Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Dec 14th, 2011  |  syntax: None  |  size: 30.97 KB  |  views: 625  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?php
  2.  
  3. /*
  4. Plugin Name: Grunion Contact Form
  5. Description: Add a contact form to any post, page or text widget.  Emails will be sent to the post's author by default, or any email address you choose.  As seen on WordPress.com.
  6. Plugin URI: http://automattic.com/#
  7. AUthor: Automattic, Inc.
  8. Author URI: http://automattic.com/
  9. Version: 2.3
  10. License: GPLv2 or later
  11. */
  12.  
  13. define( 'GRUNION_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
  14. define( 'GRUNION_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
  15. define( 'RECAPTCHA_PUBLICKEY', "Your recaptcha public key" );
  16. define( 'RECAPTCHA_PRIVATEKEY', "Your recaptcha private key" );
  17.  
  18. if ( is_admin() )
  19.         require_once GRUNION_PLUGIN_DIR . '/admin.php';
  20.  
  21. // take the content of a contact-form shortcode and parse it into a list of field types
  22. function contact_form_parse( $content ) {
  23.         // first parse all the contact-field shortcodes into an array
  24.         global $contact_form_fields, $grunion_form;
  25.         $contact_form_fields = array();
  26.  
  27.         if ( empty( $_REQUEST['action'] ) || $_REQUEST['action'] != 'grunion_shortcode_to_json' ) {
  28.                         wp_print_styles( 'grunion.css' );
  29.         }
  30.  
  31.         $out = do_shortcode( $content );
  32.  
  33.         if ( empty($contact_form_fields) || !is_array($contact_form_fields) ) {
  34.                 // default form: same as the original Grunion form
  35.                 $default_form = '
  36.                 [contact-field label="'.__('Name').'" type="name" required="true" /]
  37.                 [contact-field label="'.__('Email').'" type="email" required="true" /]
  38.                 [contact-field label="'.__('Website').'" type="url" /]';
  39.                 if ( 'yes' == strtolower($grunion_form->show_subject) )
  40.                         $default_form .= '
  41.                         [contact-field label="'.__('Subject').'" type="subject" /]';
  42.                 $default_form .= '
  43.                 [contact-field label="'.__('Message').'" type="textarea" /]';
  44.  
  45.                 $out = do_shortcode( $default_form );
  46.         }
  47.  
  48.         return $out;
  49. }
  50.  
  51. function contact_form_render_field( $field ) {
  52.         global $contact_form_last_id, $contact_form_errors, $contact_form_fields, $current_user, $user_identity;
  53.  
  54.         $r = '';
  55.  
  56.         $field_id = $field['id'];
  57.         if ( isset($_POST[ $field_id ]) ) {
  58.                 $field_value = stripslashes( $_POST[ $field_id ] );
  59.         } elseif ( is_user_logged_in() ) {
  60.                 // Special defaults for logged-in users
  61.                 if ( $field['type'] == 'email' )
  62.                         $field_value = $current_user->data->user_email;
  63.                 elseif ( $field['type'] == 'name' )
  64.                         $field_value = $user_identity;
  65.                 elseif ( $field['type'] == 'url' )
  66.                         $field_value = $current_user->data->user_url;
  67.                 else
  68.                         $field_value = $field['default'];
  69.         } else {
  70.                 $field_value = $field['default'];
  71.         }
  72.  
  73.         $field_value = wp_kses($field_value, array());
  74.  
  75.         $field['label'] = html_entity_decode( $field['label'] );
  76.         $field['label'] = wp_kses( $field['label'], array() );
  77.  
  78.         if ( $field['type'] == 'email' ) {
  79.                 $r .= "\n<div>\n";
  80.                 $r .= "\t\t<label for='".esc_attr($field_id)."' class='grunion-field-label ".esc_attr($field['type']) . ( contact_form_is_error($field_id) ? ' form-error' : '' ) . "'>" . htmlspecialchars( $field['label'] ) . ( $field['required'] ? '<span>'. __("(required)") . '</span>' : '' ) . "</label>\n";
  81.                 $r .= "\t\t<input type='text' name='".esc_attr($field_id)."' id='".esc_attr($field_id)."' value='".esc_attr($field_value)."' class='".esc_attr($field['type'])."'/>\n";
  82.                 $r .= "\t</div>\n";
  83.         } elseif ( $field['type'] == 'textarea' ) {
  84.                 $r .= "\n<div>\n";
  85.                 $r .= "\t\t<label for='".esc_attr($field_id)."' class='".esc_attr($field['type']) . ( contact_form_is_error($field_id) ? ' form-error' : '' ) . "'>" . htmlspecialchars( $field['label'] ) . ( $field['required'] ? '<span>'. __("(required)") . '</span>' : '' ) . "</label>\n";
  86.                 $r .= "\t\t<textarea name='".esc_attr($field_id)."' id='contact-form-comment-".esc_attr($field_id)."' rows='20'>".htmlspecialchars($field_value)."</textarea>\n";
  87.                 $r .= "\t</div>\n";
  88.         } elseif ( $field['type'] == 'radio' ) {
  89.                 $r .= "\t<div><label class='". ( contact_form_is_error($field_id) ? ' form-error' : '' ) . "'>" . htmlspecialchars( $field['label'] ) . ( $field['required'] ? '<span>'. __("(required)") . '</span>' : '' ) . "</label>\n";
