<?php/*** Form Manager*** Copyright 2010 Nickman*/define('IN_MYBB'

1. <?php
2. /**
3. * Form Manager
4. *
5. *
6. * Copyright 2010 Nickman
7. */
8. define('IN_MYBB', 1);
9. require_once './global.php';
10.  
11. if ($mybb->user['username'] == '')
12. {
13. $mybb->user['usergroup'] = '1';
14. $mybb->user['postnum'] = 0;
15. }
16.  
17. $id=intval($_GET['id']);
18. $captcha_shown=false;
19. if ($id == '')
20. {
21. $get=$db->simple_select("forms","*","active='1'");
22. add_breadcrumb("Forms", "forms.php");
23. $html.="
24. <html xml:lang=\"en\" lang=\"en\" xmlns=\"http://www.w3.org/1999/xhtml\">
25. <head>
26. <title>{$mybb->settings['bbname']}</title>
27. {$headerinclude}
28.  
29.  
30. </head>
31. <body>
32. {$header}<br/>
33. <table border=\"0\" cellspacing=\"{$theme['borderwidth']}\" cellpadding=\"{$theme['tablespace']}\" class=\"tborder\" width=\"100%\">
34. <tr>
35. <td colspan='2' class=\"thead\" colspan=\"$cells\"><strong>Current Forms</strong></td></tr>
36. <tr><td colspan='2' class='trow1'>
37. <ul>";
38. $i=0;
39. while ($form = $db->fetch_array($get))
40. {
41. $perms=unserialize($form['permissions']);
42. if (is_array($perms))
43. {
44. if (in_array($mybb->user['usergroup'],$perms) AND $mybb->user['postnum'] >= $form['required_posts'])
45. {
46. $i++;
47. $html.="<li><a href='forms.php?id=$form[form_id]'>$form[name]</a></li>";
48. }
49. }
50.  
51. }
52. if ($i < 1)
53. {
54. $html.="No forms are currently available for you";
55. }
56. $html.= ("</td></tr></table>{$footer}</body></html>");
57. output_page($html);
58. exit();
59.  
60. }
61. $form=$db->fetch_array($db->simple_select("forms","*","form_id='$id'"));
62. if ($form['uses'] != 0)
63. {
64. $ip=$_SERVER['REMOTE_ADDR'];
65. $uid=$mybb->user['uid'];
66. $get=$db->simple_select("forms_protect", "*","form_id='$id' AND (uid='$uid' OR ip='$ip')");
67. if ($db->num_rows($get) >= $form['uses'])
68. {
69. error("You have reached the maximum uses of this form");
70. }
71. }
72. $perms=unserialize($form['permissions']);
73. $items=$db->query("SELECT * FROM ".TABLE_PREFIX."forms_items WHERE form_id='$id' ORDER BY `order` ASC");
74. while ($quick=$db->fetch_array($items))
75. {
76. if ($quick['required'] == 1)
77. {
78. $required[]=$quick['item_id'];
79. }
80. }
81. add_breadcrumb($form['name'], "forms.php?id=$id");
82. //first let's check permissions
83.  
84. if (!in_array($mybb->user['usergroup'],$perms))
85. {
86. error_no_permission();
87. }
88. if ($mybb->user['postnum'] < $form['required_posts'])
89. {
90. error_no_permission();
91. }
92. if ($form['active'] != '1')
93. {
94. error("Form Not Enabled");
95. }
96. if ($_POST["submitted"] == "")
97. {
98. $html.="<html xml:lang=\"en\" lang=\"en\" xmlns=\"http://www.w3.org/1999/xhtml\"><head>
99. <title>{$mybb->settings['bbname']} - {$form['name']}</title>
100. {$headerinclude}
101.  
102. </head>
103. <body>
104. {$header}";
105. $html.="<br/>
106. <table border=\"0\" cellspacing=\"{$theme['borderwidth']}\" cellpadding=\"{$theme['tablespace']}\" class=\"tborder\" width=\"100%\">
107. <tr>
108. <td colspan='2' class=\"thead\" colspan=\"$cells\"><strong>{$form['name']}</strong></td></tr>
109. <form action='' method='post'>";
110.  
111. $r=1;
112. $items=$db->query("SELECT * FROM ".TABLE_PREFIX."forms_items WHERE form_id='$id' ORDER BY `order` ASC");
113. while ($item=$db->fetch_array($items))
114. {
115. $noshow=false;
116. if ($item['type'] == 7)
117. {
118. $perms=unserialize($item['description']);
119. if (is_array($perms))
120. {
121. if (!in_array($mybb->user['usergroup'],$perms))
122. {
123. $captcha_shown=true;
124. }
125. }
126. else
127. {
128. $captcha_shown=true;
129. }
130. }
131. if ($item['type'] == 8)
132. {
133. $html.="<tr><td colspan='2' class='tcat'>$item[name]</td></tr>";
134. $noshow=true;
135. }
136. if ($item['type'] == 9)
137. {
138. $html.="<tr><td class='trow$r' colspan='2'>$item[description]</td></tr>";
139. $noshow=true;
140. }
141.  
