File Manager
/ wp-content
Search
Upload
New Item
Settings
File "db5.php"
Full path: /home1/epichome/public_html/wp-content/db5.php
File size: 60.67 B (60.67 KB bytes)
MIME-type: text/x-php
Charset: utf-8
Download Open Edit Advanced Editor Back
/home/pharmacy/www/wp-content/plugins/visual-form-builder/public/class-email.php
<?php
/**
* Handles the main email
*/
class Visual_Form_Builder_Email {
/**
* Form_id
*
* @var mixed
* @access protected
*/
protected $form_id;
/**
* __construct function.
*
* @access public
* @return void
*/
public function __construct() {}
/**
* Email function.
*
* @access public
* @return void
*/
public function email() {
$form_id = $this->get_form_id();
if ( ! $form_id ) {
return;
}
// Save Form ID to pass to phpmailer().
$this->form_id = $form_id;
// Main Email.
$this->notification( $form_id );
/**
* Action that fires after all emails have been processed
*
* Passes the Entry ID and Form ID
*/
do_action( 'vfb_after_email', $form_id );
}
/**
* Send out main email
*
* @param [type] $form_id [$form_id description].
*
* @return void
*/
public function notification( $form_id ) {
global $wpdb;
// Query to get all forms.
$order = sanitize_sql_orderby( 'form_id DESC' );
$form = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . VFB_WP_FORMS_TABLE_NAME . " WHERE form_id = %d ORDER BY $order", $form_id ) );
$form_settings = (object) array(
'form_title' => wp_unslash( html_entity_decode( $form->form_title, ENT_QUOTES, 'UTF-8' ) ),
'form_subject' => wp_unslash( html_entity_decode( $form->form_email_subject, ENT_QUOTES, 'UTF-8' ) ),
'form_to' => is_array( unserialize( $form->form_email_to ) ) ? unserialize( $form->form_email_to ) : explode( ',', unserialize( $form->form_email_to ) ),
'form_from' => wp_unslash( $form->form_email_from ),
'form_from_name' => wp_unslash( $form->form_email_from_name ),
'form_notification_setting' => wp_unslash( $form->form_notification_setting ),
'form_notification_email_name' => wp_unslash( $form->form_notification_email_name ),
'form_notification_email_from' => wp_unslash( $form->form_notification_email_from ),
'form_notification_subject' => wp_unslash( html_entity_decode( $form->form_notification_subject, ENT_QUOTES, 'UTF-8' ) ),
'form_notification_message' => wp_unslash( $form->form_notification_message ),
'form_notification_entry' => wp_unslash( $form->form_notification_entry ),
);
// Allow the form settings to be filtered (ex: return $form_settings->'form_title' = 'Hello World';).
$form_settings = (object) apply_filters_ref_array( 'vfb_email_form_settings', array( $form_settings, $form_id ) );
// Get global settings.
$vfb_settings = get_option( 'vfb-settings' );
// Settings - Max Upload Size.
$settings_max_upload = isset( $vfb_settings['max-upload-size'] ) ? $vfb_settings['max-upload-size'] : 25;
// Settings - Spam word sensitivity.
$settings_spam_points = isset( $vfb_settings['spam-points'] ) ? $vfb_settings['spam-points'] : 4;
// Sender name field ID.
$sender = $form->form_email_from_name_override;
// Sender email field ID.
$email = $form->form_email_from_override;
// Notifcation email field ID.
$notify = $form->form_notification_email;
$reply_to_name = $form_settings->form_from_name;
$reply_to_email = $form_settings->form_from;
// Use field for sender name.
if ( ! empty( $sender ) && isset( $_POST[ 'vfb-' . $sender ] ) ) {
$form_settings->form_from_name = wp_kses_data( wp_unslash( $_POST[ 'vfb-' . $sender ] ) );
$reply_to_name = $form_settings->form_from_name;
}
// Use field for sender email.
if ( ! empty( $email ) && isset( $_POST[ 'vfb-' . $email ] ) ) {
$form_settings->form_from = sanitize_email( wp_unslash( $_POST[ 'vfb-' . $email ] ) );
$reply_to_email = $form_settings->form_from;
}
// Use field for copy email.
$copy_email = ! empty( $notify ) && isset( $_POST[ 'vfb-' . $notify ] ) ? sanitize_email( wp_unslash( $_POST[ 'vfb-' . $notify ] ) ) : '';
// Query to get all forms.
