API tools faq
paste
Chique

Subzero | Append topicId PHP

Chique
Jul 17th, 2016
82
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.15 KB | None | 0 0
raw download clone embed print report diff
  1. <?php
  2. if (!defined('SMF'))
  3. die('Hacking attempt...');
  4. @session_start();
  5.  
  6. // This function shows the custom forms and submits them.
  7. function CustomForm()
  8. {
  9. global $smcFunc, $context, $txt, $scripturl, $sourcedir, $user_info, $modSettings;
  10.  
  11. global $txt, $context, $sourcedir, $modSettings;
  12.  
  13. global $_SESSION;
  14.  
  15. // Generate a visual verification code to make sure the user is no bot.
  16. $context['require_verification'] = $user_info['is_guest'] || !$user_info['is_mod'] && !$user_info['is_admin'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha']);
  17. if ($context['require_verification'])
  18. {
  19. require_once($sourcedir . '/Subs-Editor.php');
  20. $verificationOptions = array(
  21. 'id' => 'register',
  22. );
  23. $context['visual_verification'] = create_control_verification($verificationOptions);
  24. $context['visual_verification_id'] = $verificationOptions['id'];
  25. }
  26. // Otherwise we have nothing to show.
  27. else
  28. $context['visual_verification'] = false;
  29.  
  30. // Are we looking for the thank you page.
  31. if (isset($_REQUEST['thankyou']))
  32. {
  33. $context['sub_template'] = 'ThankYou';
  34. loadTemplate('CustomForm');
  35. }
  36. else
  37. // Do we have a valid form id?
  38. if(isset($_REQUEST['n'])
  39. && intval($_REQUEST['n']))
  40. {
  41. $form_id = intval($_REQUEST['n']);
  42.  
  43. // Wait a second... Are you even allowed to use this form?
  44. if(!allowedTo('custom_forms_'.$form_id))
  45. redirectExit("action=form");
  46.  
  47. // Get the data about the current form.
  48. $request = $smcFunc['db_query']('','
  49. SELECT title, output, subject, id_board, icon, form_exit, template_function
  50. FROM {db_prefix}cf_forms
  51. WHERE id_form = {int:id}',
  52. array(
  53. 'id' => $form_id,
  54. )
  55. );
  56.  
  57. // Did we get some form data? If not then redirect the user to the form view page.
  58. if(!($form_data = $smcFunc['db_fetch_assoc']($request)))
  59. redirectExit("action=form;");
  60.  
  61. $output = $form_data['output'];
  62. $exit = $form_data['form_exit'];
  63. $subject = $form_data['subject'];
  64. $icon = $form_data['icon'];
  65. $board = $form_data['id_board'];
  66. $form_title = $form_data['title'];
  67.  
  68. // Free the db request.
  69. $smcFunc['db_free_result']($request);
  70.  
  71. // Get a list of the current fields attached to this form.
  72. $request = $smcFunc['db_query']('','
  73. SELECT title, text, type, type_vars
  74. FROM {db_prefix}cf_fields
  75. WHERE id_form = {int:id}
  76. AND title != \'\'
  77. AND text != \'\'
  78. AND type != \'\'
  79. ORDER BY ID_FIELD',
  80. array(
  81. 'id' => $form_id,
  82. )
  83. );
  84.  
  85. $data = array();
  86. // Get all of data from the db query.
  87. while($row = $smcFunc['db_fetch_assoc']($request))
  88. $data[] = $row;
  89.  
  90. // Free the db request.
  91. $smcFunc['db_free_result']($request);
  92.  
  93. // Do we have fields attached to this form? If not then redirect the user to the form view page.
  94. if(empty($data))
  95. redirectExit("action=form;");
  96.  
  97. $fail_submit = false;
  98.  
  99. // Do we need to submit this form?
  100. if(isset($_GET['submit']))
  101. {
  102. $vars = array();
  103. $replace = array();
  104. $i = -1;
  105.  
  106. // Check for valid post data from the forms fields.
  107. foreach($data as $field)
  108. {
  109. $i++;
  110. $value = '';
  111. $size = '';
  112. $default = '';
  113.  
  114. $temp = ($field['type_vars'] != '') ? explode(',', $field['type_vars']) : array();
  115. $type_vars = array();
  116.  
  117. // Remove whitespace from temp, to avoid unwanted issues.
  118. for($p=0; $p < count($temp); $p++)
  119. $temp[$p] = trim($temp[$p]);
  120.  
  121. // Go through all of the type_vars to format them correctly.
  122. if(!empty($temp))
  123. foreach($temp as $var)
  124. {
  125. // Check for a size value.
  126. if(substr($var, 0, 5) == 'size=')
  127. $size = intval(substr($var, 5));
  128.  