  90.                 foreach ( $field['options'] as $option ) {
  91.                         $r .= "\t\t<input type='radio' name='".esc_attr($field_id)."' value='".esc_attr($option)."' class='".esc_attr($field['type'])."' ".( $option == $field_value ? "checked='checked' " : "")." />\n";
  92.                         $r .= "\t\t<label class='".esc_attr($field['type']) . ( contact_form_is_error($field_id) ? ' form-error' : '' ) . "'>". htmlspecialchars( $option ) . "</label>\n";
  93.                         $r .= "\t\t<div class='clear-form'></div>\n";
  94.                 }
  95.                 $r .= "\t\t</div>\n";
  96.         } elseif ( $field['type'] == 'checkbox' ) {
  97.                 $r .= "\t<div>\n";
  98.                 $r .= "\t\t<input type='checkbox' name='".esc_attr($field_id)."' value='".__('Yes')."' class='".esc_attr($field['type'])."' ".( $field_value ? "checked='checked' " : "")." />\n";
  99.                 $r .= "\t\t<label class='".esc_attr($field['type']) . ( contact_form_is_error($field_id) ? ' form-error' : '' ) . "'>\n";
  100.                 $r .= "\t\t". htmlspecialchars( $field['label'] ) . ( $field['required'] ? '<span>'. __("(required)") . '</span>' : '' ) . "</label>\n";
  101.                 $r .= "\t\t<div class='clear-form'></div>\n";
  102.                 $r .= "\t</div>\n";
  103.         } elseif ( $field['type'] == 'select' ) {
  104.                 $r .= "\n<div>\n";
  105.                 $r .= "\t\t<label for='".esc_attr($field_id)."' class='".esc_attr($field['type']) . ( contact_form_is_error($field_id) ? ' form-error' : '' ) . "'>" . htmlspecialchars( $field['label'] ) . ( $field['required'] ? '<span>'. __("(required)") . '</span>' : '' ) . "</label>\n";
  106.                 $r .= "\t<select name='".esc_attr($field_id)."' id='".esc_attr($field_id)."' value='".esc_attr($field_value)."' class='".esc_attr($field['type'])."'/>\n";
  107.                 foreach ( $field['options'] as $option ) {
  108.                         $option = html_entity_decode( $option );
  109.                         $option = wp_kses( $option, array() );
  110.                         $r .= "\t\t<option".( $option == $field_value ? " selected='selected'" : "").">". esc_html( $option ) ."</option>\n";
  111.                 }
  112.                 $r .= "\t</select>\n";
  113.                 $r .= "\t</div>\n";
  114.         } else {
  115.                 // default: text field
  116.                 // note that any unknown types will produce a text input, so we can use arbitrary type names to handle
  117.                 // input fields like name, email, url that require special validation or handling at POST
  118.                 $r .= "\n<div>\n";
  119.                 $r .= "\t\t<label for='".esc_attr($field_id)."' class='".esc_attr($field['type']) . ( contact_form_is_error($field_id) ? ' form-error' : '' ) . "'>" . htmlspecialchars( $field['label'] ) . ( $field['required'] ? '<span>'. __("(required)") . '</span>' : '' ) . "</label>\n";
  120.                 $r .= "\t\t<input type='text' name='".esc_attr($field_id)."' id='".esc_attr($field_id)."' value='".esc_attr($field_value)."' class='".esc_attr($field['type'])."'/>\n";
  121.                 $r .= "\t</div>\n";
  122.         }
  123.  
  124.         return $r;
  125. }
  126.  
  127. function contact_form_validate_field( $field ) {
  128.         global $contact_form_last_id, $contact_form_errors, $contact_form_values;
  129.  
  130.         $field_id = $field['id'];
  131.         $field_value = isset($_POST[ $field_id ]) ? stripslashes($_POST[ $field_id ]) : '';
  132.  
  133.         # pay special attention to required email fields
  134.         if ( $field['required'] && $field['type'] == 'email' ) {
  135.                 if ( !is_email( $field_value ) ) {
  136.                         if ( !is_wp_error( $contact_form_errors ) ) {
  137.                                 $contact_form_errors = new WP_Error();
  138.                         }
  139.  
  140.                         $contact_form_errors->add( $field_id, sprintf( __( '%s requires a valid email address' ), $field['label'] ) );
  141.                 }
  142.         } elseif ( $field['required'] && !trim($field_value) ) {
  143.                 if ( !is_wp_error($contact_form_errors) ) {
  144.                         $contact_form_errors = new WP_Error();
  145.                 }
  146.  
  147.                 $contact_form_errors->add( $field_id, sprintf( __('%s is required'), $field['label'] ) );
  148.         }
  149.  
  150.         $contact_form_values[ $field_id ] = $field_value;
  151. }
  152.  
  153. function contact_form_is_error( $field_id ) {
  154.         global $contact_form_errors;
  155.  
  156.         return ( is_wp_error( $contact_form_errors ) && $contact_form_errors->get_error_message( $field_id ) );
  157. }
  158.  
  159. // generic shortcode that handles all of the major input types
  160. // this parses the field attributes into an array that is used by other functions for rendering, validation etc
  161. function contact_form_field( $atts, $content, $tag ) {
  162.         global $contact_form_fields, $contact_form_last_id, $grunion_form;
  163.  
