '.($data['MULTIPLE']=='YES' ? 'multiple="multiple"' : '').' size="'.$data['SIZE'].'">';
-
- $aux = RSisCode($data['ITEMS']);
-
- $aux = str_replace("\r",'',$aux);
- $items = explode("\n",$aux);
-
- foreach($items as $item)
- {
- $buf=explode("|",$item);
- if(count($buf)==1)
- {
- if(preg_match('/\[c\]/',$buf[0]))
- $out.='<option selected="selected">'.str_replace('[c]','',$buf[0]).'</option>';
- else
- $out.='<option value="'.$buf[0].'">'.$buf[0].'</option>';
- }
- if(count($buf)==2)
- {
- if(preg_match('/\[c\]/',$buf[1]))
- $out.='<option selected="selected" value="'.$buf[0].'">'.str_replace('[c]','',$buf[1]).'</option>';
- else
- $out.='<option value="'.$buf[0].'">'.$buf[1].'</option>';
- }
- }
- $out.='</select></td>';
- }
- break;
-
- case 'checkboxGroup':
- {
- $i=0;
- $data=RSgetComponentProperties($componentId);
-
- $out.='<td>'.$data['CAPTION'].'</td>';
-
- $aux = RSisCode($data['ITEMS']);
- $aux=str_replace("\r",'',$aux);
- $items=explode("\n",$aux);
-
- $out.='<td>';
- foreach($items as $item)
- {
- $buf=explode("|",$item);
- if(count($buf)==1)
- {
- if(preg_match('/\[c\]/',$buf[0]))
- {
- $v=str_replace('[c]','',$buf[0]);
- $out.='<input checked="checked" type="checkbox" value="'.$v.'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$v.'</label>';
- }
- else
- $out.='<input type="checkbox" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$buf[0].'</label>';
- }
- if(count($buf)==2)
- {
- if(preg_match('/\[c\]/',$buf[1]))
- {
- $v=str_replace('[c]','',$buf[1]);
- $out.='<input checked="checked" type="checkbox" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$v.'</label>';
- }
- else
- $out.='<input type="checkbox" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$buf[1].'</label>';
-
- }
- if($data['FLOW']=='VERTICAL') $out.='<br/>';
- $i++;
- }
- $out.='</td>';
-
- }
- break;
-
- case 'radioGroup':
- {
- $i=0;
- $data=RSgetComponentProperties($componentId);
-
- $out.='<td>'.$data['CAPTION'].'</td>';
-
- $aux = RSisCode($data['ITEMS']);
- $aux=str_replace("\r",'',$aux);
- $items=explode("\n",$aux);
-
- $out.='<td>';
- foreach($items as $item)
- {
- $buf=explode("|",$item);
- if(count($buf)==1)
- {
- if(preg_match('/\[c\]/',$buf[0]))
- {
- $v=str_replace('[c]','',$buf[0]);
- $out.='<input checked="checked" type="radio" value="'.$v.'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$v.'</label>';
- }
- else
- $out.='<input type="radio" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$buf[0].'</label>';
- }
- if(count($buf)==2)
- {
- if(preg_match('/\[c\]/',$buf[1]))
- {
- $v=str_replace('[c]','',$buf[1]);
- $out.='<input checked="checked" type="radio" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$v.'</label>';
- }
- else
- $out.='<input type="radio" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$buf[1].'</label>';
-
- }
- if($data['FLOW']=='VERTICAL') $out.='<br/>';
- $i++;
- }
- $out.='</td>';
-
- }
- break;
-
- case 'calendar':
- {
- $data=RSgetComponentProperties($componentId);
- $out.='<td>'.$data['CAPTION'].'</td>';
- $out.='<td><img src="'.$RSadapter->config['live_site'].'/administrator/components/com_rsform/images/icons/calendar.gif" /> '.constant('_RSFORM_BACKEND_COMP_FVALUE_'.$data['CALENDARLAYOUT']).'</td>';
- }
- break;
-
- case 'button':
- {
- $data=RSgetComponentProperties($componentId);
- $out.='<td>'.$data['CAPTION'].'</td>';
- $out.='<td><input type="button" value="'.$data['LABEL'].'"/>';
- if ($data['RESET']=='YES')
- $out.=' <input type="reset" value="'.$data['RESETLABEL'].'"/>';
- $out.='</td>';
- }
- break;
-
- case 'captcha':
- {
- $data=RSgetComponentProperties($componentId);
- $out.='<td>'.$data['CAPTION'].'</td>';
-
- $out.='<td>';
- $out.='<img src="'.str_replace('index.php','index2.php',_RSFORM_FRONTEND_SCRIPT_PATH).'?option=com_rsform&task=captcha&componentId='.$componentId.'" id="captcha'.$componentId.'" alt="'.$data['CAPTION'].'"/>';
- $out.=($data['FLOW']=='HORIZONTAL') ? '':'<br/>';
- $out.='<input type="text" name="form['.$data['NAME'].']" value="" id="captchaTxt'.$componentId.'" '.$data['ADDITIONALATTRIBUTES'].' />';
- $out.=($data['SHOWREFRESH']=='YES') ? '<a href="" onclick="refreshCaptcha('.$componentId.',\''.str_replace('index.php','index2.php',_RSFORM_FRONTEND_SCRIPT_PATH).'?option=com_rsform&task=captcha&componentId='.$componentId.'\');return false;">'.$data['REFRESHTEXT'].'</a>':'';
- $out.='</td>';
- }
- break;
-
- case 'fileUpload':
- {
- $data=RSgetComponentProperties($componentId);
- $out.='<td>'.$data['CAPTION'].'</td>';
- $out.='<td><input type="file" name="'.$data['NAME'].'"/></td>';
- }
- break;
-
- case 'freeText':
- {
- $data=RSgetComponentProperties($componentId);
- $out.='<td> </td>';
- $out.='<td>'.$data['TEXT'].'</td>';
- }
- break;
-
- case 'hidden':
- {
- $data=RSgetComponentProperties($componentId);
- $out.='<td> </td>';
- $out.='<td>{hidden field}</td>';
- }
- break;
-
- case 'imageButton':
- {
- $data = RSgetComponentProperties($componentId);
-
- $out.='<td>'.$data['CAPTION'].'</td>';
- $out.='<td>';
- $out.='<input type="image" src="'.$data['IMAGEBUTTON'].'"/>';
