PageRenderTime 70ms CodeModel.GetById 28ms RepoModel.GetById 1ms app.codeStats 0ms

/components/com_rsform/controller/functions.php

https://github.com/viollarr/alab
PHP | 1718 lines | 1376 code | 232 blank | 110 comment | 159 complexity | bbda25cac03d4b32ef7903230cb761bd MD5 | raw file
Possible License(s): LGPL-2.1, GPL-2.0, AGPL-3.0, Apache-2.0, BSD-3-Clause, GPL-3.0

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. /**
  3. * @version 1.2.0
  4. * @package RSform!Pro 1.2.0
  5. * @copyright (C) 2007-2009 www.rsjoomla.com
  6. * @license Commercial License, http://www.rsjoomla.com/terms-and-conditions.html
  7. */
  8. if(!defined('_RSFORM_REVISION'))
  9. DEFINE('_RSFORM_REVISION','22');
  10. function RSgetValidationRules()
  11. {
  12. $RSadapter=$GLOBALS['RSadapter'];
  13. $pattern = '#function (.*?)\(#i';
  14. $file = file_get_contents(_RSFORM_FRONTEND_ABS_PATH.'/controller/validation.php');
  15. preg_match_all($pattern,$file,$matches);
  16. $results = isset($matches[1]) ? $matches[1] : array();
  17. foreach ($results as $i => $result)
  18. $results[$i] = trim($result);
  19. return implode("\n",$results);
  20. }
  21. function RSisCode($value)
  22. {
  23. $RSadapter=$GLOBALS['RSadapter'];
  24. if (preg_match('/<code>/',$value))
  25. return eval($value);
  26. else
  27. return $value;
  28. }
  29. function RSisXMLCode($value)
  30. {
  31. $RSadapter=$GLOBALS['RSadapter'];
  32. if(preg_match('/{RSadapter}/',$value))
  33. return ($RSadapter->$value);
  34. else return $value;
  35. }
  36. function RSinitForm($formId)
  37. {
  38. $RSadapter=$GLOBALS['RSadapter'];
  39. $formId = intval($formId);
  40. $rez=mysql_query("SELECT `ComponentId`,`Order`,`ComponentTypeId`,`Published` FROM $RSadapter->tbl_rsform_components WHERE FormId=$formId ORDER BY `Order`");
  41. $i = 1;
  42. $j = 0;
  43. $returnVal='';
  44. while($r=mysql_fetch_assoc($rez))
  45. {
  46. $j = ($j) ? 0 : 1;
  47. $returnVal.='<tr class="row'.$j.'" style="height: auto">';
  48. $returnVal.='<td><input type="hidden" name="previewComponentId" value="'.$r['ComponentId'].'"/></td>';
  49. $returnVal.=RSshowSelectComponent($r['ComponentId']);
  50. $returnVal.=RSshowComponentName($r['ComponentId']);
  51. $returnVal.=RSpreviewComponent($formId,$r['ComponentId']);
  52. $returnVal.=RSshowEditComponentButton($r['ComponentTypeId'],$r['ComponentId']);
  53. $returnVal.=RSshowRemoveComponentButton($formId,$r['ComponentId']);
  54. $returnVal.=RSshowComponentOrdering($formId,$r['ComponentId'],$r['Order'],$i);
  55. $returnVal.=RSshowMoveUpComponent($formId,$r['ComponentId']);
  56. $returnVal.=RSshowMoveDownComponent($formId,$r['ComponentId']);
  57. $returnVal.=RSshowChangeStatusComponentButton($formId,$r['ComponentId'],$r['Published']);
  58. $returnVal.='</tr>';
  59. $i++;
  60. }
  61. echo $returnVal;
  62. }
  63. function RSshowSelectComponent($componentId)
  64. {
  65. return '<td><input type="checkbox" name="checks[]" value="'.$componentId.'"/></td>';
  66. }
  67. function RSshowComponentName($componentId)
  68. {
  69. $data=array();
  70. $data=RSgetComponentProperties($componentId);
  71. return '<td>'.$data['NAME'].'</td>';
  72. }
  73. function RSgetComponentProperties($componentId)
  74. {
  75. $RSadapter=$GLOBALS['RSadapter'];
  76. $componentId = intval($componentId);
  77. $rez = mysql_query("SELECT PropertyName, PropertyValue FROM `$RSadapter->tbl_rsform_properties` WHERE ComponentId=$componentId");
  78. $data=array();
  79. while($r=mysql_fetch_assoc($rez))
  80. $data[$r['PropertyName']]=$r['PropertyValue'];
  81. $data['componentId'] = $componentId;
  82. return $data;
  83. }
  84. function RSpreviewComponent($formId,$componentId)
  85. {
  86. $RSadapter=$GLOBALS['RSadapter'];
  87. $formId = intval($formId);
  88. $componentId = intval($componentId);
  89. $q="select
  90. $RSadapter->tbl_rsform_component_types.ComponentTypeName,
  91. $RSadapter->tbl_rsform_properties.PropertyName,
  92. $RSadapter->tbl_rsform_properties.PropertyValue
  93. from $RSadapter->tbl_rsform_components
  94. left join $RSadapter->tbl_rsform_forms on $RSadapter->tbl_rsform_components.FormId=$RSadapter->tbl_rsform_forms.FormId
  95. left join $RSadapter->tbl_rsform_component_types on $RSadapter->tbl_rsform_components.ComponentTypeId=$RSadapter->tbl_rsform_component_types.ComponentTypeId
  96. left join $RSadapter->tbl_rsform_properties on $RSadapter->tbl_rsform_components.ComponentId=$RSadapter->tbl_rsform_components.ComponentId
  97. where $RSadapter->tbl_rsform_forms.FormId=$formId and $RSadapter->tbl_rsform_components.ComponentId=$componentId";
  98. $r = mysql_fetch_assoc(mysql_query($q));
  99. $out='';
  100. switch($r['ComponentTypeName'])
  101. {
  102. case 'textBox':
  103. {
  104. $data = RSgetComponentProperties($componentId);
  105. $defaultValue = RSisCode($data['DEFAULTVALUE']);
  106. $out.='<td>'.$data['CAPTION'].'</td>';
  107. $out.='<td><input type="text" value="'.$defaultValue.'" size="'.$data['SIZE'].'"/></td>';
  108. }
  109. break;
  110. case 'textArea':
  111. {
  112. $data = RSgetComponentProperties($componentId);
  113. $defaultValue = RSisCode($data['DEFAULTVALUE']);
  114. $out.='<td>'.$data['CAPTION'].'</td>';
  115. $out.='<td><textarea cols="'.$data['COLS'].'" rows="'.$data['ROWS'].'">'.$defaultValue.'</textarea></td>';
  116. }
  117. break;
  118. case 'selectList':
  119. {
  120. $data=RSgetComponentProperties($componentId);
  121. $out.='<td>'.$data['CAPTION'].'</td>';
  122. $out.='<td><select '.($data['MULTIPLE']=='YES' ? 'multiple="multiple"' : '').' size="'.$data['SIZE'].'">';
  123. $aux = RSisCode($data['ITEMS']);
  124. $aux = str_replace("\r",'',$aux);
  125. $items = explode("\n",$aux);
  126. foreach($items as $item)
  127. {
  128. $buf=explode("|",$item);
  129. if(count($buf)==1)
  130. {
  131. if(preg_match('/\[c\]/',$buf[0]))
  132. $out.='<option selected="selected">'.str_replace('[c]','',$buf[0]).'</option>';
  133. else
  134. $out.='<option value="'.$buf[0].'">'.$buf[0].'</option>';
  135. }
  136. if(count($buf)==2)
  137. {
  138. if(preg_match('/\[c\]/',$buf[1]))
  139. $out.='<option selected="selected" value="'.$buf[0].'">'.str_replace('[c]','',$buf[1]).'</option>';
  140. else
  141. $out.='<option value="'.$buf[0].'">'.$buf[1].'</option>';