142. if ((($item['type'] !=7) OR ($item['type'] == '7' AND $captcha_shown == false)) AND !$noshow)
143. {
144. $html.="<tr><td class='trow$r'>";
145. }
146. if (is_array($required))
147. {
148. if (in_array($item['item_id'],$required))
149. {
150. $html.="<font color='red'>*</font>";
151. }
152. }
153. if ($item['type'] != '7' AND !$noshow)
154. {
155. $html.="{$item['name']}<br/><small>{$item['description']}</small></td><td class='trow$r'>";
156. }
157. elseif ($item['type']== 7 AND $captcha_shown == false)
158. {
159. $html.="{$item['name']}</td><td class='trow$r'>";
160. }
161. switch($item['type'])
162. {
163. case 1:
164. if ($item['size'] != '')
165. {
166. $size="size='$item[size]'";
167. }
168. if ($item['maxlength'] != '')
169. {
170. $max="maxlength='$item[maxlength]'";
171. }
172.  
173. $html.="<input class='$item[class]' type='text' name='$item[item_id]' value='$item[default_value]' $size $max/>";
174. break;
175. case 2:
176. $html.="<textarea class='$item[class]' cols='$item[cols]' rows='$item[rows]' name='$item[item_id]'>$item[default_value]</textarea>";
177. break;
178. case 3:
179. $options=explode("|",$item['options']);
180. $html.="<select class='$item[class]' name='$item[item_id]'>";
181. foreach ($options AS $value)
182. {
183. if ($value == $item['default_value'])
184. {
185. $html.="<option selected>$value</option>";
186. }
187. else
188. {
189. $html.="<option>$value</option>";
190. }
191. }
192. break;
193. case 4:
194. $options=explode("|",$item['options']);
195. $html.="<select class='$item[class]' name='$item[item_id][]' multiple='multiple'>";
196. foreach ($options AS $value)
197. {
198. if ($value == $item['default_value'])
199. {
200. $html.="<option selected>$value</option>";
201. }
202. else
203. {
204. $html.="<option>$value</option>";
205. }
206. }
207. break;
208. case 5:
209. $options=explode("|",$item['options']);
210. foreach ($options AS $value)
211. {
212. if ($value == $item['default_value'])
213. {
214. $html.="$value: <input name='$item[item_id]' type='radio' class='$item[class]' value='$value' checked/>&nbsp;&nbsp;";
215. }
216. else
217. {
218. $html.="$value: <input name='$item[item_id]' type='radio' class='$item[class]' value='$value'/>&nbsp;&nbsp;";
219. }
220. }
221. break;
222. case 6:
223. $options=explode("|",$item['options']);
224. foreach ($options AS $value)
225. {
226. if ($value == $item['default_value'])
227. {
228. $html.="$value: <input name='$item[item_id][]' type='checkbox' class='$item[class]' value='$value' checked/>&nbsp;&nbsp;";
229. }
230. else
231. {
232. $html.="$value: <input name='$item[item_id][]' type='checkbox' class='$item[class]' value='$value'/>&nbsp;&nbsp;";
233. }
234. }
235. break;
236. case 7:
237. if (!$captcha_shown)
238. {
239. $lang->load("member");
240. //Change it up!
241. $lang->verification_note="Please verify that you are in fact human by entering the letters in the image below";
242. $randomstr = random_str(5);
243. $imagehash = md5(random_str(12));
244. $regimagearray = array(
245. "imagehash" => $imagehash,
246. "imagestring" => $randomstr,
247. "dateline" => TIME_NOW
248. );
249. $db->insert_query("captcha", $regimagearray);
250. eval("\$regimage = \"".$templates->get("member_register_regimage")."\";");
251. $html.="<input type='hidden' value='yes' name='checkcaptcha'/>";
252. $html.="$regimage";
253.  
254. $captcha_shown=true;
255. }
256. $captchas++;
257. break;
258. if ($item['type'] != '7' OR $captchas <= 1 AND !$noshow)
259. {
260. $html.="</td></tr>\n";
261. }
262. if ($r == 1)
263. {
264. $r=2;
265. }
266. else {
267. $r=1;
268. }
269. }
270.  
271.  
272. }
273.  
274.  
275.  