- if($data['RESET']=='YES')
- $out.=' <input type="image" src="'.$data['IMAGERESET'].'"/>';
- $out.='</td>';
- }
- break;
-
- case 'submitButton':
- {
- $data=RSgetComponentProperties($componentId);
-
- $out.='<td>'.$data['CAPTION'].'</td>';
- $out.='<td><input type="button" value="'.$data['LABEL'].'" />';
- if($data['RESET']=='YES')
- $out.=' <input type="reset" value="'.$data['RESETLABEL'].'"/>';
- $out.='</td>';
- }
- break;
-
- case 'password':
- {
- $data = RSgetComponentProperties($componentId);
-
- $out.='<td>'.$data['CAPTION'].'</td>';
- $out.='<td><input type="password" value="'.$data['DEFAULTVALUE'].'" size="'.$data['SIZE'].'"/></td>';
- }
- break;
-
- case 'ticket':
- {
- $data = RSgetComponentProperties($componentId);
-
- $out.='<td> </td>';
- $out.='<td>'.RSgenerateString($data['LENGTH'],$data['CHARACTERS']).'</td>';
- }
- break;
- }
- return $out;
- }
-
- function RSshowEditComponentButton($formId,$componentId)
- {
- return '<td><a href="#" onclick="displayTemplate('."'".$formId."','".$componentId."'".');"><img src="components/com_rsform/images/icons/edit.png" border="0" width="16" height="16" alt="Edit Component" /></a></td>';
- }
- function RSshowRemoveComponentButton($formId,$componentId)
- {
- return '<td><a href="#" onclick="removeComponent('."'".$formId."','".$componentId."'".');"><img src="components/com_rsform/images/icons/remove.png" border="0" width="12" height="12" alt="Remove Component" style="padding-left:20px;" /></a></td>';
- }
- function RSshowChangeStatusComponentButton($formId, $componentId, $published)
- {
- return '<td><a href="#" onclick="changeStatusComponent('."'".$formId."','".$componentId."'".');"><img src="components/com_rsform/images/icons/'.($published ? 'publish':'unpublish').'.png" border="0" width="12" height="12" alt="'.($published ? 'Unpublish' : 'Publish').' Component" style="padding-left:20px;" id="currentStatus'.$componentId.'" /></a></td>';
- }
- function RSshowComponentOrdering($formId,$componentId,$order,$tabIndex)
- {
- return '<td><input type="text" value="'.$order.'" size="2" name="ordering['.$componentId.']" tabindex="'.$tabIndex.'"/></td>';
- }
- function RSshowMoveUpComponent($formId,$componentId)
- {
- return '<td><a href="#" onclick="moveComponentUp('."'".$formId."','".$componentId."'".');"><img src="components/com_rsform/images/icons/uparrow.png" border="0" width="12" height="12" alt="Move Up" /></a></td>';
- }
- function RSshowMoveDownComponent($formId,$componentId)
- {
- return '<td><a href="#" onclick="moveComponentDown('."'".$formId."','".$componentId."'".');"><img src="components/com_rsform/images/icons/downarrow.png" border="0" width="12" height="12" alt="Move Down" /></a></td>';
- }
- function RSgetFormLayout($formId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $formId = intval($formId);
-
- $r = mysql_fetch_assoc(mysql_query("SELECT FormLayoutAutogenerate,FormLayoutName FROM $RSadapter->tbl_rsform_forms WHERE FormId='$formId'"));
- if($r['FormLayoutAutogenerate']==1)
- {
- $layout=@include(_RSFORM_BACKEND_ABS_PATH.'/layouts/'.$r['FormLayoutName'].'.php');
- $layout=preg_replace('/1/','',$layout);
- return $layout;
- }
- else
- {
- $r=mysql_fetch_assoc(mysql_query("SELECT FormLayout FROM $RSadapter->tbl_rsform_forms WHERE FormId=$formId"));
- return $r['FormLayout'];
- }
- }
- function RSresolveComponentName($componentName,$formId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $componentName = RScleanVar($componentName);
- $formId = intval($formId);
-
- $q="select $RSadapter->tbl_rsform_properties.ComponentId
- from $RSadapter->tbl_rsform_properties
- join $RSadapter->tbl_rsform_components on $RSadapter->tbl_rsform_components.ComponentId=$RSadapter->tbl_rsform_properties.ComponentId
- where $RSadapter->tbl_rsform_properties.PropertyValue='$componentName' and $RSadapter->tbl_rsform_properties.PropertyName='NAME' and $RSadapter->tbl_rsform_components.FormId='$formId'";
- return @mysql_result(mysql_query($q),0);
- }
- function RSfrontComponentCaption($componentId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $componentId = intval($componentId);
-
- return @mysql_result(mysql_query("SELECT PropertyValue FROM $RSadapter->tbl_rsform_properties WHERE ComponentId='$componentId' AND PropertyName='CAPTION'"),0);
- }
- function RSfrontComponentDescription($componentId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $componentId = intval($componentId);
-
- return @mysql_result(mysql_query("SELECT PropertyValue FROM $RSadapter->tbl_rsform_properties WHERE ComponentId='$componentId' AND PropertyName='DESCRIPTION'"),0);
- }
- function RSfrontComponentValidationMessage($componentId,$value='')
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $componentId = intval($componentId);
-
- $msg = @mysql_result(mysql_query("SELECT PropertyValue FROM $RSadapter->tbl_rsform_properties WHERE ComponentId='$componentId' AND PropertyName='VALIDATIONMESSAGE'"),0);
-
- if(!empty($value) && in_array($componentId,$value,false)==true)