  142. }
  143. }
  144. $out.='</select></td>';
  145. }
  146. break;
  147. case 'checkboxGroup':
  148. {
  149. $i=0;
  150. $data=RSgetComponentProperties($componentId);
  151. $out.='<td>'.$data['CAPTION'].'</td>';
  152. $aux = RSisCode($data['ITEMS']);
  153. $aux=str_replace("\r",'',$aux);
  154. $items=explode("\n",$aux);
  155. $out.='<td>';
  156. foreach($items as $item)
  157. {
  158. $buf=explode("|",$item);
  159. if(count($buf)==1)
  160. {
  161. if(preg_match('/\[c\]/',$buf[0]))
  162. {
  163. $v=str_replace('[c]','',$buf[0]);
  164. $out.='<input checked="checked" type="checkbox" value="'.$v.'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$v.'</label>';
  165. }
  166. else
  167. $out.='<input type="checkbox" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$buf[0].'</label>';
  168. }
  169. if(count($buf)==2)
  170. {
  171. if(preg_match('/\[c\]/',$buf[1]))
  172. {
  173. $v=str_replace('[c]','',$buf[1]);
  174. $out.='<input checked="checked" type="checkbox" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$v.'</label>';
  175. }
  176. else
  177. $out.='<input type="checkbox" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$buf[1].'</label>';
  178. }
  179. if($data['FLOW']=='VERTICAL') $out.='<br/>';
  180. $i++;
  181. }
  182. $out.='</td>';
  183. }
  184. break;
  185. case 'radioGroup':
  186. {
  187. $i=0;
  188. $data=RSgetComponentProperties($componentId);
  189. $out.='<td>'.$data['CAPTION'].'</td>';
  190. $aux = RSisCode($data['ITEMS']);
  191. $aux=str_replace("\r",'',$aux);
  192. $items=explode("\n",$aux);
  193. $out.='<td>';
  194. foreach($items as $item)
  195. {
  196. $buf=explode("|",$item);
  197. if(count($buf)==1)
  198. {
  199. if(preg_match('/\[c\]/',$buf[0]))
  200. {
  201. $v=str_replace('[c]','',$buf[0]);
  202. $out.='<input checked="checked" type="radio" value="'.$v.'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$v.'</label>';
  203. }
  204. else
  205. $out.='<input type="radio" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$buf[0].'</label>';
  206. }
  207. if(count($buf)==2)
  208. {
  209. if(preg_match('/\[c\]/',$buf[1]))
  210. {
  211. $v=str_replace('[c]','',$buf[1]);
  212. $out.='<input checked="checked" type="radio" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$v.'</label>';
  213. }
  214. else
  215. $out.='<input type="radio" value="'.$buf[0].'" name="'.$data['NAME'].'" id="'.$data['NAME'].$i.'"/><label for="'.$data['NAME'].$i.'">'.$buf[1].'</label>';
  216. }
  217. if($data['FLOW']=='VERTICAL') $out.='<br/>';
  218. $i++;
  219. }
  220. $out.='</td>';
  221. }
  222. break;
  223. case 'calendar':
  224. {
  225. $data=RSgetComponentProperties($componentId);
  226. $out.='<td>'.$data['CAPTION'].'</td>';
  227. $out.='<td><img src="'.$RSadapter->config['live_site'].'/administrator/components/com_rsform/images/icons/calendar.gif" /> '.constant('_RSFORM_BACKEND_COMP_FVALUE_'.$data['CALENDARLAYOUT']).'</td>';
  228. }
  229. break;
  230. case 'button':
  231. {
  232. $data=RSgetComponentProperties($componentId);
  233. $out.='<td>'.$data['CAPTION'].'</td>';
  234. $out.='<td><input type="button" value="'.$data['LABEL'].'"/>';
  235. if ($data['RESET']=='YES')
  236. $out.='&nbsp;&nbsp;<input type="reset" value="'.$data['RESETLABEL'].'"/>';
  237. $out.='</td>';
  238. }
  239. break;
  240. case 'captcha':
  241. {
  242. $data=RSgetComponentProperties($componentId);
  243. $out.='<td>'.$data['CAPTION'].'</td>';
  244. $out.='<td>';
  245. $out.='<img src="'.str_replace('index.php','index2.php',_RSFORM_FRONTEND_SCRIPT_PATH).'?option=com_rsform&amp;task=captcha&amp;componentId='.$componentId.'" id="captcha'.$componentId.'" alt="'.$data['CAPTION'].'"/>';
  246. $out.=($data['FLOW']=='HORIZONTAL') ? '':'<br/>';
  247. $out.='<input type="text" name="form['.$data['NAME'].']" value="" id="captchaTxt'.$componentId.'" '.$data['ADDITIONALATTRIBUTES'].' />';
  248. $out.=($data['SHOWREFRESH']=='YES') ? '<a href="" onclick="refreshCaptcha('.$componentId.',\''.str_replace('index.php','index2.php',_RSFORM_FRONTEND_SCRIPT_PATH).'?option=com_rsform&amp;task=captcha&amp;componentId='.$componentId.'\');return false;">'.$data['REFRESHTEXT'].'</a>':'';
  249. $out.='</td>';
  250. }
  251. break;
  252. case 'fileUpload':
  253. {
  254. $data=RSgetComponentProperties($componentId);
  255. $out.='<td>'.$data['CAPTION'].'</td>';
  256. $out.='<td><input type="file" name="'.$data['NAME'].'"/></td>';
  257. }
  258. break;
  259. case 'freeText':
  260. {
  261. $data=RSgetComponentProperties($componentId);
  262. $out.='<td>&nbsp;</td>';
  263. $out.='<td>'.$data['TEXT'].'</td>';
  264. }
  265. break;
  266. case 'hidden':
  267. {
  268. $data=RSgetComponentProperties($componentId);
  269. $out.='<td>&nbsp;</td>';
  270. $out.='<td>{hidden field}</td>';
  271. }
  272. break;
  273. case 'imageButton':
  274. {
  275. $data = RSgetComponentProperties($componentId);
  276. $out.='<td>'.$data['CAPTION'].'</td>';
  277. $out.='<td>';
  278. $out.='<input type="image" src="'.$data['IMAGEBUTTON'].'"/>';
  279. if($data['RESET']=='YES')
  280. $out.='&nbsp;&nbsp;<input type="image" src="'.$data['IMAGERESET'].'"/>';
  281. $out.='</td>';
  282. }
  283. break;
  284. case 'submitButton':
  285. {
  286. $data=RSgetComponentProperties($componentId);
  287. $out.='<td>'.$data['CAPTION'].'</td>';
  288. $out.='<td><input type="button" value="'.$data['LABEL'].'" />';
  289. if($data['RESET']=='YES')
  290. $out.='&nbsp;&nbsp;<input type="reset" value="'.$data['RESETLABEL'].'"/>';
  291. $out.='</td>';
  292. }
  293. break;
  294. case 'password':
  295. {
  296. $data = RSgetComponentProperties($componentId);
  297. $out.='<td>'.$data['CAPTION'].'</td>';
  298. $out.='<td><input type="password" value="'.$data['DEFAULTVALUE'].'" size="'.$data['SIZE'].'"/></td>';
  299. }
  300. break;
  301. case 'ticket':
  302. {
  303. $data = RSgetComponentProperties($componentId);
  304. $out.='<td>&nbsp;</td>';
  305. $out.='<td>'.RSgenerateString($data['LENGTH'],$data['CHARACTERS']).'</td>';
  306. }
  307. break;
  308. }
  309. return $out;
  310. }
  311. function RSshowEditComponentButton($formId,$componentId)
  312. {
