* @version 4.0 * @package CC_FB */ // Error reporting should be disabled in favor of // our customer error messages. error_reporting(0); /** * The version of CoffeeCup Flash Form Builder that * generated this script. */ define('CC_FB_VERSION', '8.0'); /** * The release date of the version of CoffeeCup Flash Form * Builder that generated this script. */ define('CC_FB_LAST_UPDATED', '08/31/2007'); /** * The version of this script. */ define('CC_FB_SCRIPT_VERSION', '5.0'); /** * The release date of this script. */ define('CC_FB_SCRIPT_LAST_UPDATED', '05/27/2009'); /** * Will the owner of this form be emailed the * form data */ define('CC_FB_DO_EMAIL',true); /** * To default To address. */ define('CC_FB_TO_EMAIL', 'csab@upcmail.nl'); /** * The default CC address. */ define('CC_FB_CC_EMAIL', ''); /** * The default BCC address. */ define('CC_FB_BCC_EMAIL', ''); /** * The message to send to the form owner */ define('CC_FB_OWNER_MESSAGE', '[FORMOWNERMSG]'); /** * If we should send a message back to the user. */ define('CC_FB_AUTO_REPLY', false); /** * The subject of the message to be sent to the user. */ define('CC_FB_AUTO_REPLY_SUBJECT', ''); /** * If we should include the form results * in the message we send to the user. */ define('CC_FB_AUTO_REPLY_FORM_RESULTS', false); /** * The position of the auto-reply message * in the email. */ define('CC_FB_AUTO_REPLY_POSITION', 'bottom'); /** * The page to redirect to after the form is submitted. */ define('CC_FB_RESULTS_REDIRECT', 'http://www.zoek.nl'); /** * The address of the database where the form results * will be saved. */ define('CC_FB_DB_ADDRESS', '[ADDRESS]'); /** * The port number of the database where the form results * will be saved. */ define('CC_FB_DB_PORT', '[DBPORT]'); /** * The username for the database where the form results * will be saved. */ define('CC_FB_DB_USERNAME', '[DBUSER]'); /** * The password for the database where the form results * will be saved. */ define('CC_FB_DB_PASSWORD', '[DBPASS]'); /** * The name of the database where the form results * will be saved. */ define('CC_FB_DB_NAME', '[DBNAME]'); /** * The name of the database table where the form results * will be saved. */ define('CC_FB_DB_TABLE', '[DBTABLE]'); /** * The file to log the form results to if necessary. */ define('CC_FB_SAVE_FILE', '[FILENAME]'); /** * The filetypes that are acceptable for file uploads. */ define('CC_FB_ACCEPTABLE_FILE_TYPES', 'txt|gif|jpg|jpeg|zip|doc|png|pdf|rtf|html|docx|xsls'); /** * The directory where files are uploaded */ define('CC_FB_UPLOADS_DIRECTORY', 'files'); /** * The extension that gets added to file uploads */ define('CC_FB_UPLOADS_EXTENSION', '_fbu'); /** * Will we save the file uploads to the server */ define('CC_FB_ATTACHMENT_SAVETOSERVER',false); /** * Will we save the file uploads to the db */ define('CC_FB_ATTACHMENT_SAVETODB',false); /** * Will we send the file upload as an attachment */ define('CC_FB_ATTACHMENT_ADDTOEMAIL',false); /** * Sendmail Message EOL's */ define('CC_FB_SENDMAIL_EOL',"\r\n"); // Makes sure that the user is using the required version // of PHP as specified by {@link CC_FB_PHP_VERSION}. if(!version_compare(PHP_VERSION, CC_FB_PHP_VERSION, '>=')) { printMessage('Invalid PHP Version', "We're sorry but CoffeeCup Form Builder requires PHP version " . CC_FB_PHP_VERSION . ' or greater. Please contact your server ' . 