- return '<span id="component'.$componentId.'" class="formError">'.$msg.'</span>';
- else
- return '<span id="component'.$componentId.'" class="formNoError">'.$msg.'</span>';
- }
- function RSfrontLayout($formId, $formLayout)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $formId = intval($formId);
- //get form title
- $formTitle = @mysql_result(mysql_query("SELECT FormTitle FROM $RSadapter->tbl_rsform_forms WHERE FormId='$formId'"),0);
- $result = str_replace('{global:formtitle}',$formTitle, $formLayout);
-
- return $result;
- }
- function RSfrontComponentBody($formId,$componentId,$value='')
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $formId = intval($formId);
- $componentId = intval($componentId);
-
- if(is_array($value))
- foreach($value as $key=>$vl)
- {
- if(is_array($vl) && !empty($vl))
- foreach($vl as $k_vl=>$v_vl)
- $value[$key][$k_vl] = RSstripVar($value[$key][$k_vl]);
- else
- $value[$key] = RSstripVar($value[$key]);
- }
-
- $q="
- select
-
- $RSadapter->tbl_rsform_properties.PropertyName,
- $RSadapter->tbl_rsform_properties.PropertyValue,
- $RSadapter->tbl_rsform_components.ComponentTypeId,
- $RSadapter->tbl_rsform_components.Order
-
- from $RSadapter->tbl_rsform_components
-
- left join $RSadapter->tbl_rsform_properties on $RSadapter->tbl_rsform_properties.ComponentId=$RSadapter->tbl_rsform_components.ComponentId
-
- where $RSadapter->tbl_rsform_components.FormId=$formId and $RSadapter->tbl_rsform_components.ComponentId=$componentId
- ";
-
- $r=mysql_fetch_assoc(mysql_query($q));
- $out='';
-
- $data = RSgetComponentProperties($componentId);
- switch(RSresolveComponentTypeId($r['ComponentTypeId']))
- {
- case 'textBox':
- {
- $defaultValue = RSisCode($data['DEFAULTVALUE']);
- $out .= '<input type="text" value="'.(!empty($value) ? RSshowVar($value[$data['NAME']]) : $defaultValue).'" size="'.$data['SIZE'].'" '.($data['MAXSIZE'] > 0 ? 'maxlength="'.$data['MAXSIZE'].'"' : '').' name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].'/>';
- }
- break;
-
- case 'textArea':
- {
- $defaultValue = RSisCode($data['DEFAULTVALUE']);
- if ($data['WYSIWYG'] == 'YES')
- $out .= $RSadapter->WYSIWYG('form['.$data['NAME'].']', (!empty($value) ? RSshowVar($value[$data['NAME']]) : $defaultValue), 'id['.$data['NAME'].']', $data['COLS']*10, $data['ROWS']*10, $data['COLS'], $data['ROWS']);
- else
- $out .= '<textarea cols="'.$data['COLS'].'" rows="'.$data['ROWS'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].'>'.(!empty($value) ? RSshowVar($value[$data['NAME']]) : $defaultValue).'</textarea>';
- }
- break;
-
- case 'selectList':
- {
- $out .= '<select '.($data['MULTIPLE']=='YES' ? 'multiple="multiple"' : '').' name="form['.$data['NAME'].'][]" '.($data['SIZE'] > 0 ? 'size="'.$data['SIZE'].'"' : '').' id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' >';
- $aux = RSisCode($data['ITEMS']);
- $aux = str_replace("\r","",$aux);
- $items = explode("\n",$aux);
- foreach($items as $item)
- {
- $buf = explode('|',$item);
-
- $option_value = $buf[0];
- $option_value_trimmed = str_replace('[c]','',$option_value);
- $option_shown = count($buf) == 1 ? $buf[0] : $buf[1];
- $option_shown_trimmed = str_replace('[c]','',$option_shown);
-
- $option_checked = false;
- if (empty($value) && preg_match('/\[c\]/',$option_shown))
- $option_checked = true;
- if (!empty($value[$data['NAME']]) && array_search($option_value_trimmed,$value[$data['NAME']]) !== false)
- $option_checked = true;
-
- $out .= '<option '.($option_checked ? 'selected="selected"' : '').' value="'.$option_value_trimmed.'">'.$option_shown_trimmed.'</option>';
- }
- $out .= '</select>';
- }
- break;
-
- case 'checkboxGroup':
- {
- $i=0;
- $aux = RSisCode($data['ITEMS']);
- $aux = str_replace("\r","",$aux);
- $items = explode("\n",$aux);
- foreach($items as $item)
- {
- $buf = explode('|',$item);
-
- $option_value = $buf[0];
- $option_value_trimmed = str_replace('[c]','',$option_value);
- $option_shown = count($buf) == 1 ? $buf[0] : $buf[1];
- $option_shown_trimmed = str_replace('[c]','',$option_shown);
-
- $option_checked = false;
- if (empty($value) && preg_match('/\[c\]/',$option_shown))
- $option_checked = true;
- if (!empty($value[$data['NAME']]) && array_search($option_value_trimmed,$value[$data['NAME']]) !== false)
- $option_checked = true;
-
- $out .= '<input '.($option_checked ? 'checked="checked"' : '').' name="form['.$data['NAME'].'][]" type="checkbox" value="'.$option_value_trimmed.'" id="'.$data['NAME'].$i.'" '.$data['ADDITIONALATTRIBUTES'].' /><label for="'.$data['NAME'].$i.'">'.$option_shown_trimmed.'</label>';
-
- if($data['FLOW']=='VERTICAL') $out.='<br/>';
- $i++;
- }
-
- }
- break;
-
- case 'radioGroup':
- {
- $i=0;
- $aux = RSisCode($data['ITEMS']);
- $aux = str_replace("\r","",$aux);
- $items = explode("\n",$aux);
- foreach($items as $item)
- {
- $buf = explode('|',$item);
-
- $option_value = $buf[0];
- $option_value_trimmed = str_replace('[c]','',$option_value);
- $option_shown = count($buf) == 1 ? $buf[0] : $buf[1];
- $option_shown_trimmed = str_replace('[c]','',$option_shown);
-