  313. return '<td><a href="#" onclick="displayTemplate('."'".$formId."','".$componentId."'".');"><img src="components/com_rsform/images/icons/edit.png" border="0" width="16" height="16" alt="Edit Component" /></a></td>';
  314. }
  315. function RSshowRemoveComponentButton($formId,$componentId)
  316. {
  317. return '<td><a href="#" onclick="removeComponent('."'".$formId."','".$componentId."'".');"><img src="components/com_rsform/images/icons/remove.png" border="0" width="12" height="12" alt="Remove Component" style="padding-left:20px;" /></a></td>';
  318. }
  319. function RSshowChangeStatusComponentButton($formId, $componentId, $published)
  320. {
  321. return '<td><a href="#" onclick="changeStatusComponent('."'".$formId."','".$componentId."'".');"><img src="components/com_rsform/images/icons/'.($published ? 'publish':'unpublish').'.png" border="0" width="12" height="12" alt="'.($published ? 'Unpublish' : 'Publish').' Component" style="padding-left:20px;" id="currentStatus'.$componentId.'" /></a></td>';
  322. }
  323. function RSshowComponentOrdering($formId,$componentId,$order,$tabIndex)
  324. {
  325. return '<td><input type="text" value="'.$order.'" size="2" name="ordering['.$componentId.']" tabindex="'.$tabIndex.'"/></td>';
  326. }
  327. function RSshowMoveUpComponent($formId,$componentId)
  328. {
  329. return '<td><a href="#" onclick="moveComponentUp('."'".$formId."','".$componentId."'".');"><img src="components/com_rsform/images/icons/uparrow.png" border="0" width="12" height="12" alt="Move Up" /></a></td>';
  330. }
  331. function RSshowMoveDownComponent($formId,$componentId)
  332. {
  333. return '<td><a href="#" onclick="moveComponentDown('."'".$formId."','".$componentId."'".');"><img src="components/com_rsform/images/icons/downarrow.png" border="0" width="12" height="12" alt="Move Down" /></a></td>';
  334. }
  335. function RSgetFormLayout($formId)
  336. {
  337. $RSadapter=$GLOBALS['RSadapter'];
  338. $formId = intval($formId);
  339. $r = mysql_fetch_assoc(mysql_query("SELECT FormLayoutAutogenerate,FormLayoutName FROM $RSadapter->tbl_rsform_forms WHERE FormId='$formId'"));
  340. if($r['FormLayoutAutogenerate']==1)
  341. {
  342. $layout=@include(_RSFORM_BACKEND_ABS_PATH.'/layouts/'.$r['FormLayoutName'].'.php');
  343. $layout=preg_replace('/1/','',$layout);
  344. return $layout;
  345. }
  346. else
  347. {
  348. $r=mysql_fetch_assoc(mysql_query("SELECT FormLayout FROM $RSadapter->tbl_rsform_forms WHERE FormId=$formId"));
  349. return $r['FormLayout'];
  350. }
  351. }
  352. function RSresolveComponentName($componentName,$formId)
  353. {
  354. $RSadapter=$GLOBALS['RSadapter'];
  355. $componentName = RScleanVar($componentName);
  356. $formId = intval($formId);
  357. $q="select $RSadapter->tbl_rsform_properties.ComponentId
  358. from $RSadapter->tbl_rsform_properties
  359. join $RSadapter->tbl_rsform_components on $RSadapter->tbl_rsform_components.ComponentId=$RSadapter->tbl_rsform_properties.ComponentId
  360. where $RSadapter->tbl_rsform_properties.PropertyValue='$componentName' and $RSadapter->tbl_rsform_properties.PropertyName='NAME' and $RSadapter->tbl_rsform_components.FormId='$formId'";
  361. return @mysql_result(mysql_query($q),0);
  362. }
  363. function RSfrontComponentCaption($componentId)
  364. {
  365. $RSadapter=$GLOBALS['RSadapter'];
  366. $componentId = intval($componentId);
  367. return @mysql_result(mysql_query("SELECT PropertyValue FROM $RSadapter->tbl_rsform_properties WHERE ComponentId='$componentId' AND PropertyName='CAPTION'"),0);
  368. }
  369. function RSfrontComponentDescription($componentId)
  370. {
  371. $RSadapter=$GLOBALS['RSadapter'];
  372. $componentId = intval($componentId);
  373. return @mysql_result(mysql_query("SELECT PropertyValue FROM $RSadapter->tbl_rsform_properties WHERE ComponentId='$componentId' AND PropertyName='DESCRIPTION'"),0);
  374. }
  375. function RSfrontComponentValidationMessage($componentId,$value='')
  376. {
  377. $RSadapter=$GLOBALS['RSadapter'];
  378. $componentId = intval($componentId);
  379. $msg = @mysql_result(mysql_query("SELECT PropertyValue FROM $RSadapter->tbl_rsform_properties WHERE ComponentId='$componentId' AND PropertyName='VALIDATIONMESSAGE'"),0);
  380. if(!empty($value) && in_array($componentId,$value,false)==true)
  381. return '<span id="component'.$componentId.'" class="formError">'.$msg.'</span>';
  382. else
  383. return '<span id="component'.$componentId.'" class="formNoError">'.$msg.'</span>';
  384. }
  385. function RSfrontLayout($formId, $formLayout)
  386. {
  387. $RSadapter=$GLOBALS['RSadapter'];
  388. $formId = intval($formId);
  389. //get form title
  390. $formTitle = @mysql_result(mysql_query("SELECT FormTitle FROM $RSadapter->tbl_rsform_forms WHERE FormId='$formId'"),0);
  391. $result = str_replace('{global:formtitle}',$formTitle, $formLayout);
  392. return $result;
  393. }
  394. function RSfrontComponentBody($formId,$componentId,$value='')
  395. {
  396. $RSadapter=$GLOBALS['RSadapter'];
  397. $formId = intval($formId);
  398. $componentId = intval($componentId);
  399. if(is_array($value))
  400. foreach($value as $key=>$vl)
  401. {
  402. if(is_array($vl) && !empty($vl))
  403. foreach($vl as $k_vl=>$v_vl)
  404. $value[$key][$k_vl] = RSstripVar($value[$key][$k_vl]);
  405. else
  406. $value[$key] = RSstripVar($value[$key]);
  407. }
  408. $q="
  409. select
  410. $RSadapter->tbl_rsform_properties.PropertyName,
  411. $RSadapter->tbl_rsform_properties.PropertyValue,
  412. $RSadapter->tbl_rsform_components.ComponentTypeId,
  413. $RSadapter->tbl_rsform_components.Order
  414. from $RSadapter->tbl_rsform_components
  415. left join $RSadapter->tbl_rsform_properties on $RSadapter->tbl_rsform_properties.ComponentId=$RSadapter->tbl_rsform_components.ComponentId
  416. where $RSadapter->tbl_rsform_components.FormId=$formId and $RSadapter->tbl_rsform_components.ComponentId=$componentId
  417. ";
  418. $r=mysql_fetch_assoc(mysql_query($q));
  419. $out='';
  420. $data = RSgetComponentProperties($componentId);
  421. switch(RSresolveComponentTypeId($r['ComponentTypeId']))
  422. {
  423. case 'textBox':
  424. {
  425. $defaultValue = RSisCode($data['DEFAULTVALUE']);