'administrator.'); } // Strip slashes if the server has magic quotes enabled. if(get_magic_quotes_gpc()) { $_POST = array_map("stripslashes", $_POST); } // John will need to fix this in the swf file. foreach($_POST as $key => $value) { $_POST[str_replace('_', ' ', $key)] = $value; } // Let's sanitize some header fields before it gets us in any trouble. foreach(array('eM','_ALT_EMAIL','subject') as $key) { if(isset($_POST[$key])) { $_POST[$key] = headerEscape($_POST[$key]); } } // Let's make sure no one is trying to do anything funky with filenames. if(isset($_POST['Uploaded_File'])) { $_POST['Uploaded_File'] = filenameEscape($_POST['Uploaded_File']); } if(isset($_FILES['Filedata']['name'])) { $_FILES['Filedata']['name'] = filenameEscape($_FILES['Filedata']['name']); } // If the '$_FILES['Filedata']' is populated, process the // file upload. if(isset($_FILES['Filedata'])) { processFileUpload(); } // If the '$_POST' superglobal array is populated, // process the form results. elseif(is_array($_POST) && count($_POST) > 0) { processMailForm(); } // If all else fails, print out a blank page with version // numbers and release dates. printMessage(); /** * Process the mail form results. * * This method is in charge of processing the mail form which * is posted from the CoffeeCup Flash Form Builder SWF. This * process includes: * * - Retrieving the preferences from the included CoffeeCup Flash * Form Builder XML preferences file. * - Formats output for file output as well as for an email to * the form user and the form owner as necesarry. * - Writes output to a file and sends it to the form user and * the form owner as necessary. * - Writes form results to a database if necesarry. */ function processMailForm() { fixUploadedFileName(); $preferences = getPreferences(); foreach($preferences['form_fields'] as $key => $value) { if(trim($_POST[$key]) != '') { $owner_email_response .= "$key: {$_POST[$key]}\n\n"; $txt_file .= "$key: {$_POST[$key]}|"; // Make sure we aren't displaying hidden fields // to end-users if($value['type'] != 'hiddenfield') { $user_email_response .= "$key: {$_POST[$key]}\n\n"; $form_response .= "$key: {$_POST[$key]}
\n"; } } } // If a file was uploaded, add the appropriate data to the response // fields if($_POST['Uploaded_File'] != "") { $owner_email_response .= "Uploaded File: {$_POST['Uploaded_File']}"; $user_email_response .= "Uploaded File: {$_POST['Uploaded_File']}"; $form_response .= " Uploaded File: {$_POST['Uploaded_File']}" . "
\n"; $txt_file .= "Uploaded File: {$_POST['Uploaded_File']}|"; } sendResponseEmails($owner_email_response, $user_email_response, $preferences); writeResponseToFile($txt_file); writeResponseToDatabase($preferences); // Make sure we delete the file from the server if the user doesn't // want it if(!CC_FB_ATTACHMENT_SAVETOSERVER && $_POST['Uploaded_File'] != '') { @unlink(CC_FB_UPLOADS_DIRECTORY . "/{$_POST['Uploaded_File']}"); } printResponsePage($form_response, $preferences); } /** * Send response emails to the appropriate recipients. * * Sends an email to the scripts owner as well as the end-user * if appropriate. If the sending of mail fails, an error * message will be printed out to the screen. * * @param string $owner_email_response the message to mail to the owner. * @param string $user_email_response the message to mail to the user. * @param array $preferences the CoffeeCup Flash Form Builder Preferences. */ function sendResponseEmails($owner_email_response, $user_email_response, $preferences) { // If the program is unregistered, add the unregistered message. if($_POST['unreg']) { $unreg = "------------------------\n" . "This Form was sent to you using CoffeeCup Form Builder." . "\nPlease tell a friend about us: " . "http://www.coffeecup.com/form-builder/"; } // Set up the CC field if necessary if(CC_FB_CC_EMAIL != '') { $cc = 'Cc: ' . CC_FB_CC_EMAIL . CC_FB_SENDMAIL_EOL; } // Set up the BCC field if necessary if(CC_FB_BCC_EMAIL != '') { $bcc = 'Bcc: ' . CC_FB_BCC_EMAIL . CC_FB_SENDMAIL_EOL; } // Use the alternative email if one is provided $mail_to = ($_POST['_ALT_EMAIL'] != '' ? $_POST['_ALT_EMAIL'] : CC_FB_TO_EMAIL); // Set a default subject if one is not provided $subject = ($_POST['subject'] != '' ? parseMessage($_POST['subject'], $preferences) : 'Form Submission'); // Set up the default mail headers $headers = 'MIME-Version: 1.0' . CC_FB_SENDMAIL_EOL . 