  164.         $field = shortcode_atts( array(
  165.                 'label' => null,
  166.                 'type' => 'text',
  167.                 'required' => false,
  168.                 'options' => array(),
  169.                 'id' => null,
  170.                 'default' => null,
  171.         ), $atts);
  172.  
  173.         // special default for subject field
  174.         if ( $field['type'] == 'subject' && is_null($field['default']) )
  175.                 $field['default'] = $grunion_form->subject;
  176.  
  177.         // allow required=1 or required=true
  178.         if ( $field['required'] == '1' || strtolower($field['required']) == 'true' )
  179.                 $field['required'] = true;
  180.         else
  181.                 $field['required'] = false;
  182.  
  183.         // parse out comma-separated options list
  184.         if ( !empty($field['options']) && is_string($field['options']) )
  185.                 $field['options'] = array_map('trim', explode(',', $field['options']));
  186.  
  187.         // make a unique field ID based on the label, with an incrementing number if needed to avoid clashes
  188.         $id = $field['id'];
  189.         if ( empty($id) ) {
  190.                 $id = sanitize_title_with_dashes( $contact_form_last_id . '-' . $field['label'] );
  191.                 $i = 0;
  192.                 while ( isset( $contact_form_fields[ $id ] ) ) {
  193.                         $i++;
  194.                         $id = sanitize_title_with_dashes( $contact_form_last_id . '-' . $field['label'] . '-' . $i );
  195.                 }
  196.                 $field['id'] = $id;
  197.         }
  198.  
  199.         $contact_form_fields[ $id ] = $field;
  200.  
  201.         if ( $_POST )
  202.                 contact_form_validate_field( $field );
  203.  
  204.         return contact_form_render_field( $field );
  205. }
  206.  
  207. add_shortcode('contact-field', 'contact_form_field');
  208.  
  209.  
  210. function contact_form_shortcode( $atts, $content ) {
  211.         global $post;
  212.  
  213.         $default_to = get_option( 'admin_email' );
  214.         $default_subject = "[" . get_option( 'blogname' ) . "]";
  215.  
  216.         if ( !empty( $atts['widget'] ) && $atts['widget'] ) {
  217.                 $default_subject .=  " Sidebar";
  218.         } elseif ( $post->ID ) {
  219.                 $default_subject .= " ". wp_kses( $post->post_title, array() );
  220.                 $post_author = get_userdata( $post->post_author );
  221.                 $default_to = $post_author->user_email;
  222.         }
  223.  
  224.         extract( shortcode_atts( array(
  225.                 'to' => $default_to,
  226.                 'subject' => $default_subject,
  227.                 'show_subject' => 'no', // only used in back-compat mode
  228.                 'widget' => 0 //This is not exposed to the user. Works with contact_form_widget_atts
  229.         ), $atts ) );
  230.  
  231.          $widget = esc_attr( $widget );
  232.  
  233.         if ( ( function_exists( 'faux_faux' ) && faux_faux() ) || is_feed() )
  234.                 return '[contact-form]';
  235.  
  236.         global $wp_query, $grunion_form, $contact_form_errors, $contact_form_values, $user_identity, $contact_form_last_id, $contact_form_message;
  237.  
  238.         // used to store attributes, configuration etc for access by contact-field shortcodes
  239.         $grunion_form = new stdClass();
  240.         $grunion_form->to = $to;
  241.         $grunion_form->subject = $subject;
  242.         $grunion_form->show_subject = $show_subject;
  243.  
  244.         if ( $widget )
  245.                 $id = 'widget-' . $widget;
  246.         elseif ( is_singular() )
  247.                 $id = $wp_query->get_queried_object_id();
  248.         else
  249.                 $id = $GLOBALS['post']->ID;
  250.         if ( !$id ) // something terrible has happened
  251.                 return '[contact-form]';
  252.  
  253.         if ( $id == $contact_form_last_id )
  254.                 return;
  255.         else
  256.                 $contact_form_last_id = $id;
  257.  
  258.         ob_start();
  259.                 wp_nonce_field( 'contact-form_' . $id );
  260.                 $nonce = ob_get_contents();
  261.         ob_end_clean();
  262.  
  263.  
  264.         $body = contact_form_parse( $content );
  265.  
  266.     // Recaptcha
  267.     require_once(ABSPATH .'includes/recaptchalib.php');
  268.     $resp = recaptcha_check_answer ( RECAPTCHA_PRIVATEKEY,
  269.                                      $_SERVER["REMOTE_ADDR"],
  270.                                      @$_POST["recaptcha_challenge_field"],
  271.                                      @$_POST["recaptcha_response_field"] );
  272.  
  273.         $r = "<div id='contact-form-$id'>\n";
  274.  
  275.         $errors = array();
  276.         if ( (is_wp_error( $contact_form_errors ) && $errors = (array) $contact_form_errors->get_error_codes() )
  277.             || (!empty($_POST) && !$resp->is_valid )
  278.         ) {
  279.        
  280.         // If the recaptcha found an error:
  281.         if (!empty($_POST) && !$resp->is_valid )
  282.         {
  283.             if (!is_wp_error( $contact_form_errors ) )
  284.             {
  285.                 $contact_form_errors = new WP_Error();
  286.             }
  287.             $contact_form_errors->add( "", sprintf( __( 'The Captcha is invalid, please try again' ) ) );    
  288.         }
  289.        