$order = sanitize_sql_orderby( 'field_sequence ASC' );
$fields = $wpdb->get_results( $wpdb->prepare( 'SELECT field_id, field_key, field_name, field_type, field_options, field_parent, field_required FROM ' . VFB_WP_FIELDS_TABLE_NAME . " WHERE form_id = %d ORDER BY $order", $form_id ) );
// Setup counter for alt rows.
$i = $points = 0;
// Setup HTML email vars.
$header = $body = $message = $footer = $html_email = $auto_response_email = '';
$attachments = array();
// Prepare the beginning of the content.
$header = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>HTML Email</title>
</head>
<body><table rules="all" style="border-color: #666;" cellpadding="10">' . "\n";
// Loop through each form field and build the body of the message.
foreach ( $fields as $field ) {
// Handle attachments.
if ( 'file-upload' === $field->field_type ) {
$value = ( isset( $_FILES[ 'vfb-' . $field->field_id ] ) ) ? wp_unslash( $_FILES[ 'vfb-' . $field->field_id ] ) : '';
if ( is_array( $value ) && $value['size'] > 0 ) {
// 25MB is the max size allowed.
$size = apply_filters( 'vfb_max_file_size', $settings_max_upload );
$max_attach_size = $size * 1048576;
// Display error if file size has been exceeded.
if ( $value['size'] > $max_attach_size ) {
wp_die( sprintf( esc_html__( 'File size exceeds %dMB. Please decrease the file size and try again.', 'visual-form-builder' ), absint( $size ) ), '', array( 'back_link' => true ) );
}
// Options array for the wp_handle_upload function. 'test_form' => false.
$upload_overrides = array( 'test_form' => false );
// We need to include the file that runs the wp_handle_upload function.
include_once ABSPATH . 'wp-admin/includes/file.php';
// Handle the upload using WP's wp_handle_upload function. Takes the posted file and an options array.
$uploaded_file = wp_handle_upload( $value, $upload_overrides );
// If the wp_handle_upload call returned a local path for the image.
if ( isset( $uploaded_file['file'] ) ) {
// Retrieve the file type from the file name. Returns an array with extension and mime type.
$wp_filetype = wp_check_filetype( basename( $uploaded_file['file'] ), null );
// Return the current upload directory location.
$wp_upload_dir = wp_upload_dir();
$media_upload = array(
'guid' => $wp_upload_dir['url'] . '/' . basename( $uploaded_file['file'] ),
'post_mime_type' => $wp_filetype['type'],
'post_title' => preg_replace( '/\.[^.]+$/', '', basename( $uploaded_file['file'] ) ),
'post_content' => '',
'post_status' => 'inherit',
);
// Insert attachment into Media Library and get attachment ID.
$attach_id = wp_insert_attachment( $media_upload, $uploaded_file['file'] );
// Include the file that runs wp_generate_attachment_metadata().
include_once ABSPATH . 'wp-admin/includes/image.php';
include_once ABSPATH . 'wp-admin/includes/media.php';
// Setup attachment metadata.
$attach_data = wp_generate_attachment_metadata( $attach_id, $uploaded_file['file'] );
// Update the attachment metadata.
wp_update_attachment_metadata( $attach_id, $attach_data );
$attachments[ 'vfb-' . $field->field_id ] = $uploaded_file['file'];
$data[] = array(
'id' => $field->field_id,
'slug' => $field->field_key,
'name' => $field->field_name,
'type' => $field->field_type,
'options' => $field->field_options,
'parent_id' => $field->field_parent,
'value' => $uploaded_file['url'],
);
$body .= sprintf(
'<tr>
<td><strong>%1$s: </strong></td>
<td><a href="%2$s">%2$s</a></td>
</tr>' . "\n",
esc_html( wp_unslash( $field->field_name ) ),
$uploaded_file['url']
);
}
} else {
$value = ( isset( $_POST[ 'vfb-' . $field->field_id ] ) ) ? sanitize_text_field( wp_unslash( $_POST[ 'vfb-' . $field->field_id ] ) ) : '';
$body .= sprintf(
'<tr>
<td><strong>%1$s: </strong></td>
<td>%2$s</td>
</tr>' . "\n",
esc_html( wp_unslash( $field->field_name ) ),
$value
);
}
} else {
$value = ( isset( $_POST[ 'vfb-' . $field->field_id ] ) ) ? sanitize_text_field( wp_unslash( $_POST[ 'vfb-' . $field->field_id ] ) ) : '';
// If time field, build proper output.
if ( is_array( $value ) && 'time' === $field->field_type ) {
$value = $this->format_field( $value, $field->field_type );
} elseif ( is_array( $value ) && 'address' === $field->field_type ) {
// If address field, build proper output.