'Content-Type: text/plain; charset=utf-8' . CC_FB_SENDMAIL_EOL . 'Content-Transfer-Encoding: 7bit' . CC_FB_SENDMAIL_EOL; // Set up the default owner message if on is not provided if(CC_FB_OWNER_MESSAGE == '[FORMOWNERMSG]') { $form_owner_msg = 'Here is the information submitted to ' . "{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']} from " . "{$_SERVER['REMOTE_ADDR']} on " . date("l, F dS, Y \a\\t g:i a") . ".\n------------------------\n$owner_email_response$unreg"; } else { $form_owner_msg = parseMessage(CC_FB_OWNER_MESSAGE, $preferences); } // Add the uploaded file as an attachment if the user has // request we do so if(CC_FB_ATTACHMENT_ADDTOEMAIL && $_POST['Uploaded_File'] != '') { if(!($contents = file_get_contents(CC_FB_UPLOADS_DIRECTORY . "/{$_POST['Uploaded_File']}"))) { printMessage('Unable To Open Attachment File',"We're sorry but " . 'we were unable to open your uploaded file to attatch it for ' . 'email. Please be sure that you have the proper permissions.'); } $attachment = chunk_split(base64_encode($contents)); // Setup the unique mime boundary $mime_boundary = md5(time()); // Set up the form owner mail headers $form_owner_headers = 'MIME-Version: 1.0' . CC_FB_SENDMAIL_EOL . 'Content-Type: multipart/mixed; ' . "boundary=\"$mime_boundary\"" . CC_FB_SENDMAIL_EOL; // Set up the new form owner message $form_owner_msg = CC_FB_SENDMAIL_EOL . "--$mime_boundary" . CC_FB_SENDMAIL_EOL . 'Content-Type: text/plain; charset=utf-8' . CC_FB_SENDMAIL_EOL . 'Content-Transfer-Encoding: 7bit' . CC_FB_SENDMAIL_EOL. CC_FB_SENDMAIL_EOL . $form_owner_msg . CC_FB_SENDMAIL_EOL. CC_FB_SENDMAIL_EOL . "--$mime_boundary" . CC_FB_SENDMAIL_EOL . 'Content-Type: application/octet-stream ' . "name=\"{$_POST['Uploaded_File']}\"" . CC_FB_SENDMAIL_EOL . "Content-Transfer-Encoding: base64" . CC_FB_SENDMAIL_EOL . "Content-Description: {$_POST['Uploaded_File']}" . CC_FB_SENDMAIL_EOL . "Content-Disposition: attachment; " . "filename=\"{$_POST['Uploaded_File']}\"" . CC_FB_SENDMAIL_EOL . CC_FB_SENDMAIL_EOL . "$attachment" . CC_FB_SENDMAIL_EOL. CC_FB_SENDMAIL_EOL; "--$mime_boundary--" . CC_FB_SENDMAIL_EOL . CC_FB_SENDMAIL_EOL; } else { $form_owner_headers = $headers; } // If we collected the end-user's email if($_POST['eM']) { // Get all the headers without the From: portion // so that we can do something fancy if the first // attempt to send the message fails $headers_without_from = "Reply-To: {$_POST['eM']}" . CC_FB_SENDMAIL_EOL . "Return-Path: {$_POST['eM']}" . CC_FB_SENDMAIL_EOL . "$cc$bcc" . 'Message-ID: <' . time() . "-{$_POST['eM']}>" . CC_FB_SENDMAIL_EOL . 'X-Mailer: PHP v' . phpversion() . CC_FB_SENDMAIL_EOL . $form_owner_headers; // Send a message to the form's owner with the end-user's email // as the reply-to address. if(CC_FB_DO_EMAIL && !(mail($mail_to,$subject, $form_owner_msg, "From: {$_POST['eM']}" . CC_FB_SENDMAIL_EOL . $headers_without_from)) && !(mail($mail_to,$subject, $form_owner_msg, 'From: CoffeeCup Flash Form Builder ' . "" . CC_FB_SENDMAIL_EOL . $headers_without_from))) { printMessage('Unable To Send E-Mail', "We're sorry but we were unable to send your e-mail. " . 'If you are sure that you entered all your email ' . 'addresses properly, you should contact your server ' . 