  426. $out .= '<input type="text" value="'.(!empty($value) ? RSshowVar($value[$data['NAME']]) : $defaultValue).'" size="'.$data['SIZE'].'" '.($data['MAXSIZE'] > 0 ? 'maxlength="'.$data['MAXSIZE'].'"' : '').' name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].'/>';
  427. }
  428. break;
  429. case 'textArea':
  430. {
  431. $defaultValue = RSisCode($data['DEFAULTVALUE']);
  432. if ($data['WYSIWYG'] == 'YES')
  433. $out .= $RSadapter->WYSIWYG('form['.$data['NAME'].']', (!empty($value) ? RSshowVar($value[$data['NAME']]) : $defaultValue), 'id['.$data['NAME'].']', $data['COLS']*10, $data['ROWS']*10, $data['COLS'], $data['ROWS']);
  434. else
  435. $out .= '<textarea cols="'.$data['COLS'].'" rows="'.$data['ROWS'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].'>'.(!empty($value) ? RSshowVar($value[$data['NAME']]) : $defaultValue).'</textarea>';
  436. }
  437. break;
  438. case 'selectList':
  439. {
  440. $out .= '<select '.($data['MULTIPLE']=='YES' ? 'multiple="multiple"' : '').' name="form['.$data['NAME'].'][]" '.($data['SIZE'] > 0 ? 'size="'.$data['SIZE'].'"' : '').' id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' >';
  441. $aux = RSisCode($data['ITEMS']);
  442. $aux = str_replace("\r","",$aux);
  443. $items = explode("\n",$aux);
  444. foreach($items as $item)
  445. {
  446. $buf = explode('|',$item);
  447. $option_value = $buf[0];
  448. $option_value_trimmed = str_replace('[c]','',$option_value);
  449. $option_shown = count($buf) == 1 ? $buf[0] : $buf[1];
  450. $option_shown_trimmed = str_replace('[c]','',$option_shown);
  451. $option_checked = false;
  452. if (empty($value) && preg_match('/\[c\]/',$option_shown))
  453. $option_checked = true;
  454. if (!empty($value[$data['NAME']]) && array_search($option_value_trimmed,$value[$data['NAME']]) !== false)
  455. $option_checked = true;
  456. $out .= '<option '.($option_checked ? 'selected="selected"' : '').' value="'.$option_value_trimmed.'">'.$option_shown_trimmed.'</option>';
  457. }
  458. $out .= '</select>';
  459. }
  460. break;
  461. case 'checkboxGroup':
  462. {
  463. $i=0;
  464. $aux = RSisCode($data['ITEMS']);
  465. $aux = str_replace("\r","",$aux);
  466. $items = explode("\n",$aux);
  467. foreach($items as $item)
  468. {
  469. $buf = explode('|',$item);
  470. $option_value = $buf[0];
  471. $option_value_trimmed = str_replace('[c]','',$option_value);
  472. $option_shown = count($buf) == 1 ? $buf[0] : $buf[1];
  473. $option_shown_trimmed = str_replace('[c]','',$option_shown);
  474. $option_checked = false;
  475. if (empty($value) && preg_match('/\[c\]/',$option_shown))
  476. $option_checked = true;
  477. if (!empty($value[$data['NAME']]) && array_search($option_value_trimmed,$value[$data['NAME']]) !== false)
  478. $option_checked = true;
  479. $out .= '<input '.($option_checked ? 'checked="checked"' : '').' name="form['.$data['NAME'].'][]" type="checkbox" value="'.$option_value_trimmed.'" id="'.$data['NAME'].$i.'" '.$data['ADDITIONALATTRIBUTES'].' /><label for="'.$data['NAME'].$i.'">'.$option_shown_trimmed.'</label>';
  480. if($data['FLOW']=='VERTICAL') $out.='<br/>';
  481. $i++;
  482. }
  483. }
  484. break;
  485. case 'radioGroup':
  486. {
  487. $i=0;
  488. $aux = RSisCode($data['ITEMS']);
  489. $aux = str_replace("\r","",$aux);
  490. $items = explode("\n",$aux);
  491. foreach($items as $item)
  492. {
  493. $buf = explode('|',$item);
  494. $option_value = $buf[0];
  495. $option_value_trimmed = str_replace('[c]','',$option_value);
  496. $option_shown = count($buf) == 1 ? $buf[0] : $buf[1];
  497. $option_shown_trimmed = str_replace('[c]','',$option_shown);
  498. $option_checked = false;
  499. if (empty($value) && preg_match('/\[c\]/',$option_shown))
  500. $option_checked = true;
  501. if (!empty($value[$data['NAME']]) && $value[$data['NAME']] == $option_value_trimmed)
  502. $option_checked = true;
  503. $out .= '<input '.($option_checked ? 'checked="checked"' : '').' name="form['.$data['NAME'].']" type="radio" value="'.$option_value_trimmed.'" id="'.$data['NAME'].$i.'" '.$data['ADDITIONALATTRIBUTES'].' /><label for="'.$data['NAME'].$i.'">'.$option_shown_trimmed.'</label>';
  504. if($data['FLOW']=='VERTICAL') $out.='<br/>';
  505. $i++;
  506. }
  507. }
  508. break;
  509. case 'calendar':
  510. {
  511. $calendars = RScomponentExists($formId, 6);
  512. $calendars = array_flip($calendars);
  513. $def_cal_val = (empty($value) ? '':$value[$data['NAME']]);
  514. switch($data['CALENDARLAYOUT'])
  515. {
  516. case 'FLAT':
  517. $out.='<input id="txtcal'.$calendars[$componentId].'" name="form['.$data['NAME'].']" type="text" '.($data['READONLY'] == 'YES' ? 'readonly="readonly"' : '').' class="txtCal" value="'.$def_cal_val.'" '.$data['ADDITIONALATTRIBUTES'].'/><br/>
  518. <div id="cal'.$calendars[$componentId].'Container" style="z-index:'.(9999-$r['Order']).'"></div>';
  519. break;
  520. case 'POPUP':
  521. $out .= '<input id="txtcal'.$calendars[$componentId].'" name="form['.$data['NAME'].']" type="text" '.($data['READONLY'] == 'YES' ? 'readonly="readonly"' : '').' value="'.$def_cal_val.'" '.$data['ADDITIONALATTRIBUTES'].'/>
  522. <input id="btn'.$calendars[$componentId].'" type="button" value="'.$data['POPUPLABEL'].'" onclick="showHideCalendar(\'cal'.$calendars[$componentId].'Container\');" class="btnCal" '.$data['ADDITIONALATTRIBUTES'].' />
  523. <div id="cal'.$calendars[$componentId].'Container" style="clear:both;display:none;position:absolute;z-index:'.(9999-$r['Order']).'"></div>';
  524. break;
  525. }
  526. }
  527. break;
  528. case 'button':
  529. {
  530. $out .= '<input type="button" value="'.$data['LABEL'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' />';
  531. if ($data['RESET']=='YES')
  532. $out .= '&nbsp;&nbsp;<input type="reset" value="'.$data['RESETLABEL'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' />';
  533. }
  534. break;
  535. case 'captcha':
  536. {
  537. $out .= '<img src="'.str_replace('index.php','index2.php',_RSFORM_FRONTEND_SCRIPT_PATH).'?option=com_rsform&amp;task=captcha&amp;componentId='.$componentId.'" id="captcha'.$componentId.'" alt="'.$data['CAPTION'].'"/>';
  538. $out .= ($data['FLOW']=='HORIZONTAL') ? '':'<br/>';
  539. $out .= '<input type="text" name="form['.$data['NAME'].']" value="" id="captchaTxt'.$componentId.'" '.$data['ADDITIONALATTRIBUTES'].' />';