  290.                 $r .= "<div class='form-error'>\n<h3>" . __( 'Error!' ) . "</h3>\n<ul class='form-errors'>\n";
  291.                 foreach ( $contact_form_errors->get_error_messages() as $message )
  292.                         $r .= "\t<li class='form-error-message' style=''>$message</li>\n";
  293.                 $r .= "</ul>\n</div>\n\n";
  294.         }
  295.  
  296.         $r .= "<form action='#contact-form-$id' method='post' class='contact-form commentsblock'>\n";
  297.         $r .= $body;
  298.         $r .= "\t<p class='contact-submit'>\n";
  299.         $r .= "\t". recaptcha_get_html( RECAPTCHA_PUBLICKEY ) ."\n\n<br>";
  300.         $r .= "\t\t<input type='submit' value='" . __( "Submit &#187;" ) . "' class='pushbutton-wide'/>\n";
  301.         $r .= "\t\t$nonce\n";
  302.         $r .= "\t\t<input type='hidden' name='contact-form-id' value='$id' />\n";
  303.         $r .= "\t</p>\n";
  304.         $r .= "</form>\n</div>";
  305.  
  306.         // form wasn't submitted, just a GET
  307.         if ( empty($_POST) )
  308.                 return $r;
  309.  
  310.  
  311.         if ( is_wp_error($contact_form_errors) )
  312.                 return $r;
  313.  
  314.  
  315.         $emails = str_replace( ' ', '', $to );
  316.         $emails = explode( ',', $emails );
  317.         foreach ( (array) $emails as $email ) {
  318.                 if ( is_email( $email ) && ( !function_exists( 'is_email_address_unsafe' ) || !is_email_address_unsafe( $email ) ) )
  319.                         $valid_emails[] = $email;
  320.         }
  321.  
  322.         $to = ( $valid_emails ) ? $valid_emails : $default_to;
  323.  
  324.         $message_sent = contact_form_send_message( $to, $subject, $widget );
  325.  
  326.         if ( is_array( $contact_form_values ) )
  327.                 extract( $contact_form_values );
  328.  
  329.         if ( !isset( $comment_content ) )
  330.                 $comment_content = '';
  331.         else
  332.                 $comment_content = wp_kses( $comment_content, array() );
  333.  
  334.  
  335.         $r = "<div id='contact-form-$id'>\n";
  336.  
  337.         $errors = array();
  338.         if ( is_wp_error( $contact_form_errors ) && $errors = (array) $contact_form_errors->get_error_codes() ) :
  339.                 $r .= "<div class='form-error'>\n<h3>" . __( 'Error!' ) . "</h3>\n<p>\n";
  340.                 foreach ( $contact_form_errors->get_error_messages() as $message )
  341.                         $r .= "\t$message<br />\n";
  342.                 $r .= "</p>\n</div>\n\n";
  343.         else :
  344.                 $r .= "<h3>" . __( 'Message Sent' ) . "</h3>\n\n";
  345.                 $r .= wp_kses($contact_form_message, array('br' => array(), 'blockquote' => array())) . "</div>";
  346.         $r = "<h3>Thank You For Your Inquiry</h3>";
  347.  
  348.                 // Reset for multiple contact forms. Hacky
  349.                 $contact_form_values['comment_content'] = '';
  350.  
  351.                 return $r;
  352.         endif;
  353.  
  354.         return $r;
  355. }
  356. add_shortcode( 'contact-form', 'contact_form_shortcode' );
  357.  
  358. function contact_form_send_message( $to, $subject, $widget ) {
  359.         global $post;
  360.  
  361.         if ( !isset( $_POST['contact-form-id'] ) )
  362.                 return;
  363.  
  364.         if ( ( $widget && 'widget-' . $widget != $_POST['contact-form-id'] ) || ( !$widget && $post->ID != $_POST['contact-form-id'] ) )
  365.                 return;
  366.  
  367.         if ( $widget )
  368.                 check_admin_referer( 'contact-form_widget-' . $widget );
  369.         else
  370.                 check_admin_referer( 'contact-form_' . $post->ID );
  371.  
  372.         global $contact_form_values, $contact_form_errors, $current_user, $user_identity;
  373.         global $contact_form_fields, $contact_form_message;
  374.  
  375.         // compact the fields and values into an array of Label => Value pairs
  376.         // also find values for comment_author_email and other significant fields
  377.         $all_values = $extra_values = array();
  378.  
  379.         foreach ( $contact_form_fields as $id => $field ) {
  380.                 if ( $field['type'] == 'email' && !isset( $comment_author_email ) ) {
  381.                         $comment_author_email = $contact_form_values[ $id ];
  382.                         $comment_author_email_label = $field['label'];
  383.                 } elseif  ( $field['type'] == 'name' && !isset( $comment_author ) ) {
  384.                         $comment_author = $contact_form_values[ $id ];
  385.                         $comment_author_label = $field['label'];
  386.                 } elseif ( $field['type'] == 'url' && !isset( $comment_author_url ) ) {
  387.                         $comment_author_url = $contact_form_values[ $id ];
  388.                         $comment_author_url_label = $field['label'];
  389.                 } elseif ( $field['type'] == 'textarea' && !isset( $comment_content ) ) {
  390.                         $comment_content = $contact_form_values[ $id ];
  391.                         $comment_content_label = $field['label'];
  392.                 } else {
  393.                         $extra_values[ $field['label'] ] = $contact_form_values[ $id ];
  394.                 }
  395.  