'administrator.'); } // If necesarry, send a message to the end-user as well. if(CC_FB_AUTO_REPLY) { $form_user_msg = parseMessage('', $preferences); $form_user_subject = parseMessage(CC_FB_AUTO_REPLY_SUBJECT, $preferences); if(CC_FB_AUTO_REPLY_FORM_RESULTS) { $form_user_msg = CC_FB_AUTO_REPLY_POSITION == 'top' ? "$form_user_msg\n\n$user_email_response" : "$user_email_response\n\n$form_user_msg"; } // Get all the headers without the From: portion // so that we can do something fancy if the first // attempt to send the message fails $headers_without_from = "Reply-To: $mail_to" . CC_FB_SENDMAIL_EOL . "Return-Path: $mail_to" . CC_FB_SENDMAIL_EOL . 'Message-ID: <' . time() . "-$mail_to>" . CC_FB_SENDMAIL_EOL . 'X-Mailer: PHP v' . phpversion() . CC_FB_SENDMAIL_EOL . $headers; mail($_POST['eM'],$form_user_subject, "$form_user_msg$unreg", "From: $mail_to" . CC_FB_SENDMAIL_EOL . $headers_without_from) || mail($_POST['eM'],$form_user_subject, "$form_user_msg$unreg", "From: {$_SERVER['SERVER_NAME']} Form " . "" . CC_FB_SENDMAIL_EOL . $headers_without_from); } } // Send a message to the form's owner. elseif(CC_FB_DO_EMAIL && !(mail($mail_to,$subject, $form_owner_msg, 'From: CoffeeCup Flash Form Builder ' . "" . CC_FB_SENDMAIL_EOL . "$cc$bcc" . 'Message-ID: <' . time() . "-formbuilder@{$_SERVER['SERVER_NAME']}>" . CC_FB_SENDMAIL_EOL . 'X-Mailer: PHP v' . phpversion() . CC_FB_SENDMAIL_EOL . $form_owner_headers))) { printMessage('Unable To Send E-Mail', "We're sorry but we were unable to send your e-mail. " . 'If you are sure that you entered all your email ' . 'addresses properly, you should contact your server ' . 'administrator.'); } } /** * Parses owner-defined email message * * Loops through posted form values and replaces all form * elements in the $message with their corresponding values. * * @param string $message an owner-defined email message * @param array $preferences the CoffeeCup Flash Form Builder Preferences. */ function parseMessage($message, $preferences) { foreach($preferences['form_fields'] as $key => $value) { $message = str_replace('[' . $key . ']', $_POST[$key], $message); } return $message; } /** * Gets the real name of the file that was uploaded. * * Since the file upload occurs in a different request, * this method helps us resolve what the name of the * uploaded file was in case it was renamed. */ function fixUploadedFileName() { if($_POST['Uploaded_File'] != '') { $extension = substr($_POST['Uploaded_File'], strrpos($_POST['Uploaded_File'], '.')); $basename = basename($_POST['Uploaded_File'], $extension); while(file_exists(CC_FB_UPLOADS_DIRECTORY . "/$basename". CC_FB_UPLOADS_EXTENSION . "$i$extension")) { $new_upload_name = "$basename". CC_FB_UPLOADS_EXTENSION . "$i$extension"; $i++; } } $_POST['Uploaded_File'] = $new_upload_name; } /** * Write form response to a database. * * Writes the form response to the database specified at 'CC_FB_DB_ADDRESS' * if appropriate. If the database doesn't it exist, the CC_FB_DB_TABLE * table doesn't exist or if the CC_FB_DB_TABLE table doesn't comply with * the structure of the current form then the database will be restructured * accordingly. * * @param array $preferences the CoffeeCup Flash Form Builder Preferences. */ function writeResponseToDatabase($preferences) { // If the CC_FB_DB_ADDRESS constant has been populated, then // the user wants to write their data to a database. if(CC_FB_DB_ADDRESS != '[ADDRESS]') { // First and foremost, lets make sure they have the mysql extension // loaded. if(!extension_loaded('mysql')) { printMessage('Unable to use MySQL', "We're sorry but you must have the MySQL extensions loaded " . 'in your PHP configuration in order to save your form '. 'results to a MySQL database. Please contact your ' . 'server administrator.'); } // Secondly, lets make sure we can connect to their database. elseif(!($link = mysql_connect(CC_FB_DB_ADDRESS . ':' . CC_FB_DB_PORT, CC_FB_DB_USERNAME, CC_FB_DB_PASSWORD))) { printMessage('Unable to Connect to Database Server.', "We're sorry but we were unable to connect to your database " . 