  540. $out .= ($data['SHOWREFRESH']=='YES') ? '<a href="javascript:void(0)" onclick="refreshCaptcha('.$componentId.',\''.str_replace('index.php','index2.php',_RSFORM_FRONTEND_SCRIPT_PATH).'?option=com_rsform&amp;task=captcha&amp;componentId='.$componentId.'\');return false;">'.$data['REFRESHTEXT'].'</a>':'';
  541. }
  542. break;
  543. case 'fileUpload':
  544. {
  545. $out .= '<input type="hidden" name="MAX_FILE_SIZE" value="'.$data['FILESIZE'].'000" />';
  546. $out .= '<input type="file" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' />';
  547. }
  548. break;
  549. case 'freeText':
  550. {
  551. $out .= $data['TEXT'];
  552. }
  553. break;
  554. case 'hidden':
  555. {
  556. $defaultValue = RSisCode($data['DEFAULTVALUE']);
  557. $out .= '<input type="hidden" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" value="'.$defaultValue.'" '.$data['ADDITIONALATTRIBUTES'].' />';
  558. }
  559. break;
  560. case 'imageButton':
  561. {
  562. $out .= '<input type="image" src="'.$data['IMAGEBUTTON'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' />';
  563. if ($data['RESET']=='YES')
  564. $out .= '<input type="reset" name="" id="reset_'.$data['NAME'].'" style="display: none !important" />&nbsp;&nbsp;<input onclick="document.getElementById(\'reset_'.$data['NAME'].'\').click();return false;" type="image" src="'.$data['IMAGERESET'].'" name="form['.$data['NAME'].']" '.$data['ADDITIONALATTRIBUTES'].' />';
  565. }
  566. break;
  567. case 'submitButton':
  568. {
  569. $out .= '<input type="submit" value="'.$data['LABEL'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.$data['ADDITIONALATTRIBUTES'].' />';
  570. if ($data['RESET']=='YES')
  571. $out .= '&nbsp;&nbsp;<input type="reset" value="'.$data['RESETLABEL'].'" name="form['.$data['NAME'].']" '.$data['ADDITIONALATTRIBUTES'].' />';
  572. }
  573. break;
  574. case 'password':
  575. {
  576. $out .= '<input type="password" value="'.$data['DEFAULTVALUE'].'" size="'.$data['SIZE'].'" name="form['.$data['NAME'].']" id="'.$data['NAME'].'" '.($data['MAXSIZE'] > 0 ? 'maxlength="'.$data['MAXSIZE'].'"' : '').' '.$data['ADDITIONALATTRIBUTES'].' />';
  577. }
  578. break;
  579. case 'ticket':
  580. {
  581. $out .= '<input type="hidden" name="form['.$data['NAME'].']" value="'.RSgenerateString($data['LENGTH'],$data['CHARACTERS']).'" '.$data['ADDITIONALATTRIBUTES'].' />';
  582. }
  583. break;
  584. }
  585. return $out;
  586. }
  587. function RSshowForm($formId,$val='',$validation='')
  588. {
  589. $RSadapter=$GLOBALS['RSadapter'];
  590. if(!isset($GLOBALS['ismodule'])) $GLOBALS['ismodule'] = 'head';
  591. $RSadapter->addHeadTag( _RSFORM_FRONTEND_REL_PATH . '/controller/functions.js','js', $GLOBALS['ismodule'] );
  592. $RSadapter->addHeadTag( _RSFORM_FRONTEND_REL_PATH . '/front.css','css', $GLOBALS['ismodule'] );
  593. //add the head tags for the calendar
  594. $calendars = RScomponentExists($formId, 6);//6 is the componentTypeId for calendar
  595. if(!empty($calendars))
  596. {
  597. foreach($calendars as $i=>$calendarComponentId)
  598. {
  599. $data = RSgetComponentProperties($calendarComponentId);
  600. $calendars['CALENDARLAYOUT'][$i] = $data['CALENDARLAYOUT'];
  601. $calendars['DATEFORMAT'][$i] = $data['DATEFORMAT'];
  602. if(!empty($_POST))
  603. {
  604. if ($_POST['form'][$data['NAME']]!='')
  605. $calendars['VALUES'][$i] = $_POST['form'][$data['NAME']];// date('m/d/Y',strtotime($_POST['form'][$data['NAME']]));
  606. else
  607. $calendars['VALUES'][$i] = '';
  608. }else
  609. $calendars['VALUES'][$i] = '';
  610. }
  611. $calendarsLayout = "'".implode("','", $calendars['CALENDARLAYOUT'])."'";
  612. $calendarsFormat = "'".implode("','", $calendars['DATEFORMAT'])."'";
  613. $calendarsValues = "'".implode("','", $calendars['VALUES'])."'";
  614. //check if it's a module
  615. //$RSadapter->addHeadTag( _RSFORM_FRONTEND_REL_PATH . '/calendar/cal.js','js',$GLOBALS['ismodule'] );
  616. $RSadapter->addHeadTag( _RSFORM_FRONTEND_REL_PATH . "/calendar/calendar.css",'css',$GLOBALS['ismodule'] );
  617. //$RSadapter->addHeadTag( _RSFORM_FRONTEND_SCRIPT_PATH.'?option=com_rsform&amp;task=showJs','js', $GLOBALS['ismodule'] );
  618. $calSetup = '';
  619. }
  620. $formId = intval($formId);
  621. $r=mysql_fetch_assoc(mysql_query("SELECT FormLayout, ScriptDisplay FROM $RSadapter->tbl_rsform_forms WHERE FormId='$formId' AND `Published`='1'"));
  622. if(!isset($r['FormLayout'])) return 'No formId';
  623. $scriptDisplay = $r['ScriptDisplay'];
  624. $formLayout = $r['FormLayout'];
  625. $find=array();
  626. $replace=array();
  627. $q="select
  628. $RSadapter->tbl_rsform_properties.PropertyValue,
  629. $RSadapter->tbl_rsform_components.ComponentId
  630. from $RSadapter->tbl_rsform_properties
  631. join $RSadapter->tbl_rsform_components on `$RSadapter->tbl_rsform_components`.ComponentId=`$RSadapter->tbl_rsform_properties`.ComponentId
  632. where $RSadapter->tbl_rsform_components.FormId='$formId' and $RSadapter->tbl_rsform_properties.PropertyName='NAME'
  633. and $RSadapter->tbl_rsform_components.Published='1'
  634. ";
  635. $rez=mysql_query($q) or die(mysql_error());
  636. //Caption
  637. while($r=mysql_fetch_assoc($rez))
  638. {
  639. $find[] = '{'.$r['PropertyValue'].':caption}';
  640. $replace[] = RSfrontComponentCaption(RSresolveComponentName($r['PropertyValue'],$formId));
  641. }
  642. //Body
  643. if(mysql_num_rows($rez))
  644. {
  645. mysql_data_seek($rez,0);
  646. while($r=mysql_fetch_assoc($rez))
  647. {
  648. $find[] = '{'.$r['PropertyValue'].':body}';
  649. $replace[] = RSfrontComponentBody($formId,RSresolveComponentName($r['PropertyValue'],$formId),$val);
  650. }
  651. //Description
  652. mysql_data_seek($rez,0);
  653. while($r=mysql_fetch_assoc($rez))
  654. {
  655. $find[] = '{'.$r['PropertyValue'].':description}';
  656. $replace[] = RSfrontComponentDescription(RSresolveComponentName($r['PropertyValue'],$formId));
  657. }
  658. mysql_data_seek($rez,0);
  659. //Validation rules hidden
  660. while($r=mysql_fetch_assoc($rez))
  661. {
  662. $find[] = '{'.$r['PropertyValue'].':validation}';
  663. $replace[] = RSfrontComponentValidationMessage(RSresolveComponentName($r['PropertyValue'],$formId),$validation);
  664. }
  665. }
  666. $formLayout = str_replace($find,$replace,$formLayout);