  129. // Check for a default value
  130. if(substr($var, 0, 8) == 'default=')
  131. $default = substr($var, 8);
  132.  
  133. // Add them to the vars list.
  134. if($var != '')
  135. $type_vars[] = $var;
  136. }
  137.  
  138. $required = in_array('required', $temp);
  139.  
  140. // Go through each of the possible types of fields.
  141. switch ($field['type'])
  142. {
  143. case 'checkbox':
  144. $value = isset($_REQUEST[$field['title']]) ? $_REQUEST[$field['title']] : false;
  145. // Replace the normal true/false values if we have special type_var values.
  146. if(isset($type_vars[0]) && ($value))
  147. $value = $type_vars[0];
  148. elseif(isset($type_vars[1]) && !($value))
  149. $value = $type_vars[1];
  150. elseif($value)
  151. $value = $txt['yes'];
  152. else
  153. $value = $txt['no'];
  154. break;
  155. case 'selectbox':
  156. // Skip this field, if there are no select values.
  157. if(empty($type_vars))
  158. continue 2;
  159. $value = isset($_REQUEST[$field['title']]) ? $_REQUEST[$field['title']] : '';
  160. // Make sure that the selectbox value is in the array, otherwise stop those dodgy users from passing weird values. ;)
  161. if(!in_array($value, $type_vars))
  162. $value = '';
  163. break;
  164. case 'int':
  165. $value = isset($_REQUEST[$field['title']]) ? intval($_REQUEST[$field['title']]) : '';
  166. // If value is empty then set it to the default.
  167. if(($value == '')
  168. && !$required)
  169. $value = $default;
  170. // Restrict the length of value if necessary.
  171. if(($size != ''))
  172. $value = substr($value, 0, $size);
  173. break;
  174. case 'float':
  175. $value = isset($_REQUEST[$field['title']]) ? floatval($_REQUEST[$field['title']]) : '';
  176. // If value is empty then set it to the default.
  177. if(($value == '')
  178. && !$required)
  179. $value = $default;
  180. // Restrict the length of the float value if necessary.
  181. if(($size != ''))
  182. $value = rtrim(substr($value, 0, $size), '.');
  183. break;
  184. case 'radiobox':
  185. // Skip this field, if there are no radio select values.
  186. if(empty($type_vars))
  187. continue 2;
  188. $value = isset($_REQUEST[$field['title']]) ? $_REQUEST[$field['title']] : '';
  189. // Make sure that the radiobox value is in the array, otherwise stop those dodgy users from passing weird values. ;)
  190. if(!in_array($value, $type_vars))
  191. $value = '';
  192. break;
  193. // Do the formating for both large and normal textboxes.
  194. default:
  195. $value = isset($_REQUEST[$field['title']]) ? $_REQUEST[$field['title']] : '';
  196. // If value is empty then set it to the default.
  197. if(($value == '')
  198. && !$required)
  199. $value = $default;
  200. // Only bother with further formating if there is now some text. - This avoids huge errors with the parse_bbc() function returning all bbc.
  201. if(!($value == ''))
  202. {
  203. // Remove all bbc code if we don't need to parse it.
  204. if(!in_array('parse_bbc', $type_vars))
  205. $value = strip_tags(parse_bbc($value, false), '<br>');
  206. // Restrict the length of value if necessary, can stuff up html, but hey...
  207. if(($size != ''))
  208. $value = substr($value, 0, $size);
  209. }
  210. }
  211.  
  212. // Do we have an invalid value? Is this field required?
  213. if(($required
  214. && (($value == '') || ($value == '0'))
  215. && ($field['type'] != 'checkbox'))
  216. // Failing for selectboxes is far more simple, If there is no valid value, it fails.
  217. || (($field['type'] == 'selectbox') && ($value == '')))
  218. {
  219. // Do the 'fail form/field' stuff.
  220. $data[$i]['failed'] = true;
  221. $fail_submit = true;
  222. continue;
  223. }
  224.  
  225. // Add this fields value to the list of variables for the output post.
  226. $vars[] = '/\{'.$field['title'].'\}/';
  227. $replace[] = str_replace('$','\$',$value);
  228.  
  229. // {{ }} Syntax: Setup REGEX for removing entire {{ }} string or just stripping the outermost { }, depending upon the replacement value being blank or not
  230. if($value == '')
  231. {
  232. $vars_blank[] = '/\{[^\{\}]*\{'.$field['title'].'\}[^\{\}]*\}/';
  233. $vars_non_blank[] = '//';
  234. }
  235. else
  236. {
  237. $vars_blank[] = '//';
  238. $vars_non_blank[] = '/\{[^\{\}]*\{'.$field['title'].'\}[^\{\}]*\}/';
  239. }
  240.  