'server. Please be sure you have entered your database ' . 'settings correctly.'); } // If we can't select their DB, lets try to create our own. elseif(!mysql_select_db(CC_FB_DB_NAME, $link)) { if(!mysql_query('CREATE DATABASE ' . CC_FB_DB_NAME, $link)) { printMessage('Unable to Create Database.', "We're sorry but we were unable to create your database. " . 'If you believe the database already exists, please ' . 'be sure that you have the proper permissions to ' . 'select it. Otherwise, please be sure that you ' . 'have permissions to create databases. If you ' . 'are still experiencing troubles, please contact ' . 'your server administrator.'); } elseif(!mysql_select_db(CC_FB_DB_NAME, $link)) { printMessage('Unable to select Database.', "We're sorry but we were unable to select your database. " . 'Please be sure that you have the proper permissions to ' . 'select it. If you are still experiencing trouble, ' . 'please contact your server administrator.'); } } // If a form_results table exists, make sure it is in the // proper format. if(mysql_num_rows(mysql_query("SHOW TABLES LIKE '" . CC_FB_DB_TABLE . "'", $link)) != 0) { if(!($results = mysql_query('SHOW COLUMNS FROM `' . CC_FB_DB_TABLE . '`', $link))) { printMessage('Unable to Query Database.', "We're sorry but we were unable to query your database " . 'table. Please be sure that you have the proper ' . 'permissions to select from the ' . CC_FB_DB_TABLE . ' table. If you are still experiencing trouble, ' . 'please contact your server administrator.'); } while($row = mysql_fetch_assoc($results)) { if($row['Field'] != 'id' && $row['Field'] != 'created_at') { $columns[$row['Field']] = $row; } } if(!formFieldsEqualsTableFields($preferences['form_fields'], $columns)) { archiveOldTable($link); createTableFromFormFields($preferences['form_fields'], $link); } } // Otherwise create the CC_FB_DB_TABLE table in the proper format. else { createTableFromFormFields($preferences['form_fields'], $link); } // If all went well, lets attempt to write the form results to // the database. foreach($preferences['form_fields'] as $field_name => $field) { $query .= "`$field_name` = " . mysqlEscape($_POST[$field_name], $link) . ','; } // Add the uploaded file to the query if necessary if(CC_FB_ATTACHMENT_SAVETODB) { if($_POST['Uploaded_File'] != '') { if(!($contents = file_get_contents(CC_FB_UPLOADS_DIRECTORY . "/{$_POST['Uploaded_File']}"))) { printMessage('Unable To Open Attachment File',"We're sorry " . 'but we were unable to open your uploaded file to ' . 'attach it for email. Please be sure that you have the ' . 'proper permissions.'); } $query .= '`uploaded_file_name` = ' . mysqlEscape($_POST['Uploaded_File'], $link) . ',' . '`uploaded_file` = ' . mysqlEscape($contents, $link) . ','; } else { $query .= "`uploaded_file_name` = '',`uploaded_file` = '',"; } } if(!mysql_query('INSERT INTO `' . CC_FB_DB_TABLE . '` SET ' . $query . "`created_at` = NOW()", $link)) { printMessage('Unable to Insert Into Database Table.', "We're sorry but we were unable to insert the form results " . 'into your database table. Please be sure that you have ' . 'the proper permissions to insert data into the ' . CC_FB_DB_TABLE . ' table. If you are still experiencing ' . 'trouble, please contact your server administrator.'); } } } /** * Archives an old `CC_FB_DB_TABLE` table. * * Renames a form results table to CC_FB_DB_TABLE_old or * CC_FB_DB_TABLE_old with a numerical value on the end of it * if appropriate. * * @param resource $link a database resource */ function archiveOldTable($link) { while(mysql_num_rows(mysql_query("SHOW TABLES LIKE '" . CC_FB_DB_TABLE . "_old$i'", $link)) != 0) { $i++; } if(!