- $option_checked = false;
- if (empty($value) && preg_match('/\[c\]/',$option_shown))
- $option_checked = true;
- if (!empty($value[$data['NAME']]) && $value[$data['NAME']] == $option_value_trimmed)
- $option_checked = true;
-
- $out .= '<input '.($option_checked ? 'checked="checked"' : '').' name="form['.$data['NAME'].']" type="radio" value="'.$option_value_trimmed.'" id="'.$data['NAME'].$i.'" '.$data['ADDITIONALATTRIBUTES'].' /><label for="'.$data['NAME'].$i.'">'.$option_shown_trimmed.'</label>';
-
- if($data['FLOW']=='VERTICAL') $out.='<br/>';
- $i++;
- }
-
- }
- break;
-
- case 'calendar':
- {
- $calendars = RScomponentExists($formId, 6);
- $calendars = array_flip($calendars);
- $def_cal_val = (empty($value) ? '':$value[$data['NAME']]);
-
- switch($data['CALENDARLAYOUT'])
- {
- case 'FLAT':
- $out.='<input id="txtcal'.$calendars[$componentId].'" name="form['.$data['NAME'].']" type="text" '.($data['READONLY'] == 'YES' ? 'readonly="readonly"' : '').' class="txtCal" value="'.$def_cal_val.'" '.$data['ADDITIONALATTRIBUTES'].'/><br/>
- <div id="cal'.$calendars[$componentId].'Container" style="z-index:'.(9999-$r['Order']).'"></div>';
- break;
-
- case 'POPUP':
- $out .= '<input id="txtcal'.$calendars[$componentId].'" name="form['.$data['NAME'].']" type="text" '.($data['READONLY'] == 'YES' ? 'readonly="readonly"' : '').' value="'.$def_cal_val.'" '.$data['ADDITIONALATTRIBUTES'].'/>
- <input id="btn'.$calendars[$componentId].'" type="button" value="'.$data['POPUPLABEL'].'" onclick="showHideCalendar(\'cal'.$calendars[$componentId].'Container\');" class="btnCal" '.$data['ADDITIONALATTRIBUTES'].' />
- <div id="cal'.$calendars[$componentId].'Container" style="clear:both;display:none;position:absolute;z-index:'.(9999-$r['Order']).'"></div>';
- break;
- }
-
- }
- break;
-
- case 'button':
- {
- $out .= '<input type="button" value="'.$data['LABEL'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' />';
- if ($data['RESET']=='YES')
- $out .= ' <input type="reset" value="'.$data['RESETLABEL'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' />';
- }
- break;
-
- case 'captcha':
- {
- $out .= '<img src="'.str_replace('index.php','index2.php',_RSFORM_FRONTEND_SCRIPT_PATH).'?option=com_rsform&task=captcha&componentId='.$componentId.'" id="captcha'.$componentId.'" alt="'.$data['CAPTION'].'"/>';
- $out .= ($data['FLOW']=='HORIZONTAL') ? '':'<br/>';
- $out .= '<input type="text" name="form['.$data['NAME'].']" value="" id="captchaTxt'.$componentId.'" '.$data['ADDITIONALATTRIBUTES'].' />';
- $out .= ($data['SHOWREFRESH']=='YES') ? '<a href="javascript:void(0)" onclick="refreshCaptcha('.$componentId.',\''.str_replace('index.php','index2.php',_RSFORM_FRONTEND_SCRIPT_PATH).'?option=com_rsform&task=captcha&componentId='.$componentId.'\');return false;">'.$data['REFRESHTEXT'].'</a>':'';
- }
- break;
-
- case 'fileUpload':
- {
- $out .= '<input type="hidden" name="MAX_FILE_SIZE" value="'.$data['FILESIZE'].'000" />';
- $out .= '<input type="file" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' />';
- }
- break;
-
- case 'freeText':
- {
- $out .= $data['TEXT'];
- }
- break;
-
- case 'hidden':
- {
- $defaultValue = RSisCode($data['DEFAULTVALUE']);
- $out .= '<input type="hidden" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" value="'.$defaultValue.'" '.$data['ADDITIONALATTRIBUTES'].' />';
- }
- break;
-
- case 'imageButton':
- {
- $out .= '<input type="image" src="'.$data['IMAGEBUTTON'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' />';
- if ($data['RESET']=='YES')
- $out .= '<input type="reset" name="" id="reset_'.$data['NAME'].'" style="display: none !important" /> <input onclick="document.getElementById(\'reset_'.$data['NAME'].'\').click();return false;" type="image" src="'.$data['IMAGERESET'].'" name="form['.$data['NAME'].']" '.$data['ADDITIONALATTRIBUTES'].' />';
- }
- break;
-
- case 'submitButton':
- {
- $out .= '<input type="submit" value="'.$data['LABEL'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' />';
- if ($data['RESET']=='YES')
- $out .= ' <input type="reset" value="'.$data['RESETLABEL'].'" name="form['.$data['NAME'].']" '.$data['ADDITIONALATTRIBUTES'].' />';
- }
- break;
-
- case 'password':
- {
- $out .= '<input type="password" value="'.$data['DEFAULTVALUE'].'" size="'.$data['SIZE'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.($data['MAXSIZE'] > 0 ? 'maxlength="'.$data['MAXSIZE'].'"' : '').' '.$data['ADDITIONALATTRIBUTES'].' />';
- }
- break;
-
- case 'ticket':
- {
- $out .= '<input type="hidden" name="form['.$data['NAME'].']" value="'.RSgenerateString($data['LENGTH'],$data['CHARACTERS']).'" '.$data['ADDITIONALATTRIBUTES'].' />';
- }
- break;
- }
- return $out;
- }
-
- function RSshowForm($formId,$val='',$validation='')
- {
- $RSadapter=$GLOBALS['RSadapter'];
- if(!isset($GLOBALS['ismodule'])) $GLOBALS['ismodule'] = 'head';
- $RSadapter->addHeadTag( _RSFORM_FRONTEND_REL_PATH . '/controller/functions.js','js', $GLOBALS['ismodule'] );
- $RSadapter->addHeadTag( _RSFORM_FRONTEND_REL_PATH . '/front.css','css', $GLOBALS['ismodule'] );