$value = $this->format_field( $value, $field->field_type );
} elseif ( is_array( $value ) ) {
// If multiple values, build the list.
$value = $this->format_field( $value, $field->field_type );
} elseif ( 'radio' === $field->field_type ) {
$value = wp_specialchars_decode( wp_unslash( esc_html( $value ) ), ENT_QUOTES );
} else {
$value = html_entity_decode( wp_unslash( esc_html( $value ) ), ENT_QUOTES, 'UTF-8' ); // Lastly, handle single values.
}
// Spam Words - Exploits.
$exploits = array( 'content-type', 'bcc:', 'cc:', 'document.cookie', 'onclick', 'onload', 'javascript', 'alert' );
$exploits = apply_filters( 'vfb_spam_words_exploits', $exploits, $form_id );
// Spam Words - Exploits.
$profanity = array( 'beastial', 'bestial', 'blowjob', 'clit', 'cock', 'cum', 'cunilingus', 'cunillingus', 'cunnilingus', 'cunt', 'ejaculate', 'fag', 'felatio', 'fellatio', 'fuck', 'fuk', 'fuks', 'gangbang', 'gangbanged', 'gangbangs', 'hotsex', 'jism', 'jiz', 'kock', 'kondum', 'kum', 'kunilingus', 'orgasim', 'orgasims', 'orgasm', 'orgasms', 'phonesex', 'phuk', 'phuq', 'porn', 'pussies', 'pussy', 'spunk', 'xxx' );
$profanity = apply_filters( 'vfb_spam_words_profanity', $profanity, $form_id );
// Spam Words - Misc.
$spamwords = array( 'viagra', 'phentermine', 'tramadol', 'adipex', 'advai', 'alprazolam', 'ambien', 'ambian', 'amoxicillin', 'antivert', 'blackjack', 'backgammon', 'holdem', 'poker', 'carisoprodol', 'ciara', 'ciprofloxacin', 'debt', 'dating', 'porn' );
$spamwords = apply_filters( 'vfb_spam_words_misc', $spamwords, $form_id );
// Add up points for each spam hit.
if ( preg_match( '/(' . implode( '|', $exploits ) . ')/i', $value ) ) {
$points += 2;
} elseif ( preg_match( '/(' . implode( '|', $profanity ) . ')/i', $value ) ) {
++$points;
} elseif ( preg_match( '/(' . implode( '|', $spamwords ) . ')/i', $value ) ) {
++$points;
}
// Sanitize input.
$value = $this->sanitize_input( $value, $field->field_type );
// Validate input.
$this->validate_input( $value, $field->field_name, $field->field_type, $field->field_required );
$removed_field_types = array( 'verification', 'secret', 'submit' );
// Don't add certain fields to the email.
if ( ! in_array( $field->field_type, $removed_field_types, true ) ) {
if ( 'fieldset' === $field->field_type ) {
$body .= sprintf(
'<tr style="background-color:#393E40;color:white;font-size:14px;">
<td colspan="2">%1$s</td>
</tr>' . "\n",
wp_unslash( $field->field_name )
); } elseif ( 'section' === $field->field_type ) {
$body .= sprintf(
'<tr style="background-color:#6E7273;color:white;font-size:14px;">
<td colspan="2">%1$s</td>
</tr>' . "\n",
wp_unslash( $field->field_name )
); } else {
// Convert new lines to break tags for textarea in html.
$display_value = ( 'textarea' == $field->field_type ) ? nl2br( $value ) : $value;
$body .= sprintf(
'<tr>
<td><strong>%1$s: </strong></td>
<td>%2$s</td>
</tr>' . "\n",
wp_unslash( $field->field_name ),
$display_value
);
}
}
$data[] = array(
'id' => $field->field_id,
'slug' => $field->field_key,
'name' => $field->field_name,
'type' => $field->field_type,
'options' => $field->field_options,
'parent_id' => $field->field_parent,
'value' => esc_html( $value ),
);
}
// If the user accumulates more than 4 points, it might be spam.
if ( $points > $settings_spam_points ) {
wp_die( esc_html__( 'Your responses look too much like spam and could not be sent at this time.', 'visual-form-builder' ), '', array( 'back_link' => true ) );
}
}
// Setup our entries data.
$entry = array(
'form_id' => $form_id,
'data' => serialize( $data ),
'subject' => $form_settings->form_subject,
'sender_name' => $form_settings->form_from_name,
'sender_email' => $form_settings->form_from,
'emails_to' => serialize( $form_settings->form_to ),
'date_submitted' => date_i18n( 'Y-m-d H:i:s' ),
'ip_address' => isset( $_SERVER['REMOTE_ADDR'] ) ? sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ) : '',
);
// Settings - Disable Saving Entries.