(mysql_query("RENAME TABLE `" . CC_FB_DB_TABLE . "` TO `" . CC_FB_DB_TABLE . "_old$i`", $link))) { printMessage('Unable to Rename Database Table.', "We're sorry but we were unable to rename your database " . 'table. Please be sure that you have the proper ' . 'permissions to rename the ' . CC_FB_DB_TABLE . ' table' . '. If you are still experiencing trouble, please contact your ' . 'server administrator.'); } } /** * Escapes a value for MySQL. * * Prepares a value to be used safely in a MySQL query. If the value is * numeric, it is returned. If the value is a string, it is quoted and * escaped using the mysql_real_escape_string function. * * @param mixed $value the value to be escaped * @param resource $link a database resource * @return mixed $value the escaped value */ function mysqlEscape($value, $link) { return ("'" . mysql_real_escape_string($value, $link) . "'"); } /** * Escapes a header value. * * Prepares a value to be used safely in an email header. * * @param mixed $value the value to be escaped * @return mixed $value the escaped value */ function headerEscape($value) { return preg_replace("/(\n|\r|%0A|%0D)/i", '', $value); } /** * Escapes a filename value. * * Prepares a filename to be used without the need to worry * about directory traversal exploits. * * @param mixed $value the value to be escaped * @return mixed $value the escaped value */ function filenameEscape($value) { return preg_replace('/[^\w\d\.]+/', '', $value); } /** * Checks if the columns from a table match the the structure * of the fields from a form. * * @param array $form_fields the structure from the form * @param array $table_fields the structure from the table * @return boolean $value, true if the structures are the same, * false if the structures are not. */ function formFieldsEqualsTableFields($form_fields, $table_fields) { // Make sure we have the proper fields for saving uploaded // files to the database if the user has requested we do so if(CC_FB_ATTACHMENT_SAVETODB) { if(array_key_exists('uploaded_file', $table_fields) && array_key_exists('uploaded_file_name', $table_fields)) { unset($table_fields['uploaded_file_name']); unset($table_fields['uploaded_file']); } else { return false; } } if(count($form_fields) != count($table_fields)) { return false; } foreach($form_fields as $field_name => $field) { if(!is_array($table_fields[$field_name]) || !(($field['type'] == 'textarea' && $table_fields[$field_name]['Type'] == 'text') || $table_fields[$field_name]['Type'] == 'varchar(255)')) { return false; } } return true; } /** * Create a MySQL table from the form structure. * * Uses the structure of the form, pulled from the XML preferences * file to create a database table to store the form results. * * @param resource $form_fields the structure of the form * @param resource $link a database resource */ function createTableFromFormFields($form_fields, $link) { mysql_query("DROP TABLE IF EXISTS `" . CC_FB_DB_TABLE . "`", $link); $query = 'CREATE TABLE `' . CC_FB_DB_TABLE . '` ( `id` int(11) NOT NULL auto_increment, `created_at` DATETIME NOT NULL'; if(CC_FB_ATTACHMENT_SAVETODB) { $query .= ",`uploaded_file_name` varchar(255) NOT NULL DEFAULT '' ,`uploaded_file` MEDIUMBLOB NOT NULL"; } foreach($form_fields as $field_name => $field) { $query .= ",\n `$field_name` " . ($field['type'] == 'textarea' ? 'text' : 'varchar(255)') . " NOT NULL DEFAULT ''"; } if(!(mysql_query("$query, PRIMARY KEY(`id`))", $link))) { printMessage('Unable to Create Table.', "We're sorry but we were " . 'unable to create a database table for your form results. ' . 'Please be sure that you have the proper permissions to ' . 'create tables. If you are still experiencing trouble, ' . 