- //add the head tags for the calendar
- $calendars = RScomponentExists($formId, 6);//6 is the componentTypeId for calendar
- if(!empty($calendars))
- {
- foreach($calendars as $i=>$calendarComponentId)
- {
- $data = RSgetComponentProperties($calendarComponentId);
- $calendars['CALENDARLAYOUT'][$i] = $data['CALENDARLAYOUT'];
- $calendars['DATEFORMAT'][$i] = $data['DATEFORMAT'];
- if(!empty($_POST))
- {
- if ($_POST['form'][$data['NAME']]!='')
- $calendars['VALUES'][$i] = $_POST['form'][$data['NAME']];// date('m/d/Y',strtotime($_POST['form'][$data['NAME']]));
- else
- $calendars['VALUES'][$i] = '';
- }else
- $calendars['VALUES'][$i] = '';
- }
- $calendarsLayout = "'".implode("','", $calendars['CALENDARLAYOUT'])."'";
- $calendarsFormat = "'".implode("','", $calendars['DATEFORMAT'])."'";
- $calendarsValues = "'".implode("','", $calendars['VALUES'])."'";
- //check if it's a module
- //$RSadapter->addHeadTag( _RSFORM_FRONTEND_REL_PATH . '/calendar/cal.js','js',$GLOBALS['ismodule'] );
- $RSadapter->addHeadTag( _RSFORM_FRONTEND_REL_PATH . "/calendar/calendar.css",'css',$GLOBALS['ismodule'] );
- //$RSadapter->addHeadTag( _RSFORM_FRONTEND_SCRIPT_PATH.'?option=com_rsform&task=showJs','js', $GLOBALS['ismodule'] );
- $calSetup = '';
- }
-
- $formId = intval($formId);
- $r=mysql_fetch_assoc(mysql_query("SELECT FormLayout, ScriptDisplay FROM $RSadapter->tbl_rsform_forms WHERE FormId='$formId' AND `Published`='1'"));
-
- if(!isset($r['FormLayout'])) return 'No formId';
-
- $scriptDisplay = $r['ScriptDisplay'];
- $formLayout = $r['FormLayout'];
-
- $find=array();
- $replace=array();
-
- $q="select
- $RSadapter->tbl_rsform_properties.PropertyValue,
- $RSadapter->tbl_rsform_components.ComponentId
- from $RSadapter->tbl_rsform_properties
- join $RSadapter->tbl_rsform_components on `$RSadapter->tbl_rsform_components`.ComponentId=`$RSadapter->tbl_rsform_properties`.ComponentId
- where $RSadapter->tbl_rsform_components.FormId='$formId' and $RSadapter->tbl_rsform_properties.PropertyName='NAME'
- and $RSadapter->tbl_rsform_components.Published='1'
- ";
-
- $rez=mysql_query($q) or die(mysql_error());
-
- //Caption
- while($r=mysql_fetch_assoc($rez))
- {
- $find[] = '{'.$r['PropertyValue'].':caption}';
- $replace[] = RSfrontComponentCaption(RSresolveComponentName($r['PropertyValue'],$formId));
- }
-
- //Body
- if(mysql_num_rows($rez))
- {
- mysql_data_seek($rez,0);
- while($r=mysql_fetch_assoc($rez))
- {
- $find[] = '{'.$r['PropertyValue'].':body}';
- $replace[] = RSfrontComponentBody($formId,RSresolveComponentName($r['PropertyValue'],$formId),$val);
- }
-
- //Description
- mysql_data_seek($rez,0);
- while($r=mysql_fetch_assoc($rez))
- {
- $find[] = '{'.$r['PropertyValue'].':description}';
- $replace[] = RSfrontComponentDescription(RSresolveComponentName($r['PropertyValue'],$formId));
- }
-
- mysql_data_seek($rez,0);
- //Validation rules hidden
- while($r=mysql_fetch_assoc($rez))
- {
- $find[] = '{'.$r['PropertyValue'].':validation}';
- $replace[] = RSfrontComponentValidationMessage(RSresolveComponentName($r['PropertyValue'],$formId),$validation);
- }
- }
-
- $formLayout = str_replace($find,$replace,$formLayout);
- $formLayout = RSfrontLayout($formId, $formLayout);
- $formLayout.= '<input type="hidden" name="form[formId]" value="'.$formId.'"/>';
- $formLayout = '<form method="post" id="userForm" enctype="multipart/form-data" action="">'.$formLayout.'</form>';
- if(!empty($calendars))
- {
- $formLayout .= '
- <script type="text/javascript" src="'._RSFORM_FRONTEND_REL_PATH.'/calendar/cal.js"></script>
- <script type="text/javascript">'._RSFORM_FRONTEND_CALENDARJS.'</script>
- <script type="text/javascript" defer="defer">rsf_CALENDAR.util.Event.addListener(window, "load", init(Array('.$calendarsLayout.'),Array('.$calendarsFormat.'),Array('.$calendarsValues.')));</script>' ;
- }
-
- eval($scriptDisplay);
- return $formLayout;
- }
-
- function RSshowThankyouMessage($formId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $output = '';
-
- //check return url
- $formId = intval($formId);
- $returnUrl = mysql_result(mysql_query("SELECT ReturnUrl FROM `{$RSadapter->tbl_rsform_forms}` WHERE `formId` = '$formId'"),0);
-
- if(!isset($_SESSION['form'][$formId]['submissionId']))$_SESSION['form'][$formId]['submissionId'] = '';
- $returnUrl = RSprocessField($returnUrl,$_SESSION['form'][$formId]['submissionId']);
-
- if(!empty($returnUrl))
- $goto = "document.location='".$returnUrl."';";
- else
- $goto = 'document.location.reload();';
-
- $output .= base64_decode($_SESSION['form'][$formId]['thankYouMessage']).sprintf(_RSFORM_FRONTEND_THANKYOU_BUTTON,$goto);
- unset($_SESSION['form'][$formId]['thankYouMessage']);
-
- return $output;
- }
-
- function RSprocessForm($formId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $user = $RSadapter->user();
- $formId = intval($formId);
- $_POST['form']['formId'] = intval($_POST['form']['formId']);
- $r=mysql_fetch_assoc(mysql_query("SELECT ScriptProcess, ScriptProcess2 FROM `{$RSadapter->tbl_rsform_forms}` WHERE FormId={$_POST['form']['formId']}"));