276. $html.= ("<tr class='trow$r'><td colspan='2'><input type='hidden' name='submitted' value='yes'/><input type='submit' value='Submit'/></form></td></tr>
277. </table>
278. {$footer}
279. </body>
280. </html>");
281. output_page($html);
282. }
283. else
284. {
285. if ($mybb->input['checkcaptcha'] != '')
286. {
287. $imagehash = $db->escape_string($mybb->input['imagehash']);
288. $imagestring = $db->escape_string(my_strtolower($mybb->input['imagestring']));
289. $query = $db->simple_select("captcha", "*", "imagehash='$imagehash' AND LOWER(imagestring)='$imagestring'");
290. $imgcheck = $db->fetch_array($query);
291. if(!$imgcheck['dateline'])
292. {
293. error("The captcha you entered was incorrect");
294. }
295. $db->delete_query("captcha", "imagehash='$imagehash'");
296. }
297. foreach ($required AS $value)
298. {
299. if ($_POST[$value] == '')
300. {
301. error("You left a required field blank");
302. }
303. }
304. $id=intval($_GET['id']);
305. $items=$db->query("SELECT * FROM ".TABLE_PREFIX."forms_items WHERE form_id='$id' ORDER BY `order` ASC");
306. while ($item=$db->fetch_array($items))
307. {
308. if ($_POST[$item['item_id']] == '')
309. {
310. $_POST[$item['item_id']] = "Not answered";
311. }
312. if ($item['type'] != '7' AND $item['type'] != '8' AND $item['type'] != '9')
313. {
314. add_item($item['name'],$_POST[$item['item_id']]);
315. }
316. }
317. $ip=$_SERVER['REMOTE_ADDR'];
318. $insert=array(
319. 'form_id'=>$id,
320. 'uid'=>$mybb->user['uid'],
321. 'ip'=>$ip);
322. $db->insert_query("forms_protect",$insert);
323. $bbmessage=make_message('1');
324. $message=make_message('2');
325. //Let's PM the user!
326. if ($form['pm_uid'] != '')
327. {
328. require_once MYBB_ROOT."inc/datahandlers/pm.php";
329. $pmhandler = new PMDataHandler();
330. $pm = array(
331. "subject" => "Form Submission: $form[name]",
332. "message" => $bbmessage,
333. "icon" => -1,
334. "fromid" => intval($mybb->user['uid']),
335. "toid" => array($form['pm_uid']),
336. "bccid" => '',
337. "do" => '',
338. "pmid" => ''
339. );
340. $pm['saveasdraft'] = 0;
341. $pmhandler->admin_override = 1;
342. $pmhandler->set_data($pm);
343. if($pmhandler->validate_pm())
344. {
345. $pmhandler->insert_pm();
346. }
347. }
348. if ($form['forum_fid'] != 0)
349. {
350. $user=$mybb->user['username'];
351. if ($user == '')
352. {
353. $user="Guest";
354. }
355. $uid=$mybb->user['uid'];
356. $insert_array = array(
357. "fid" => intval($form['forum_fid']),
358. "subject" => "Form Submission: $form[name]",
359. "icon" => 0,
360. "uid" => intval($uid),
361. "username" => $user,
362. "dateline" => time(),
363. "lastpost" => time(),
364. "closed" => "",
365. "visible" => 1,
366. );
367. $db->insert_query("threads", $insert_array);
368. $newtid = $db->insert_id();
369. $insert_post = array(
370. "tid" => intval($newtid),
371. "subject" => "Form Submission: $form[name]",
372. "fid" => intval($form[forum_fid]),
373. "uid" => intval($uid),
374. "username" => $user,
375. "dateline" => time(),
376. "message" => $bbmessage,
377. "visible" => 1,
378. );
379. $db->insert_query("posts", $insert_post);
380. //UPDATE POSTCOUNT
381. $update_posts = array(
382. "postnum" => $mybb->user['postnum']+1,
383. );
384. $db->update_query("users", $update_posts, "uid='$uid'");
385. //UPDATE STATS
386. update_thread_counters($newtid, array("replies" => "+1"));
387. update_forum_counters($form['forum_fid'], array("threads" => "+1", "posts" => "+1"));
388. update_forum_lastpost($form['forum_fid']);
389. $cache->update_stats();
390. }
391. if ($form['email_addresses'] != '')
392. {
393. $emails=explode(",",$form['email_addresses']);
394. foreach ($emails AS $email)
395. {
396.  
397. mail($email,"Form Submission: $form[name]",$message);
398. }
399. }
400. redirect("index.php", "Form Submitted");
401. }
402.  
403.  
404. function add_item($name,$value)
405. {
406. global $names,$values;
407. $names[]=$name;
408. if (is_array($value))
409. {
410. $value=implode(",",$value);
411. }
412. $values[]=$value;
413. }
414. function make_message($type)
415. {
416. global $names,$db,$values;
417. if (count($names) != count($values))
418. {
419. error("An unexpected error has occurred");
420. }
421. else
422. {
423. $i=0;
424. while ($i < count($names))
425. {
426. //BBCode
427. if ($type == '1')
428. {
429. $message.="[b]{$names[$i]}[/b]: {$values[$i]}[hr]";
430. }
431. else
432. {
433. $message.="{$names[$i]}: {$values[$i]}\n";
434. }
435. $i++;
436. }
437. return $db->escape_string($message);
438. }
439. }
440.  
441. ?>