  396.                 $all_values[ $field['label'] ] = $contact_form_values[ $id ];
  397.         }
  398.  
  399. /*
  400.         $contact_form_values = array();
  401.         $contact_form_errors = new WP_Error();
  402.  
  403.         list($comment_author, $comment_author_email, $comment_author_url) = is_user_logged_in() ?
  404.                 add_magic_quotes( array( $user_identity, $current_user->data->user_email, $current_user->data->user_url ) ) :
  405.                 array( $_POST['comment_author'], $_POST['comment_author_email'], $_POST['comment_author_url'] );
  406. */
  407.  
  408.         $comment_author = stripslashes( apply_filters( 'pre_comment_author_name', $comment_author ) );
  409.  
  410.         $comment_author_email = stripslashes( apply_filters( 'pre_comment_author_email', $comment_author_email ) );
  411.  
  412.         $comment_author_url = stripslashes( apply_filters( 'pre_comment_author_url', $comment_author_url ) );
  413.         if ( 'http://' == $comment_author_url )
  414.                 $comment_author_url = '';
  415.  
  416.         $comment_content = stripslashes( $comment_content );
  417.         $comment_content = trim( wp_kses( $comment_content, array() ) );
  418.  
  419.         if ( empty( $contact_form_subject ) )
  420.                 $contact_form_subject = $subject;
  421.         else
  422.                 $contact_form_subject = trim( wp_kses( $contact_form_subject, array() ) );
  423.  
  424.         $comment_author_IP = $_SERVER['REMOTE_ADDR'];
  425.  
  426.         $vars = array( 'comment_author', 'comment_author_email', 'comment_author_url', 'contact_form_subject', 'comment_author_IP' );
  427.         foreach ( $vars as $var )
  428.                 $$var = str_replace( array("\n", "\r" ), '', $$var ); // I don't know if it's possible to inject this
  429.         $vars[] = 'comment_content';
  430.  
  431.         $contact_form_values = compact( $vars );
  432.  
  433.         $spam = '';
  434.         $akismet_values = contact_form_prepare_for_akismet( $contact_form_values );
  435.         $is_spam = apply_filters( 'contact_form_is_spam', $akismet_values );
  436.         if ( is_wp_error( $is_spam ) )
  437.                 return; // abort
  438.         else if ( $is_spam === TRUE )
  439.                 $spam = '***SPAM*** ';
  440.  
  441.         if ( !$comment_author )
  442.                 $comment_author = $comment_author_email;
  443.  
  444.         $headers = 'From: ' . wp_kses( $comment_author, array() ) .
  445.                 ' <' . wp_kses( $comment_author_email, array() ) . ">\r\n" .
  446.                 'Reply-To: ' . wp_kses( $comment_author_email, array() ) . "\r\n" .
  447.                 "Content-Type: text/plain; charset=\"" . get_option('blog_charset') . "\"";
  448.         $subject = apply_filters( 'contact_form_subject', $spam . $contact_form_subject );
  449.         $subject = wp_kses( $subject, array() );
  450.  
  451.         $time = date_i18n( __('l F j, Y \a\t g:i a'), current_time( 'timestamp' ) );
  452.  
  453.         $extra_content = '';
  454.  
  455.         foreach ( $extra_values as $label => $value ) {
  456.                 $extra_content .= $label . ': ' . trim($value) . "\n";
  457.                 $extra_content_br .= wp_kses( $label, array() ) . ': ' . wp_kses( trim($value), array() ) . "<br />";
  458.         }
  459.  
  460.         $message = $comment_author_label . ": " . $comment_author . "
  461. " . $comment_author_email_label . ": " . $comment_author_email . "
  462. " . $comment_author_url_label . ": " . $comment_author_url . "
  463. " . $comment_content_label . ": " . $comment_content . "
  464. $extra_content
  465.  
  466. " . __( "Time:" ) . " " . $time . "
  467. " . __( "IP Address:" ) . " " . $comment_author_IP . "
  468. " . __( "Contact Form URL:" ) . " " . get_permalink( $post->ID ) . "
  469.  
  470. ";
  471.  
  472.         // Construct message that is returned to user
  473.         $contact_form_message = "<blockquote>";
  474.         if (isset($comment_author_label))
  475.                 $contact_form_message .= wp_kses( $comment_author_label, array() ) . ": " . wp_kses( $comment_author, array() ) . "<br />";
  476.     if (isset($comment_author_email_label))
  477.                 $contact_form_message .= wp_kses( $comment_author_email_label, array() ) . ": " . wp_kses( $comment_author_email, array() ) . "<br />";
  478.     if (isset($comment_author_url_label))
  479.                 $contact_form_message .= wp_kses( $comment_author_url_label, array() ) . ": " . wp_kses( $comment_author_url, array() ) . "<br />";
  480.         if (isset($comment_content_label))
  481.                 $contact_form_message .= wp_kses( $comment_content_label, array() ) . ": " . wp_kses( $comment_content, array() ) . "<br />";
  482.         if (isset($extra_content_br))
  483.                 $contact_form_message .= $extra_content_br;
  484.         $contact_form_message .= "</blockquote><br /><br />";
  485.  