-
- $ScriptProcess = $r['ScriptProcess'];
- $ScriptProcess2 = $r['ScriptProcess2'];
-
- $invalid=array();
- $invalid=RSvalidateForm($_POST['form']['formId']);
-
- if(!empty($invalid)) return $invalid;//showForm($formId,$_POST['form'],$invalid);
-
-
- $userEmail=array(
- 'to'=>'',
- 'from'=>'',
- 'fromName'=>'',
- 'text'=>'',
- 'subject'=>'',
- 'files' =>array()
- );
- $adminEmail=array(
- 'to'=>'',
- 'from'=>'',
- 'fromName'=>'',
- 'text'=>'',
- 'subject'=>'',
- 'files'=>array()
- );
-
- eval($ScriptProcess);
-
- if(empty($invalid))
- {
- $db='';
- $dest=array();
- $tmp_name=array();
- $name=array();
- $fieldName=array();
- $user['username'] = RScleanVar($user['username']);
- $user['id'] = intval($user['id']);
- mysql_query("INSERT INTO `{$RSadapter->tbl_rsform_submissions}` (`FormId`, `DateSubmitted`, `UserIp`, `Username`, `UserId`) VALUES ('{$_POST['form']['formId']}',now(),'{$_SERVER['REMOTE_ADDR']}','{$user['username']}','{$user['id']}')") or die(mysql_error());
- $SubmissionId = mysql_insert_id();
- if(isset($_FILES['form']['tmp_name']) && is_array($_FILES['form']['tmp_name']))
- {
- foreach($_FILES['form']['name'] as $key=>$val)
- if(!empty($_FILES['form']['name'][$key]))
- {
- $dest[] = RSgetFileDestination($key,$_POST['form']['formId']);
- $name[] = $val;
- $fieldName[] = $key;
- }
-
- foreach($_FILES['form']['tmp_name'] as $key=>$val)
- if(!empty($_FILES['form']['name'][$key]))
- $tmp_name[] = $val;
-
-
- for($i=0;$i<count($dest);$i++)
- if(isset($tmp_name[$i]))
- {
- $fieldName[$i] = RScleanVar($fieldName[$i]);
-
- $prop = RSgetComponentProperties(RSresolveComponentName($fieldName[$i],$formId));
- $timestamp = uniqid('');
- move_uploaded_file($tmp_name[$i],$dest[$i].$timestamp.'-'.$name[$i]);
- @chmod($dest[$i].$timestamp.'-'.$name[$i],0644);
- $db = $dest[$i].$timestamp.'-'.$name[$i];
- $db = RScleanVar($db);
- if ($prop['ATTACHUSEREMAIL']=='YES')
- $userEmail['files'][] = $db;
- if ($prop['ATTACHADMINEMAIL']=='YES')
- $adminEmail['files'][] = $db;
-
- mysql_query("INSERT INTO `{$RSadapter->tbl_rsform_submission_values}` (`SubmissionId`, `FieldName`, `FieldValue`) VALUES ('{$SubmissionId}','$fieldName[$i]','$db')");
- }
- }
-
- foreach ($_POST['form'] as $key=>$val)
- {
- $val = (is_array($val) ? implode("\n",$val) : $val);
- $key = RScleanVar($key);
- $val = RScleanVar(RSstripjavaVar($val));
- mysql_query("INSERT INTO `{$RSadapter->tbl_rsform_submission_values}` (`SubmissionId`, `FieldName`, `FieldValue`) VALUES ('{$SubmissionId}','".$key."','".$val."')");
- }
-
- if(defined('_RSFORM_PLUGIN_MAPPINGS')) RSmappingsWriteSubmissions($formId, $SubmissionId);
- //die();
-
- $r=mysql_fetch_assoc(mysql_query("SELECT * FROM `{$RSadapter->tbl_rsform_forms}` WHERE FormId={$_POST['form']['formId']}"));
- $userEmail['to']=RSprocessField($r['UserEmailTo'],$SubmissionId);
- $userEmail['cc']=RSprocessField($r['UserEmailCC'],$SubmissionId);
- $userEmail['bcc']=RSprocessField($r['UserEmailBCC'],$SubmissionId);
- $userEmail['subject']=RSprocessField($r['UserEmailSubject'],$SubmissionId);
- $userEmail['from']=RSprocessField($r['UserEmailFrom'],$SubmissionId);
- $userEmail['replyto']=RSprocessField($r['UserEmailReplyTo'],$SubmissionId);
- $userEmail['fromName']=RSprocessField($r['UserEmailFromName'],$SubmissionId);
- $userEmail['text']=RSprocessField($r['UserEmailText'],$SubmissionId);
- $userEmail['mode']=$r['UserEmailMode'];
-
- $adminEmail['to']=RSprocessField($r['AdminEmailTo'],$SubmissionId);
- $adminEmail['cc']=RSprocessField($r['AdminEmailCC'],$SubmissionId);
- $adminEmail['bcc']=RSprocessField($r['AdminEmailBCC'],$SubmissionId);
- $adminEmail['subject']=RSprocessField($r['AdminEmailSubject'],$SubmissionId);
- $adminEmail['from']=RSprocessField($r['AdminEmailFrom'],$SubmissionId);
- $adminEmail['replyto']=RSprocessField($r['AdminEmailReplyTo'],$SubmissionId);
- $adminEmail['fromName']=RSprocessField($r['AdminEmailFromName'],$SubmissionId);
- $adminEmail['text']=RSprocessField($r['AdminEmailText'],$SubmissionId);
- $adminEmail['mode']=$r['AdminEmailMode'];
-
- //mail users
- $recipients = explode(',',$userEmail['to']);
-
- if ($r['UserEmailAttach'] && file_exists($r['UserEmailAttachFile']))
- $userEmail['files'][] = $r['UserEmailAttachFile'];
-
- if(!empty($recipients))
- foreach($recipients as $recipient)
- if(!empty($recipient))
- $RSadapter->mail($userEmail['from'], $userEmail['fromName'], $recipient, $userEmail['subject'], $userEmail['text'], $userEmail['mode'], !empty($userEmail['cc']) ? $userEmail['cc'] : null, !empty($userEmail['bcc']) ? $userEmail['bcc'] : null, $userEmail['files'], !empty($userEmail['replyto']) ? $userEmail['replyto'] : '');
-
- //mail admins
- $recipients = explode(',',$adminEmail['to']);
- if(!empty($recipients))
- foreach($recipients as $recipient)
- if(!empty($recipient))
- $RSadapter->mail($adminEmail['from'], $adminEmail['fromName'], $recipient, $adminEmail['subject'], $adminEmail['text'], $adminEmail['mode'], !empty($adminEmail['cc']) ? $adminEmail['cc'] : null, !empty($adminEmail['bcc']) ? $adminEmail['bcc'] : null, $adminEmail['files'], !empty($adminEmail['replyto']) ? $adminEmail['replyto'] : '');