'please contact your server administrator.'); } } /** * Write form response to a log file. * * Writes the form response to the log file specified at 'CC_FB_SAVE_FILE' * if appropriate. If the file writing fails, an error message will be * printed out to the screen. * * @param string $txt_file the response to write to the log file. */ function writeResponseToFile($txt_file) { $txt_file = "{$_SERVER['SERVER_NAME']}{$_SERVER['PHP_SELF']}|" . date("Y-m-d H:i:s") . "|{$_SERVER['REMOTE_ADDR']}|$txt_file\n"; // If a log file location has been set if(CC_FB_SAVE_FILE != '[FILENAME]') { if($handle = fopen(CC_FB_SAVE_FILE, 'a')) { if(fwrite($handle, $txt_file) === false) { printMessage('Unable To Write To File', "We're sorry but we were unable to write to ".CC_FB_SAVE_FILE. '. Please contact your server administrator to be sure ' . 'that you have the proper permissions.'); } fclose($handle); } else { printMessage('Unable To Open File', "We're sorry but we were unable to open " . CC_FB_SAVE_FILE . '. Please contact your server administrator to be sure ' . 'that you have the proper permissions.'); } } } /** * Prints the HTML-formatted, form response page for the end-user. * * Writes the form response to an HTML-formatted page for the end-user * or redirects the user to a thank you page if specified. * * @param string $form_response the response to write to the page. * @param array $preferences the CoffeeCup Flash Form Builder Preferences. */ function printResponsePage($form_response, $preferences) { // Redirect to a thank you page if the user has created one. if(CC_FB_RESULTS_REDIRECT != '[RESULTSREDIRECT]') { die(header('Location: ' . CC_FB_RESULTS_REDIRECT)); } // Otherwise create a thank you page. else { $results_msg = '[RESULTSMSG]'; die(str_replace('$form_results', $form_response, $results_msg)); } } /** * Returns the CoffeeCup Flash Form Builder Preferences. * * Opens the CoffeeeCup Flash Form Builder XML preferences file * and retrieves the preferences and form fields from it. If * the preferences file is not found or can not be opened, an * error message is printed to the screen. * * @return array $preferences an array of preferences specified * in the CoffeeCup Flash Form Builder XML preferences file. */ function getPreferences() { if(!($contents = file_get_contents($_POST['xmlfile']))) { printMessage('Unable To Open XML File',"We're sorry but we were " . 'unable to locate your XML file. Please be sure that the \'' . "{$_POST['xmlfile']}' is on your server in the same directory " . 'as your other form builder files.'); } // Strips out all the XML nodes from the preferences file. preg_match_all('/<([a-z]+?)\s+(.*?)>/is', $contents, $nodes); foreach($nodes[1] as $node_key => $node_value) { // Skip over item, hidden, button and label nodes, as we're not // interested in them. if($node_value != 'item' && $node_value != 'hidden' && $node_value != 'submitbutton' && $node_value != 'browsebutton' && $node_value != 'label' && $node_value != 'resetbutton') { $node_array = array(); // For each node, we will strip out all of the attributes preg_match_all('/([a-z0-9]+?)="(.*?)"/is', $nodes[2][$node_key], $attributes); foreach($attributes[2] as $attribute_key => $attribute_value) { $node_array[$attributes[1][$attribute_key]] = html_entity_decode($attribute_value); } // If the node has an attribute called 'name', it is a form field. if(isset($node_array['name'])) { $name = $node_array['name'] . ($node_array['label'] != '' ? " - {$node_array['label']}" : ''); $preferences['form_fields'][$name] = $node_array; $preferences['form_fields'][$name]['type'] = $node_value; } // If the node type is 'form', it is the form preferences elseif($node_value == 'form') { $preferences['form_preferences'] = $node_array; } // otherwise just dump everything into a general array depending // on its node type. else { $preferences[$node_value][] = $node_array; } } } return $preferences; } /** * Uploads a user-submitted file. * * Attempts to upload a user-submitted file specified in * '$_FILES['Filedata']' to the 'CC_FB_UPLOADS_DIRECTORY' directory. If the * file already exists, append a numeric value to the end of * the file name. */ function processFileUpload() { if(!ini_get('file_uploads')) { printMessage('File Uploads Disabled', "We're sorry but we were unable to upload your file because " . 