  486.         if ( is_user_logged_in() ) {
  487.                 $message .= sprintf(
  488.                         __( "\nSent by a verified %s user." ),
  489.                         isset( $GLOBALS['current_site']->site_name ) && $GLOBALS['current_site']->site_name ? $GLOBALS['current_site']->site_name : '"' . get_option( 'blogname' ) . '"'
  490.                 );
  491.         } else {
  492.                 $message .= __( "Sent by an unverified visitor to your site." );
  493.         }
  494.  
  495.         $message = apply_filters( 'contact_form_message', $message );
  496.         $message = wp_kses( $message, array() );
  497.  
  498.         $to = apply_filters( 'contact_form_to', $to );
  499.  
  500.         foreach ( (array) $to as $to_key => $to_value ) {
  501.                 $to[$to_key] = wp_kses( $to_value, array() );
  502.         }
  503.  
  504.         // keep a copy of the feedback as a custom post type
  505.         $feedback_mysql_time = current_time( 'mysql' );
  506.         $feedback_title = "{$comment_author} - {$feedback_mysql_time}";
  507.         $feedback_status = 'publish';
  508.         if ( $is_spam === TRUE )
  509.                 $feedback_status = 'spam';
  510.  
  511.         foreach ( (array) $akismet_values as $av_key => $av_value ) {
  512.                 $akismet_values[$av_key] = wp_kses( $av_value, array() );
  513.         }
  514.  
  515.         foreach ( (array) $all_values as $all_key => $all_value ) {
  516.                 $all_values[$all_key] = wp_kses( $all_value, array() );
  517.         }
  518.  
  519.         foreach ( (array) $extra_values as $ev_key => $ev_value ) {
  520.                 $ev_values[$ev_key] = wp_kses( $ev_value, array() );
  521.         }
  522.  
  523.         # We need to make sure that the post author is always zero for contact
  524.         # form submissions.  This prevents export/import from trying to create
  525.         # new users based on form submissions from people who were logged in
  526.         # at the time.
  527.         #
  528.         # Unfortunately wp_insert_post() tries very hard to make sure the post
  529.         # author gets the currently logged in user id.  That is how we ended up
  530.         # with this work around.
  531.         global $do_grunion_insert;
  532.         $do_grunion_insert = TRUE;
  533.         add_filter( 'wp_insert_post_data', 'grunion_insert_filter', 10, 2 );
  534.  
  535.         $post_id = wp_insert_post( array(
  536.                 'post_date'             => $feedback_mysql_time,
  537.                 'post_type'             => 'feedback',
  538.                 'post_status'   => $feedback_status,
  539.                 'post_parent'   => $post->ID,
  540.                 'post_title'    => wp_kses( $feedback_title, array() ),
  541.                 'post_content'  => wp_kses($comment_content . "\n<!--more-->\n" . "AUTHOR: {$comment_author}\nAUTHOR EMAIL: {$comment_author_email}\nAUTHOR URL: {$comment_author_url}\nSUBJECT: {$contact_form_subject}\nIP: {$comment_author_IP}\n" . print_r( $all_values, TRUE ), array()), // so that search will pick up this data
  542.                 'post_name'             => md5( $feedback_title )
  543.         ) );
  544.  
  545.         # once insert has finished we don't need this filter any more
  546.         remove_filter( 'wp_insert_post_data', 'grunion_insert_filter' );
  547.         $do_grunion_insert = FALSE;
  548.  
  549.         update_post_meta( $post_id, '_feedback_author', wp_kses( $comment_author, array() ) );
  550.         update_post_meta( $post_id, '_feedback_author_email', wp_kses( $comment_author_email, array() ) );
  551.         update_post_meta( $post_id, '_feedback_author_url', wp_kses( $comment_author_url, array() ) );
  552.         update_post_meta( $post_id, '_feedback_subject', wp_kses( $contact_form_subject, array() ) );
  553.         update_post_meta( $post_id, '_feedback_ip', wp_kses( $comment_author_IP, array() ) );
  554.         update_post_meta( $post_id, '_feedback_contact_form_url', wp_kses( get_permalink( $post->ID ), array() ) );
  555.         update_post_meta( $post_id, '_feedback_all_fields', $all_values );
  556.         update_post_meta( $post_id, '_feedback_extra_fields', $extra_values );
  557.         update_post_meta( $post_id, '_feedback_akismet_values', $akismet_values );
  558.         update_post_meta( $post_id, '_feedback_email', array( 'to' => $to, 'subject' => $subject, 'message' => $message, 'headers' => $headers ) );
  559.  
  560.         do_action( 'grunion_pre_message_sent', $post_id, $all_values, $extra_values );
  561.  