-
- $thankYouMessage = RSprocessField($r['Thankyou'],$SubmissionId);
-
- eval($ScriptProcess2);
-
- // SESSION quick hack - we base64 encode it here and decode it when we show it
- $_SESSION['form'][$formId]['thankYouMessage'] = base64_encode($thankYouMessage);
- $_SESSION['form'][$formId]['submissionId'] = $SubmissionId;
-
- $RSadapter->redirect($_SERVER['REQUEST_URI']);
-
- }
-
- return false;
- }
-
- function RSgetSubmissionValue($SubmissionId, $ComponentId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $data = RSgetComponentProperties($ComponentId);
-
- $FieldValue = @mysql_result(mysql_query("SELECT FieldValue FROM `".$RSadapter->tbl_rsform_submission_values."` WHERE FieldName = '".$data['NAME']."' AND SubmissionId = '".$SubmissionId."'"),0);
-
- return $FieldValue;
- }
-
- function RScleanVar($string,$html=false)
- {
- $string = $html ? htmlentities($string,ENT_COMPAT,'UTF-8') : $string;
- $string = get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string);
- return $string;
- }
-
- function RSshowVar($string)
- {
- return htmlspecialchars($string);
- }
-
- function RSstripVar($string)
- {
- $string = get_magic_quotes_gpc() ? stripslashes($string) : $string;
- return $string;
- }
-
- function RSstripjavaVar($val)
- {
- // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
- // this prevents some character re-spacing such as <java\0script>
- // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
- $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);
-
- // straight replacements, the user should never need these since they're normal characters
- // this prevents like <IMG SRC=@avascript:alert('XSS')>
- $search = 'abcdefghijklmnopqrstuvwxyz';
- $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
- $search .= '1234567890!@#$%^&*()';
- $search .= '~`";:?+/={}[]-_|\'\\';
- for ($i = 0; $i < strlen($search); $i++) {
- // ;? matches the ;, which is optional
- // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
-
- // @ @ search for the hex values
- $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
- // @ @ 0{0,7} matches '0' zero to seven times
- $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
- }
-
- // now the only remaining whitespace attacks are \t, \n, and \r
- $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
- $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
- $ra = array_merge($ra1, $ra2);
-
- $found = true; // keep replacing as long as the previous round replaced something
- while ($found == true) {
- $val_before = $val;
- for ($i = 0; $i < sizeof($ra); $i++) {
- $pattern = '/';
- for ($j = 0; $j < strlen($ra[$i]); $j++) {
- if ($j > 0) {
- $pattern .= '(';
- $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
- $pattern .= '|(�{0,8}([9][10][13]);?)?';
- $pattern .= ')?';
- }
- $pattern .= $ra[$i][$j];
- }
- $pattern .= '/i';
- $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
- $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
- if ($val_before == $val) {
- // no replacements were made, so exit the loop
- $found = false;
- }
- }
- }
- return $val;
- }
-
- function RSgetValidationRule($componentId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $componentId = intval($componentId);
-
- $q="
- SELECT
- $RSadapter->tbl_rsform_properties.PropertyValue
- FROM $RSadapter->tbl_rsform_properties
- join $RSadapter->tbl_rsform_components on $RSadapter->tbl_rsform_properties.ComponentId=$RSadapter->tbl_rsform_components.ComponentId
- where $RSadapter->tbl_rsform_properties.PropertyName='VALIDATIONRULE' and $RSadapter->tbl_rsform_properties.ComponentId='$componentId';
- ";
- $r = @mysql_result(mysql_query($q),0);
- if(!empty($r)) return $r;
- }
-
- function RSgetRequired($value,$formId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
-
- $formId = intval($formId);
- $componentId=RSresolveComponentName($value,$formId);
- $q="
- SELECT
- $RSadapter->tbl_rsform_properties.PropertyValue
- FROM $RSadapter->tbl_rsform_properties
- join $RSadapter->tbl_rsform_components on $RSadapter->tbl_rsform_properties.ComponentId=$RSadapter->tbl_rsform_components.ComponentId
- where $RSadapter->tbl_rsform_components.FormId='$formId' and $RSadapter->tbl_rsform_properties.PropertyName='REQUIRED' and $RSadapter->tbl_rsform_properties.ComponentId='$componentId';
- ";
- $r = @mysql_result(mysql_query($q),0);
- if(!empty($r)) return $r;
- }
- function RSvalidateForm($formId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $formId = intval($formId);
-
- $invalid=array();
- $rez=mysql_query("SELECT ComponentId FROM $RSadapter->tbl_rsform_components WHERE FormId='$formId' AND Published=1");
- while($r=mysql_fetch_assoc($rez))
- {
- $data=RSgetComponentProperties($r['ComponentId']);
- $required=RSgetRequired($data['NAME'],$formId);
- $validationRule=RSgetValidationRule($r['ComponentId']);
-
- if (RSgetComponentTypeId($r['ComponentId'])==8 && (empty($_POST['form'][$data['NAME']]) || empty($_SESSION['CAPTCHA'.$r['ComponentId']]) || $_POST['form'][$data['NAME']]!=$_SESSION['CAPTCHA'.$r['ComponentId']]))