  667. $formLayout = RSfrontLayout($formId, $formLayout);
  668. $formLayout.= '<input type="hidden" name="form[formId]" value="'.$formId.'"/>';
  669. $formLayout = '<form method="post" id="userForm" enctype="multipart/form-data" action="">'.$formLayout.'</form>';
  670. if(!empty($calendars))
  671. {
  672. $formLayout .= '
  673. <script type="text/javascript" src="'._RSFORM_FRONTEND_REL_PATH.'/calendar/cal.js"></script>
  674. <script type="text/javascript">'._RSFORM_FRONTEND_CALENDARJS.'</script>
  675. <script type="text/javascript" defer="defer">rsf_CALENDAR.util.Event.addListener(window, "load", init(Array('.$calendarsLayout.'),Array('.$calendarsFormat.'),Array('.$calendarsValues.')));</script>' ;
  676. }
  677. eval($scriptDisplay);
  678. return $formLayout;
  679. }
  680. function RSshowThankyouMessage($formId)
  681. {
  682. $RSadapter=$GLOBALS['RSadapter'];
  683. $output = '';
  684. //check return url
  685. $formId = intval($formId);
  686. $returnUrl = mysql_result(mysql_query("SELECT ReturnUrl FROM `{$RSadapter->tbl_rsform_forms}` WHERE `formId` = '$formId'"),0);
  687. if(!isset($_SESSION['form'][$formId]['submissionId']))$_SESSION['form'][$formId]['submissionId'] = '';
  688. $returnUrl = RSprocessField($returnUrl,$_SESSION['form'][$formId]['submissionId']);
  689. if(!empty($returnUrl))
  690. $goto = "document.location='".$returnUrl."';";
  691. else
  692. $goto = 'document.location.reload();';
  693. $output .= base64_decode($_SESSION['form'][$formId]['thankYouMessage']).sprintf(_RSFORM_FRONTEND_THANKYOU_BUTTON,$goto);
  694. unset($_SESSION['form'][$formId]['thankYouMessage']);
  695. return $output;
  696. }
  697. function RSprocessForm($formId)
  698. {
  699. $RSadapter=$GLOBALS['RSadapter'];
  700. $user = $RSadapter->user();
  701. $formId = intval($formId);
  702. $_POST['form']['formId'] = intval($_POST['form']['formId']);
  703. $r=mysql_fetch_assoc(mysql_query("SELECT ScriptProcess, ScriptProcess2 FROM `{$RSadapter->tbl_rsform_forms}` WHERE FormId={$_POST['form']['formId']}"));
  704. $ScriptProcess = $r['ScriptProcess'];
  705. $ScriptProcess2 = $r['ScriptProcess2'];
  706. $invalid=array();
  707. $invalid=RSvalidateForm($_POST['form']['formId']);
  708. if(!empty($invalid)) return $invalid;//showForm($formId,$_POST['form'],$invalid);
  709. $userEmail=array(
  710. 'to'=>'',
  711. 'from'=>'',
  712. 'fromName'=>'',
  713. 'text'=>'',
  714. 'subject'=>'',
  715. 'files' =>array()
  716. );
  717. $adminEmail=array(
  718. 'to'=>'',
  719. 'from'=>'',
  720. 'fromName'=>'',
  721. 'text'=>'',
  722. 'subject'=>'',
  723. 'files'=>array()
  724. );
  725. eval($ScriptProcess);
  726. if(empty($invalid))
  727. {
  728. $db='';
  729. $dest=array();
  730. $tmp_name=array();
  731. $name=array();
  732. $fieldName=array();
  733. $user['username'] = RScleanVar($user['username']);
  734. $user['id'] = intval($user['id']);
  735. mysql_query("INSERT INTO `{$RSadapter->tbl_rsform_submissions}` (`FormId`, `DateSubmitted`, `UserIp`, `Username`, `UserId`) VALUES ('{$_POST['form']['formId']}',now(),'{$_SERVER['REMOTE_ADDR']}','{$user['username']}','{$user['id']}')") or die(mysql_error());
  736. $SubmissionId = mysql_insert_id();
  737. if(isset($_FILES['form']['tmp_name']) && is_array($_FILES['form']['tmp_name']))
  738. {
  739. foreach($_FILES['form']['name'] as $key=>$val)
  740. if(!empty($_FILES['form']['name'][$key]))
  741. {
  742. $dest[] = RSgetFileDestination($key,$_POST['form']['formId']);
  743. $name[] = $val;
  744. $fieldName[] = $key;
  745. }
  746. foreach($_FILES['form']['tmp_name'] as $key=>$val)
  747. if(!empty($_FILES['form']['name'][$key]))
  748. $tmp_name[] = $val;
  749. for($i=0;$i<count($dest);$i++)
  750. if(isset($tmp_name[$i]))
  751. {
  752. $fieldName[$i] = RScleanVar($fieldName[$i]);
  753. $prop = RSgetComponentProperties(RSresolveComponentName($fieldName[$i],$formId));
  754. $timestamp = uniqid('');
  755. move_uploaded_file($tmp_name[$i],$dest[$i].$timestamp.'-'.$name[$i]);
  756. @chmod($dest[$i].$timestamp.'-'.$name[$i],0644);
  757. $db = $dest[$i].$timestamp.'-'.$name[$i];
  758. $db = RScleanVar($db);
  759. if ($prop['ATTACHUSEREMAIL']=='YES')
  760. $userEmail['files'][] = $db;
  761. if ($prop['ATTACHADMINEMAIL']=='YES')
  762. $adminEmail['files'][] = $db;
  763. mysql_query("INSERT INTO `{$RSadapter->tbl_rsform_submission_values}` (`SubmissionId`, `FieldName`, `FieldValue`) VALUES ('{$SubmissionId}','$fieldName[$i]','$db')");
  764. }
  765. }
  766. foreach ($_POST['form'] as $key=>$val)
  767. {
  768. $val = (is_array($val) ? implode("\n",$val) : $val);
  769. $key = RScleanVar($key);
  770. $val = RScleanVar(RSstripjavaVar($val));
  771. mysql_query("INSERT INTO `{$RSadapter->tbl_rsform_submission_values}` (`SubmissionId`, `FieldName`, `FieldValue`) VALUES ('{$SubmissionId}','".$key."','".$val."')");
  772. }
  773. if(defined('_RSFORM_PLUGIN_MAPPINGS')) RSmappingsWriteSubmissions($formId, $SubmissionId);
  774. //die();
  775. $r=mysql_fetch_assoc(mysql_query("SELECT * FROM `{$RSadapter->tbl_rsform_forms}` WHERE FormId={$_POST['form']['formId']}"));
  776. $userEmail['to']=RSprocessField($r['UserEmailTo'],$SubmissionId);
  777. $userEmail['cc']=RSprocessField($r['UserEmailCC'],$SubmissionId);
  778. $userEmail['bcc']=RSprocessField($r['UserEmailBCC'],$SubmissionId);
  779. $userEmail['subject']=RSprocessField($r['UserEmailSubject'],$SubmissionId);
  780. $userEmail['from']=RSprocessField($r['UserEmailFrom'],$SubmissionId);
  781. $userEmail['replyto']=RSprocessField($r['UserEmailReplyTo'],$SubmissionId);
  782. $userEmail['fromName']=RSprocessField($r['UserEmailFromName'],$SubmissionId);
  783. $userEmail['text']=RSprocessField($r['UserEmailText'],$SubmissionId);
  784. $userEmail['mode']=$r['UserEmailMode'];
  785. $adminEmail['to']=RSprocessField($r['AdminEmailTo'],$SubmissionId);
  786. $adminEmail['cc']=RSprocessField($r['AdminEmailCC'],$SubmissionId);
  787. $adminEmail['bcc']=RSprocessField($r['AdminEmailBCC'],$SubmissionId);
  788. $adminEmail['subject']=RSprocessField($r['AdminEmailSubject'],$SubmissionId);
  789. $adminEmail['from']=RSprocessField($r['AdminEmailFrom'],$SubmissionId);
  790. $adminEmail['replyto']=RSprocessField($r['AdminEmailReplyTo'],$SubmissionId);