  562.     // defining the autoresponse
  563.     $autoEmail_to      = wp_kses( $comment_author_email, array() );
  564.     $autoEmail_subject = '[PostClick] Thank you for your inquiry';
  565.     $autoEmail_message = 'Thank you for your interest in PostClick. We will get in touch with you shortly to answer your question.<br>
  566. <ul>
  567.     <li>PostClick is Australia‚Ä≤s leading site representation firm</li>
  568.     <li>We are strategically positioned to offer media agencies and advertisers innovative, fully-optimised business solutions</li>
  569.     <li>We service specialist mid-tail sectors across business, finance, SME, news, lifestyle, technology and ethnic internet spaces</li>
  570.     <li>Our sites reach over 6 million monthly unique visitors and deliver over 70 million AU page impressions each month</li>
  571.     <li>Only PostClick offers site-specific, channel, run-of-network and bespoke offerings across more than 300 Australian and International websites</li>
  572. </ul>
  573. <br>
  574. We look forward to talking to you soon.
  575. <br><br>
  576. Kind regards,
  577. <br><br>
  578. Postclick Team';
  579.         $autoEmail_headers = 'From: ' . wp_kses( "info@postlick.com.au", array() ) .
  580.                 ' <' . wp_kses( $comment_author_email, array() ) . ">\r\n" .
  581.                 'Reply-To: ' . wp_kses( $comment_author_email, array() ) . "\r\n" .
  582.                 "Content-Type: text/html; charset=\"" . get_option('blog_charset') . "\"";
  583.  
  584.         if ( $is_spam !== TRUE )
  585.     {
  586.         wp_mail( $autoEmail_to, $autoEmail_subject, $autoEmail_message, $autoEmail_headers );
  587.                 return wp_mail( $to, $subject, $message, $headers );
  588.     }
  589.         elseif ( apply_filters( 'grunion_still_email_spam', FALSE ) == TRUE )
  590.     {
  591.         wp_mail( $autoEmail_to, $autoEmail_subject, $autoEmail_message, $autoEmail_headers );
  592.                 return wp_mail( $to, $subject, $message, $headers );
  593.     }
  594.  
  595.         return true;
  596. }
  597.  
  598. // populate an array with all values necessary to submit a NEW comment to Akismet
  599. // note that this includes the current user_ip etc, so this should only be called when accepting a new item via $_POST
  600. function contact_form_prepare_for_akismet( $form ) {
  601.  
  602.         $form['comment_type'] = 'contact_form';
  603.         $form['user_ip']      = preg_replace( '/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR'] );
  604.         $form['user_agent']   = $_SERVER['HTTP_USER_AGENT'];
  605.         $form['referrer']     = $_SERVER['HTTP_REFERER'];
  606.         $form['blog']         = get_option( 'home' );
  607.  
  608.         $ignore = array( 'HTTP_COOKIE' );
  609.  
  610.         foreach ( $_SERVER as $k => $value )
  611.                 if ( !in_array( $k, $ignore ) && is_string( $value ) )
  612.                         $form["$k"] = $value;
  613.  
  614.         return $form;
  615. }
  616.  
  617. // submit an array to Akismet. If you're accepting a new item via $_POST, run it through contact_form_prepare_for_akismet() first
  618. function contact_form_is_spam_akismet( $form ) {
  619.         if ( !function_exists( 'akismet_http_post' ) )
  620.                 return false;
  621.  
  622.         global $akismet_api_host, $akismet_api_port;
  623.  
  624.         $query_string = '';
  625.         foreach ( array_keys( $form ) as $k )
  626.                 $query_string .= $k . '=' . urlencode( $form[$k] ) . '&';
  627.  
  628.         $response = akismet_http_post( $query_string, $akismet_api_host, '/1.1/comment-check', $akismet_api_port );
  629.         $result = false;
  630.         if ( 'true' == trim( $response[1] ) ) // 'true' is spam
  631.                 $result = true;
  632.         return apply_filters( 'contact_form_is_spam_akismet', $result, $form );
  633. }
  634.  
  635. // submit a comment as either spam or ham
  636. // $as should be a string (either 'spam' or 'ham'), $form should be the comment array
  637. function contact_form_akismet_submit( $as, $form ) {
  638.         global $akismet_api_host, $akismet_api_port;
  639.  
  640.         if ( !in_array( $as, array( 'ham', 'spam' ) ) )
  641.                 return false;
  642.  
  643.         $query_string = '';
  644.         foreach ( array_keys( $form ) as $k )
  645.                 $query_string .= $k . '=' . urlencode( $form[$k] ) . '&';
  646.  
  647.         $response = akismet_http_post( $query_string, $akismet_api_host, '/1.1/submit-'.$as, $akismet_api_port );
  648.         return trim( $response[1] );
  649. }
  650.  
  651. function contact_form_widget_atts( $text ) {
  652.         static $widget = 0;
  653.  
  654.         $widget++;
  655.  
  656.         return str_replace( '[contact-form', '[contact-form widget="' . $widget . '"', $text );
  657. }
  658. add_filter( 'widget_text', 'contact_form_widget_atts', 0 );
  659.  
  660. function contact_form_widget_shortcode_hack( $text ) {
  661.         $old = $GLOBALS['shortcode_tags'];
  662.         remove_all_shortcodes();
  663.         add_shortcode( 'contact-form', 'contact_form_shortcode' );
  664.         $text = do_shortcode( $text );
  665.         $GLOBALS['shortcode_tags'] = $old;
  666.         return $text;
  667. }
  668.  