  241. // Also add this data back into the data array, just in case we can't actually submit the form.
  242. $data[$i]['value'] = $value;
  243.  
  244. // Do a small fix for the last line, if this is a checkbox.
  245. if($field['type'] == 'checkbox')
  246. $data[$i]['value'] = isset($_REQUEST[$field['title']]) ? $_REQUEST[$field['title']] : false;
  247.  
  248. if (($required) && (!$data[$i]['value']))
  249. {
  250. // Do the 'fail form/field' stuff.
  251. $data[$i]['failed'] = true;
  252. $fail_submit = true;
  253. continue;
  254. }
  255.  
  256. // Do a small fix for the last line, if this is a largetextbox.
  257. if(($field['type'] == 'largetextbox'))
  258. $data[$i]['value'] = isset($_REQUEST[$field['title']]) ? $_REQUEST[$field['title']] : '';
  259. }
  260.  
  261. // Check whether the visual verification code was entered correctly.
  262. $context['require_verification'] = $user_info['is_guest'] || !$user_info['is_mod'] && !$user_info['is_admin'] && !empty($modSettings['posts_require_captcha']) && ($user_info['posts'] < $modSettings['posts_require_captcha']);
  263. if ($context['require_verification'])
  264. {
  265. require_once($sourcedir . '/Subs-Editor.php');
  266. $verificationOptions = array(
  267. 'id' => 'register',
  268. );
  269. $context['visual_verification'] = create_control_verification($verificationOptions, true);
  270.  
  271. if (is_array($context['visual_verification']))
  272. {
  273. loadLanguage('Errors');
  274. foreach ($context['visual_verification'] as $error)
  275. fatal_error($txt['error_' . $error], false);
  276. }
  277. }
  278.  
  279. // Do we have completly valid field data?
  280. if(!$fail_submit)
  281. {
  282. require_once($sourcedir.'/Subs-Post.php');
  283.  
  284. // {{ }} Syntax: Strip out everything in {{ }} if value is blank
  285. $output = preg_replace($vars_blank, '', $output);
  286. $subject = preg_replace($vars_blank, '', $subject);
  287.  
  288. // {{ }} Syntax: Remove outside brackets if value is not blank
  289. $output = preg_replace_callback($vars_non_blank, create_function('$matches','return substr($matches[0],1,-1);'), $output);
  290. $subject = preg_replace_callback($vars_non_blank, create_function('$matches','return substr($matches[0],1,-1);'), $subject);
  291.  
  292. // Replace all vars with their correct value, for both the message and the subject.
  293. $output = preg_replace($vars, $replace, $output);
  294. $subject = preg_replace($vars, $replace, $subject);
  295.  
  296. // Collect all necessary parameters for the creation of the post.
  297. $msgOptions = array(
  298. 'id' => 0,
  299. 'subject' => $subject,
  300. 'icon' => $icon,
  301. 'body' => $output,
  302. 'smileys_enabled' => true,
  303. );
  304.  
  305. //Get topicId from GET
  306. $topicId = 0;
  307. If (isset($_SESSION['topic']))
  308. {
  309. $topicId = $_SESSION['topic'];
  310. }
  311.  
  312. $topicOptions = array(
  313. 'id' => $topicId,
  314. 'board' => $board,
  315. 'mark_as_read' => true,
  316. );
  317.  
  318. $posterOptions = array(
  319. 'id' => $user_info['id'],
  320. );
  321.  
  322. // Finally create the post!!! :D
  323. $newTopicId = createPost($msgOptions, $topicOptions, $posterOptions);
  324. print_r($newTopicId);die;
  325.  
  326. // Redirect this user as well.
  327. if ($exit == 'board' || $exit == '')
  328. redirectexit('board=' . $board . '.0');
  329. elseif ($exit == 'forum')
  330. redirectExit();
  331. elseif ($exit == 'form')
  332. redirectExit("action=form;");
  333. elseif ($exit == 'thanks')
  334. redirectExit("action=form;thankyou");
  335. else
  336. redirectexit("$exit");
  337. }
  338. }
  339.  
  340. // Otherwise we shall show the submit form page.
  341. $context['fields'] = array();
  342.  
  343. // Okay, lets format the field data.
  344. foreach($data as $field)
  345. {
  346.  
  347. $size = false;
  348. $type_vars = ($field['type_vars'] != '') ? explode(',', $field['type_vars']) : array();
  349. $vars = array();
  350. $required = false;
  351.  
  352. // Go through all of the type_vars to format them correctly.
  353. if(!empty($type_vars))
  354. foreach($type_vars as $var)
  355. {
  356. // Remove whitespace from vars, to avoid unwanted issues.