  791. $adminEmail['fromName']=RSprocessField($r['AdminEmailFromName'],$SubmissionId);
  792. $adminEmail['text']=RSprocessField($r['AdminEmailText'],$SubmissionId);
  793. $adminEmail['mode']=$r['AdminEmailMode'];
  794. //mail users
  795. $recipients = explode(',',$userEmail['to']);
  796. if ($r['UserEmailAttach'] && file_exists($r['UserEmailAttachFile']))
  797. $userEmail['files'][] = $r['UserEmailAttachFile'];
  798. if(!empty($recipients))
  799. foreach($recipients as $recipient)
  800. if(!empty($recipient))
  801. $RSadapter->mail($userEmail['from'], $userEmail['fromName'], $recipient, $userEmail['subject'], $userEmail['text'], $userEmail['mode'], !empty($userEmail['cc']) ? $userEmail['cc'] : null, !empty($userEmail['bcc']) ? $userEmail['bcc'] : null, $userEmail['files'], !empty($userEmail['replyto']) ? $userEmail['replyto'] : '');
  802. //mail admins
  803. $recipients = explode(',',$adminEmail['to']);
  804. if(!empty($recipients))
  805. foreach($recipients as $recipient)
  806. if(!empty($recipient))
  807. $RSadapter->mail($adminEmail['from'], $adminEmail['fromName'], $recipient, $adminEmail['subject'], $adminEmail['text'], $adminEmail['mode'], !empty($adminEmail['cc']) ? $adminEmail['cc'] : null, !empty($adminEmail['bcc']) ? $adminEmail['bcc'] : null, $adminEmail['files'], !empty($adminEmail['replyto']) ? $adminEmail['replyto'] : '');
  808. $thankYouMessage = RSprocessField($r['Thankyou'],$SubmissionId);
  809. eval($ScriptProcess2);
  810. // SESSION quick hack - we base64 encode it here and decode it when we show it
  811. $_SESSION['form'][$formId]['thankYouMessage'] = base64_encode($thankYouMessage);
  812. $_SESSION['form'][$formId]['submissionId'] = $SubmissionId;
  813. $RSadapter->redirect($_SERVER['REQUEST_URI']);
  814. }
  815. return false;
  816. }
  817. function RSgetSubmissionValue($SubmissionId, $ComponentId)
  818. {
  819. $RSadapter=$GLOBALS['RSadapter'];
  820. $data = RSgetComponentProperties($ComponentId);
  821. $FieldValue = @mysql_result(mysql_query("SELECT FieldValue FROM `".$RSadapter->tbl_rsform_submission_values."` WHERE FieldName = '".$data['NAME']."' AND SubmissionId = '".$SubmissionId."'"),0);
  822. return $FieldValue;
  823. }
  824. function RScleanVar($string,$html=false)
  825. {
  826. $string = $html ? htmlentities($string,ENT_COMPAT,'UTF-8') : $string;
  827. $string = get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string);
  828. return $string;
  829. }
  830. function RSshowVar($string)
  831. {
  832. return htmlspecialchars($string);
  833. }
  834. function RSstripVar($string)
  835. {
  836. $string = get_magic_quotes_gpc() ? stripslashes($string) : $string;
  837. return $string;
  838. }
  839. function RSstripjavaVar($val)
  840. {
  841. // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
  842. // this prevents some character re-spacing such as <java\0script>
  843. // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
  844. $val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);
  845. // straight replacements, the user should never need these since they're normal characters
  846. // this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29>
  847. $search = 'abcdefghijklmnopqrstuvwxyz';
  848. $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  849. $search .= '1234567890!@#$%^&*()';
  850. $search .= '~`";:?+/={}[]-_|\'\\';
  851. for ($i = 0; $i < strlen($search); $i++) {
  852. // ;? matches the ;, which is optional
  853. // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
  854. // &#x0040 @ search for the hex values
  855. $val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
  856. // &#00064 @ 0{0,7} matches '0' zero to seven times
  857. $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
  858. }
  859. // now the only remaining whitespace attacks are \t, \n, and \r
  860. $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
  861. $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
  862. $ra = array_merge($ra1, $ra2);
  863. $found = true; // keep replacing as long as the previous round replaced something
  864. while ($found == true) {
  865. $val_before = $val;
  866. for ($i = 0; $i < sizeof($ra); $i++) {
  867. $pattern = '/';
  868. for ($j = 0; $j < strlen($ra[$i]); $j++) {
  869. if ($j > 0) {
  870. $pattern .= '(';
  871. $pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?';
  872. $pattern .= '|(&#0{0,8}([9][10][13]);?)?';
  873. $pattern .= ')?';
  874. }
  875. $pattern .= $ra[$i][$j];
  876. }
  877. $pattern .= '/i';
  878. $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
  879. $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
  880. if ($val_before == $val) {
  881. // no replacements were made, so exit the loop
  882. $found = false;
  883. }
  884. }
  885. }
  886. return $val;
  887. }
  888. function RSgetValidationRule($componentId)
  889. {
  890. $RSadapter=$GLOBALS['RSadapter'];
  891. $componentId = intval($componentId);
  892. $q="
  893. SELECT
  894. $RSadapter->tbl_rsform_properties.PropertyValue
  895. FROM $RSadapter->tbl_rsform_properties
  896. join $RSadapter->tbl_rsform_components on $RSadapter->tbl_rsform_properties.ComponentId=$RSadapter->tbl_rsform_components.ComponentId
  897. where $RSadapter->tbl_rsform_properties.PropertyName='VALIDATIONRULE' and $RSadapter->tbl_rsform_properties.ComponentId='$componentId';
  898. ";
  899. $r = @mysql_result(mysql_query($q),0);
  900. if(!empty($r)) return $r;
  901. }
  902. function RSgetRequired($value,$formId)
  903. {
  904. $RSadapter=$GLOBALS['RSadapter'];
  905. $formId = intval($formId);
  906. $componentId=RSresolveComponentName($value,$formId);
  907. $q="
  908. SELECT
  909. $RSadapter->tbl_rsform_properties.PropertyValue
  910. FROM $RSadapter->tbl_rsform_properties
  911. join $RSadapter->tbl_rsform_components on $RSadapter->tbl_rsform_properties.ComponentId=$RSadapter->tbl_rsform_components.ComponentId
  912. where $RSadapter->tbl_rsform_components.FormId='$formId' and $RSadapter->tbl_rsform_properties.PropertyName='REQUIRED' and $RSadapter->tbl_rsform_properties.ComponentId='$componentId';
  913. ";
  914. $r = @mysql_result(mysql_query($q),0);
  915. if(!empty($r)) return $r;
  916. }
  917. function RSvalidateForm($formId)
  918. {