  669. function contact_form_init() {
  670.         if ( function_exists( 'akismet_http_post' ) ) {
  671.                 add_filter( 'contact_form_is_spam', 'contact_form_is_spam_akismet', 10 );
  672.                 add_action( 'contact_form_akismet', 'contact_form_akismet_submit', 10, 2 );
  673.         }
  674.         if ( !has_filter( 'widget_text', 'do_shortcode' ) )
  675.                 add_filter( 'widget_text', 'contact_form_widget_shortcode_hack', 5 );
  676.  
  677.         // custom post type we'll use to keep copies of the feedback items
  678.         register_post_type( 'feedback', array(
  679.                 'labels'        => array(
  680.                         'name'                  => __( 'Feedbacks' ),
  681.                         'singular_name' => __( 'Feedback' ),
  682.                         'search_items'  => __( 'Search Feedback' ),
  683.                         'not_found'             => __( 'No feedback found' ),
  684.                         'not_found_in_trash'    => __( 'No feedback found' )
  685.                 ),
  686.                 'menu_icon'             => GRUNION_PLUGIN_URL . '/images/grunion-menu.png',
  687.                 'show_ui'               => TRUE,
  688.                 'public'                => FALSE,
  689.                 'rewrite'               => FALSE,
  690.                 'query_var'             => FALSE,
  691.                 'capability_type'       => 'page'
  692.         ) );
  693.  
  694.         register_post_status( 'spam', array(
  695.                 'label'                 => 'Spam',
  696.                 'public'                => FALSE,
  697.                 'exclude_from_search'   => TRUE,
  698.                 'show_in_admin_all_list'=> FALSE,
  699.                 'label_count' => _n_noop( 'Spam <span class="count">(%s)</span>', 'Spam <span class="count">(%s)</span>' ),
  700.                 'protected'             => TRUE,
  701.                 '_builtin'              => FALSE
  702.         ) );
  703.  
  704.         /* Can be dequeued by placing the following in wp-content/themes/yourtheme/functions.php
  705.          *
  706.          *      function remove_grunion_style() {
  707.          *              wp_deregister_style('grunion.css');
  708.          *      }
  709.          *      add_action('wp_print_styles', 'remove_grunion_style');
  710.          */
  711.  
  712.         wp_register_style('grunion.css', GRUNION_PLUGIN_URL . 'css/grunion.css');
  713. }
  714. add_action( 'init', 'contact_form_init' );
  715.  
  716. /**
  717.  * Add a contact form button to the post composition screen
  718.  */
  719. add_action( 'media_buttons', 'grunion_media_button', 999 );
  720. function grunion_media_button( ) {
  721.         global $post_ID, $temp_ID;
  722.         $iframe_post_id = (int) (0 == $post_ID ? $temp_ID : $post_ID);
  723.         $title = esc_attr( __( 'Add a custom form' ) );
  724.         $plugin_url = esc_url( GRUNION_PLUGIN_URL );
  725.         $site_url = admin_url( "/admin-ajax.php?post_id=$iframe_post_id&amp;grunion=form-builder&amp;action=grunion_form_builder&amp;TB_iframe=true&amp;width=768" );
  726.  
  727.         echo '<a href="' . $site_url . '&id=add_form" class="thickbox" title="' . $title . '"><img src="' . $plugin_url . '/images/grunion-form.png" alt="' . $title . '" width="13" height="12" /></a>';
  728. }
  729.  
  730.  
  731. if ( !empty( $_GET['grunion'] ) && $_GET['grunion'] == 'form-builder' ) {
  732.         add_action( 'parse_request', 'parse_wp_request' );
  733.         add_action( 'wp_ajax_grunion_form_builder', 'parse_wp_request' );
  734. }
  735.  
  736. function parse_wp_request( $wp ) {
  737.         display_form_view( );
  738.         exit;
  739. }
  740.  
  741. function display_form_view( ) {
  742.         require_once GRUNION_PLUGIN_DIR . 'grunion-form-view.php';
  743. }
  744.  
  745. function menu_alter() {
  746.     echo '
  747.         <style>
  748.         #menu-posts-feedback .wp-menu-image img { display: none; }
  749.         #adminmenu .menu-icon-feedback:hover div.wp-menu-image, #adminmenu .menu-icon-feedback.wp-has-current-submenu div.wp-menu-image, #adminmenu .menu-icon-feedback.current div.wp-menu-image { background: url("' .GRUNION_PLUGIN_URL . '/images/grunion-menu-hover.png") no-repeat 6px 7px !important; }
  750.         #adminmenu .menu-icon-feedback div.wp-menu-image, #adminmenu .menu-icon-feedback div.wp-menu-image, #adminmenu .menu-icon-feedback div.wp-menu-image { background: url("' . GRUNION_PLUGIN_URL . '/images/grunion-menu.png") no-repeat 6px 7px !important; }
  751.         </style>';
  752. }
  753.  
  754. add_action('admin_head', 'menu_alter');
  755.  
  756. function grunion_insert_filter( $data, $postarr ) {
  757.         global $do_grunion_insert;
  758.  
  759.         if ( $do_grunion_insert === TRUE ) {
  760.                 if ( $data['post_type'] == 'feedback' ) {
  761.                         if ( $postarr['post_type'] == 'feedback' ) {
  762.                                 $data['post_author'] = 0;
  763.                         }
  764.                 }
  765.         }
  766.  
  767.         return $data;
  768. }