- $invalid[] = $data['componentId'];
-
- if(RSgetComponentTypeId($r['ComponentId'])==9)
- {
- // File has been *sent* to the server
- if (isset($_FILES['form']['tmp_name'][$data['NAME']]) && $_FILES['form']['error'][$data['NAME']] != 4)
- {
- // File has been uploaded correctly to the server
- if($_FILES['form']['error'][$data['NAME']] == 0)
- {
- // Let's check if the extension is allowed
- $buf = explode('.',$_FILES['form']['name'][$data['NAME']]);
- $m = '#'.$buf[count($buf)-1].'#';
- if (!empty($data['ACCEPTEDFILES']) && !preg_match(strtolower($m),strtolower($data['ACCEPTEDFILES'])))
- $invalid[] = $data['componentId'];
- // Let's check if it's the correct size
- if ($_FILES['form']['size'][$data['NAME']] > 0 && $data['FILESIZE'] > 0 && $_FILES['form']['size'][$data['NAME']] > $data['FILESIZE']*1024)
- $invalid[] = $data['componentId'];
- }
- // File has not been uploaded correctly - next version we'll trigger some messages based on the error code
- else
- $invalid[] = $data['componentId'];
- }
- // File has not been sent but it's required
- elseif($data['REQUIRED']=='YES')
- $invalid[] = $data['componentId'];
-
- continue;
- }
-
- if ($required == 'YES')
- {
- if(!isset($_POST['form'][$data['NAME']]))
- {
- $invalid[] = $data['componentId'];
- continue;
- }
- if (!is_array($_POST['form'][$data['NAME']]) && strlen(trim($_POST['form'][$data['NAME']])) == 0)
- {
- $invalid[] = $data['componentId'];
- continue;
- }
- if (!is_array($_POST['form'][$data['NAME']]) && strlen(trim($_POST['form'][$data['NAME']])) > 0 && is_callable($validationRule) && call_user_func($validationRule,$_POST['form'][$data['NAME']]) == false)
- {
- $invalid[] = $data['componentId'];
- continue;
- }
- if (is_array($_POST['form'][$data['NAME']]))
- {
- $valid=implode('',$_POST['form'][$data['NAME']]);
- if(empty($valid))
- {
- $invalid[] = $data['componentId'];
- continue;
- }
- }
- }
- else
- {
- if (isset($_POST['form'][$data['NAME']]) && !is_array($_POST['form'][$data['NAME']]) && strlen(trim($_POST['form'][$data['NAME']])) > 0 && is_callable($validationRule) && call_user_func($validationRule,$_POST['form'][$data['NAME']]) == false)
- {
- $invalid[] = $data['componentId'];
- continue;
- }
- }
- }
- return $invalid;
- }
-
- function RSgetComponentTypeId($componentId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $componentId = intval($componentId);
-
- return @mysql_result(mysql_query("SELECT ComponentTypeId FROM $RSadapter->tbl_rsform_components WHERE ComponentId='$componentId'"),0);
- }
- function RSresolveComponentTypeId($componentTypeId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $componentTypeId = intval($componentTypeId);
-
- return @mysql_result(mysql_query("SELECT ComponentTypeName FROM $RSadapter->tbl_rsform_component_types WHERE ComponentTypeId='$componentTypeId'"),0);
- }
- function RSgetComponentTypeIdByName($componentName,$formId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $componentName = mysql_real_escape_string($componentName);
- $q="
- select $RSadapter->tbl_rsform_components.ComponentTypeId
- from $RSadapter->tbl_rsform_components
- left join $RSadapter->tbl_rsform_properties on $RSadapter->tbl_rsform_properties.ComponentId=$RSadapter->tbl_rsform_components.ComponentId
- where $RSadapter->tbl_rsform_properties.PropertyName='NAME' and $RSadapter->tbl_rsform_properties.PropertyValue='$componentName' and $RSadapter->tbl_rsform_components.FormId='$formId';
- ";
- return @mysql_result(mysql_query($q),0);
- }
-
- function RSgetFileDestination($componentName,$formId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $componentId=RSresolveComponentName($componentName,$formId);
-
- return @mysql_result(mysql_query("SELECT PropertyValue FROM $RSadapter->tbl_rsform_properties WHERE PropertyName='DESTINATION' AND ComponentId='$componentId'"),0);
- }
- function RScomponentExists($formId,$componentTypeId)
- {
- $RSadapter=$GLOBALS['RSadapter'];
- $formId = intval($formId);
- $componentTypeId = intval($componentTypeId);
-
- $rez=mysql_query("SELECT ComponentId FROM $RSadapter->tbl_rsform_components WHERE ComponentTypeId='$componentTypeId' AND FormId='$formId' AND Published='1'");
- $output=array();
- while($r=mysql_fetch_assoc($rez))
- $output[] = $r['ComponentId'];
-
- return $output;
- }
-
- function RSgenerateString($length, $characters, $type='Random')
- {
- if($type == 'Random')
- {
- switch($characters)
- {
- case 'ALPHANUMERIC':
- default:
- $possible = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
- break;
- case 'ALPHA':
- $possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
- break;
- case 'NUMERIC':
- $possible = "0123456789";
- break;
- }
-
- if($length<1||$length>255) $length = 8;
- $key = "";
- $i = 0;
- while ($i < $length) {
- $key .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
- $i++;
- }
- }
- if($type == 'Sequential')
- {
-
- }
- return $k…
Large files files are truncated, but you can click here to view the full file