  357. $var = trim($var);
  358. // Add them to the vars list, in the correct format for the template.
  359. if($var != '')
  360. $vars[] = $var;
  361. // Check to see if this field is required.
  362. if($var == 'required')
  363. $required = true;
  364. }
  365.  
  366. // Make sure that we have valid options, if this is a selectbox.
  367. if(($field['type'] == 'selectbox')
  368. && empty($vars))
  369. continue;
  370.  
  371. // Make sure that we have valid options, if this is a radiobox.
  372. if(($field['type'] == 'radiobox')
  373. && empty($vars))
  374. continue;
  375.  
  376. // Store any previous values for the template to look after.
  377. if(isset($field['value']))
  378. $modSettings[$field['title']] = $field['value'];
  379.  
  380. // Finally put the data for this field into the $context['field'] array for the 'submit form' template functions.
  381. $context['fields'][$field['title']] = array(
  382. 'text' => $field['text'],
  383. 'type' => $field['type'],
  384. 'data' => $vars,
  385. 'value' => isset($field['value']) ? $field['value'] : '',
  386. 'required' => $required,
  387. 'failed' => isset($field['failed']),
  388. );
  389. }
  390.  
  391. // Do we have fields data? If not then redirect the user to the form view page.
  392. if(empty($context['fields']))
  393. redirectExit("action=form;");
  394.  
  395. // Load the language files.
  396. loadLanguage('Modifications');
  397.  
  398. // Setup and load the necessary template related stuff.
  399. $context['settings_title'] = '<a href="'.$scripturl.'?action=form;">'.((isset($modSettings['CustomForm_view_title']) && ($modSettings['CustomForm_view_title'] != '')) ? $modSettings['CustomForm_view_title'] : $txt['CustomForm_tabheader']) . '</a> : ' . $form_title;
  400. $context['failed_form_submit'] = $fail_submit;
  401. $context['template_function'] = $form_data['template_function'];
  402. $context['post_url'] = $scripturl.'?action=form;n='.$form_id.';submit;';
  403. $context['sub_template'] = 'submit_form';
  404. loadTemplate('CustomForm');
  405. }
  406. // If not then fall to the default view form page, with the list of forms.
  407. else
  408. {
  409. // Wait a second... Are you even allowed to view the form list?
  410. if(!allowedTo('CustomForm_view_perms'))
  411. redirectExit();
  412.  
  413. // Declare the array of data which we need to pass to the template.
  414. $context['custom_forms_list'] = array();
  415.  
  416. // Firstly get a list of all the fields from the cf_fields table.
  417. $request = $smcFunc['db_query']('','
  418. SELECT id_form
  419. FROM {db_prefix}cf_fields
  420. WHERE title != \'\'
  421. AND text != \'\'
  422. AND type != \'\''
  423. );
  424.  
  425. $forms = array();
  426.  
  427. while($row = $smcFunc['db_fetch_assoc']($request))
  428. $forms[] = $row['id_form'];
  429. $smcFunc['db_free_result']($request);
  430.  
  431. // Get the data from the cf_forms table.
  432. $request = $smcFunc['db_query']('','
  433. SELECT f.id_form, f.title, b.name, b.id_board
  434. FROM {db_prefix}cf_forms f, {db_prefix}boards b
  435. WHERE b.id_board = f.id_board
  436. AND b.redirect = \'\''
  437. );
  438.  
  439. // Go through all of the forms and add them to the list.
  440. while($row = $smcFunc['db_fetch_assoc']($request))
  441. {
  442. // Wait. Are you allowed to view/use this form?
  443. if(!allowedTo('custom_forms_'.$row['id_form']))
  444. continue;
  445.  
  446. // Did we get some fields from this form?
  447. if(!in_array($row['id_form'], $forms))
  448. continue;
  449.  
  450. // Add this forms data, for the template to show.
  451. $context['custom_forms_list'][] = array(
  452. 'id' => $row['id_form'],
  453. 'title' => $row['title'],
  454. 'id_board' => $row['id_board'],
  455. 'board' => $row['name'],
  456. );
  457. }
  458.  
  459. // Free the db request.
  460. $smcFunc['db_free_result']($request);
  461.  
  462. // Finally load the necessary template for this action.
  463. $context['sub_template'] = 'FormList';
  464. loadTemplate('CustomForm');
  465.  
  466. }
  467.  
  468. // Set the page title, just for lolz! :D
  469. $context['page_title'] = (isset($modSettings['CustomForm_view_title']) && ($modSettings['CustomForm_view_title'] != '')) ? $modSettings['CustomForm_view_title'] : $txt['CustomForm_tabheader'];
  470. }
  471. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!