'your do not have file uploads enabled. Please contact' . 'your server administrator.'); } // Make sure we have a directory to store the file uploads if(!is_dir(CC_FB_UPLOADS_DIRECTORY) && !mkdir(CC_FB_UPLOADS_DIRECTORY,0755)) { printMessage('Directory Creation Failed', "We're sorry but we were unable to create a directory for " . 'your file uploads. Please contact your server administrator.'); } // Make sure the file upload is of an acceptable file type if(CC_FB_ACCEPTABLE_FILE_TYPES != "" && !preg_match('/\.('.CC_FB_ACCEPTABLE_FILE_TYPES.')$/is', $_FILES['Filedata']['name'])) { printMessage('Invalid File Type', "We're sorry but we were unable to upload your file because " . 'the file type is not acceptable.'); } // Seperate the file's basename and extension so that // we can append numeric values on the end of the basename // if the file already exists. $extension = substr($_FILES['Filedata']['name'], strrpos($_FILES['Filedata']['name'], '.')); $basename = basename($_FILES['Filedata']['name'], $extension); // Append number values on the end of the file name // if the file already exists while(file_exists(CC_FB_UPLOADS_DIRECTORY . "/$basename" . CC_FB_UPLOADS_EXTENSION . "$i$extension")) { $i++; } if(!move_uploaded_file($_FILES['Filedata']['tmp_name'], CC_FB_UPLOADS_DIRECTORY . "/$basename". CC_FB_UPLOADS_EXTENSION . "$i$extension")) { printMessage('File Upload Failed', "We're sorry but we were unable to upload your file. Please " . 'contact your server administrator.'); } chmod(CC_FB_UPLOADS_DIRECTORY . "/$basename$i$extension", 0644); } /** * Prints a message to the screen. * * Prints an HTML-formatted message to the screen that also contains * the current PHP version number the server is running, the current * version number and release date of this script as well as the * current version number and release date of the version of CoffeeCup * Flash Form Builder that generated this script. * * NOTE: This function stops execution of the script. * * @param string $title the title of the page * @param string $message the message to print to the screen */ function printMessage($title = null, $message = null) { // If the user has provided a title, format it for HTML if($title !== null) { $title = htmlentities($title, ENT_QUOTES); $page_title = "$title - "; $title = "

$title

"; } // If the user has provided a message, formit it for HTML if($message !== null) { $message = '

' . htmlentities($message, ENT_QUOTES) . '

'; } die( << {$page_title}CoffeeCup Form Builder $title $message

PHP Version: EOHTML . PHP_VERSION . '

Sendmail Path: ' . ini_get('sendmail_path') . '
Sendmail From: ' . ini_get('sendmail_from') . '
SMTP: ' . ini_get('SMTP') . '
SMTP Port: ' . ini_get('smtp_port') . '

MySQL: ' . (extension_loaded('mysql') ? 'Installed' : 'Not Installed') . '

File Uploads: ' . (ini_get('file_uploads') ? 'On' : 'Off') . '
File Uploads Max Size: ' . ini_get('upload_max_filesize') . '
Post Max Size: ' . ini_get('post_max_size') . '

Software Version: ' . CC_FB_VERSION . '
Software Last Updated: ' . CC_FB_LAST_UPDATED . '

Script Version: ' . CC_FB_SCRIPT_VERSION . '
Script Last Updated: ' . CC_FB_SCRIPT_LAST_UPDATED . '

' . << EOHTML ); } ?>