  919. $RSadapter=$GLOBALS['RSadapter'];
  920. $formId = intval($formId);
  921. $invalid=array();
  922. $rez=mysql_query("SELECT ComponentId FROM $RSadapter->tbl_rsform_components WHERE FormId='$formId' AND Published=1");
  923. while($r=mysql_fetch_assoc($rez))
  924. {
  925. $data=RSgetComponentProperties($r['ComponentId']);
  926. $required=RSgetRequired($data['NAME'],$formId);
  927. $validationRule=RSgetValidationRule($r['ComponentId']);
  928. if (RSgetComponentTypeId($r['ComponentId'])==8 && (empty($_POST['form'][$data['NAME']]) || empty($_SESSION['CAPTCHA'.$r['ComponentId']]) || $_POST['form'][$data['NAME']]!=$_SESSION['CAPTCHA'.$r['ComponentId']]))
  929. $invalid[] = $data['componentId'];
  930. if(RSgetComponentTypeId($r['ComponentId'])==9)
  931. {
  932. // File has been *sent* to the server
  933. if (isset($_FILES['form']['tmp_name'][$data['NAME']]) && $_FILES['form']['error'][$data['NAME']] != 4)
  934. {
  935. // File has been uploaded correctly to the server
  936. if($_FILES['form']['error'][$data['NAME']] == 0)
  937. {
  938. // Let's check if the extension is allowed
  939. $buf = explode('.',$_FILES['form']['name'][$data['NAME']]);
  940. $m = '#'.$buf[count($buf)-1].'#';
  941. if (!empty($data['ACCEPTEDFILES']) && !preg_match(strtolower($m),strtolower($data['ACCEPTEDFILES'])))
  942. $invalid[] = $data['componentId'];
  943. // Let's check if it's the correct size
  944. if ($_FILES['form']['size'][$data['NAME']] > 0 && $data['FILESIZE'] > 0 && $_FILES['form']['size'][$data['NAME']] > $data['FILESIZE']*1024)
  945. $invalid[] = $data['componentId'];
  946. }
  947. // File has not been uploaded correctly - next version we'll trigger some messages based on the error code
  948. else
  949. $invalid[] = $data['componentId'];
  950. }
  951. // File has not been sent but it's required
  952. elseif($data['REQUIRED']=='YES')
  953. $invalid[] = $data['componentId'];
  954. continue;
  955. }
  956. if ($required == 'YES')
  957. {
  958. if(!isset($_POST['form'][$data['NAME']]))
  959. {
  960. $invalid[] = $data['componentId'];
  961. continue;
  962. }
  963. if (!is_array($_POST['form'][$data['NAME']]) && strlen(trim($_POST['form'][$data['NAME']])) == 0)
  964. {
  965. $invalid[] = $data['componentId'];
  966. continue;
  967. }
  968. if (!is_array($_POST['form'][$data['NAME']]) && strlen(trim($_POST['form'][$data['NAME']])) > 0 && is_callable($validationRule) && call_user_func($validationRule,$_POST['form'][$data['NAME']]) == false)
  969. {
  970. $invalid[] = $data['componentId'];
  971. continue;
  972. }
  973. if (is_array($_POST['form'][$data['NAME']]))
  974. {
  975. $valid=implode('',$_POST['form'][$data['NAME']]);
  976. if(empty($valid))
  977. {
  978. $invalid[] = $data['componentId'];
  979. continue;
  980. }
  981. }
  982. }
  983. else
  984. {
  985. if (isset($_POST['form'][$data['NAME']]) && !is_array($_POST['form'][$data['NAME']]) && strlen(trim($_POST['form'][$data['NAME']])) > 0 && is_callable($validationRule) && call_user_func($validationRule,$_POST['form'][$data['NAME']]) == false)
  986. {
  987. $invalid[] = $data['componentId'];
  988. continue;
  989. }
  990. }
  991. }
  992. return $invalid;
  993. }
  994. function RSgetComponentTypeId($componentId)
  995. {
  996. $RSadapter=$GLOBALS['RSadapter'];
  997. $componentId = intval($componentId);
  998. return @mysql_result(mysql_query("SELECT ComponentTypeId FROM $RSadapter->tbl_rsform_components WHERE ComponentId='$componentId'"),0);
  999. }
  1000. function RSresolveComponentTypeId($componentTypeId)
  1001. {
  1002. $RSadapter=$GLOBALS['RSadapter'];
  1003. $componentTypeId = intval($componentTypeId);
  1004. return @mysql_result(mysql_query("SELECT ComponentTypeName FROM $RSadapter->tbl_rsform_component_types WHERE ComponentTypeId='$componentTypeId'"),0);
  1005. }
  1006. function RSgetComponentTypeIdByName($componentName,$formId)
  1007. {
  1008. $RSadapter=$GLOBALS['RSadapter'];
  1009. $componentName = mysql_real_escape_string($componentName);
  1010. $q="
  1011. select $RSadapter->tbl_rsform_components.ComponentTypeId
  1012. from $RSadapter->tbl_rsform_components
  1013. left join $RSadapter->tbl_rsform_properties on $RSadapter->tbl_rsform_properties.ComponentId=$RSadapter->tbl_rsform_components.ComponentId
  1014. where $RSadapter->tbl_rsform_properties.PropertyName='NAME' and $RSadapter->tbl_rsform_properties.PropertyValue='$componentName' and $RSadapter->tbl_rsform_components.FormId='$formId';
  1015. ";
  1016. return @mysql_result(mysql_query($q),0);
  1017. }
  1018. function RSgetFileDestination($componentName,$formId)
  1019. {
  1020. $RSadapter=$GLOBALS['RSadapter'];
  1021. $componentId=RSresolveComponentName($componentName,$formId);
  1022. return @mysql_result(mysql_query("SELECT PropertyValue FROM $RSadapter->tbl_rsform_properties WHERE PropertyName='DESTINATION' AND ComponentId='$componentId'"),0);
  1023. }
  1024. function RScomponentExists($formId,$componentTypeId)
  1025. {
  1026. $RSadapter=$GLOBALS['RSadapter'];
  1027. $formId = intval($formId);
  1028. $componentTypeId = intval($componentTypeId);
  1029. $rez=mysql_query("SELECT ComponentId FROM $RSadapter->tbl_rsform_components WHERE ComponentTypeId='$componentTypeId' AND FormId='$formId' AND Published='1'");
  1030. $output=array();
  1031. while($r=mysql_fetch_assoc($rez))
  1032. $output[] = $r['ComponentId'];
  1033. return $output;
  1034. }
  1035. function RSgenerateString($length, $characters, $type='Random')
  1036. {
  1037. if($type == 'Random')
  1038. {
  1039. switch($characters)
  1040. {
  1041. case 'ALPHANUMERIC':
  1042. default:
  1043. $possible = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  1044. break;
  1045. case 'ALPHA':
  1046. $possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  1047. break;
  1048. case 'NUMERIC':
  1049. $possible = "0123456789";
  1050. break;
  1051. }
  1052. if($length<1||$length>255) $length = 8;
  1053. $key = "";
  1054. $i = 0;
  1055. while ($i < $length) {
  1056. $key .= substr($possible, mt_rand(0, strlen($possible)-1), 1);
  1057. $i++;
  1058. }
  1059. }
  1060. if($type == 'Sequential')
  1061. {
  1062. }
  1063. return $k

Large files files are truncated, but you can click here to view the full file