$settings_disable_saving = isset( $vfb_settings['disable-saving-entries'] ) ? $vfb_settings['disable-saving-entries'] : '';
// Insert this data into the entries table if setting is not set.
if ( empty( $settings_disable_saving ) ) {
$wpdb->insert( VFB_WP_ENTRIES_TABLE_NAME, $entry );
}
// Close out the content.
$footer .= '<tr>
<td class="footer" height="61" align="left" valign="middle" colspan="2">
<p style="font-size: 12px; font-weight: normal; margin: 0; line-height: 16px; padding: 0;">This email was built and sent using <a href="http://wordpress.org/extend/plugins/visual-form-builder/" style="font-size: 12px;">Visual Form Builder</a>.</p>
</td>
</tr>
</table>
</body>
</html>' . "\n";
// Build complete HTML email.
$message = $header . $body . $footer;
// Wrap lines longer than 70 words to meet email standards.
$message = wordwrap( $message, 70 );
// Decode HTML for message so it outputs properly.
$notify_message = ! empty( $form_settings->form_notification_message ) ? html_entity_decode( $form_settings->form_notification_message ) : '';
// Initialize header filter vars.
$header_from_name = function_exists( 'mb_encode_mimeheader' ) ? mb_encode_mimeheader( wp_unslash( $reply_to_name ) ) : wp_unslash( $reply_to_name );
$header_from = $reply_to_email;
$header_content_type = 'text/html';
// Either prepend the notification message to the submitted entry, or send by itself.
if ( ! empty( $form_settings->form_notification_entry ) ) {
$auto_response_email = $header . $notify_message . $body . $footer;
} else {
$auto_response_email = sprintf(
'%1$s<table cellspacing="0" border="0" cellpadding="0" width="100%%"><tr><td colspan="2" class="mainbar" align="left" valign="top" width="600">%2$s</td></tr>%3$s',
$header,
$notify_message,
$footer
);
}
// Build email headers.
$from_name = empty( $header_from_name ) ? 'WordPress' : $header_from_name;
// Use the admin_email as the From email.
$from_email = get_option( 'admin_email' );
// Get the site domain and get rid of www.
$sitename = isset( $_SERVER['SERVER_NAME'] ) ? strtolower( sanitize_text_field( wp_unslash( $_SERVER['SERVER_NAME'] ) ) ) : 'localhost';
if ( substr( $sitename, 0, 4 ) === 'www.' ) {
$sitename = substr( $sitename, 4 );
}
// Get the domain from the admin_email.
list( $user, $domain ) = explode( '@', $from_email );
// If site domain and admin_email domain match, use admin_email, otherwise a same domain email must be created.
$from_email = ( $sitename == $domain ) ? $from_email : "wordpress@$sitename";
// Settings - Sender Mail Header.
$settings_sender_header = isset( $vfb_settings['sender-mail-header'] ) ? $vfb_settings['sender-mail-header'] : $from_email;
// Allow Sender email to be filtered.
$from_email = apply_filters( 'vfb_sender_mail_header', $settings_sender_header, $form_id );
$reply_to = "\"$from_name\" <$header_from>";
$headers[] = "Sender: $from_email";
$headers[] = "From: $reply_to";
$headers[] = "Reply-To: $reply_to";
$headers[] = "Content-Type: $header_content_type; charset=\"" . get_option( 'blog_charset' ) . '"';
$form_subject = wp_specialchars_decode( $form_settings->form_subject, ENT_QUOTES );
$notify_subject = wp_specialchars_decode( $form_settings->form_notification_subject, ENT_QUOTES );
// Sanitize main emails_to.
$emails_to = array_map( 'sanitize_email', $form_settings->form_to );
// Send the mail.
foreach ( $emails_to as $email ) {
wp_mail( $email, $form_subject, $message, $headers, $attachments );
}
// Send auto-responder email.
if ( ! empty( $form_settings->form_notification_setting ) ) {
$attachments = ! empty( $form_settings->form_notification_entry ) ? $attachments : '';
// Reset headers for notification email.
$reply_name = function_exists( 'mb_encode_mimeheader' ) ? mb_encode_mimeheader( stripslashes( $form_settings->form_notification_email_name ) ) : wp_unslash( $form_settings->form_notification_email_name );
$reply_email = $form_settings->form_notification_email_from;
$reply_to = "\"$reply_name\" <$reply_email>";
$headers[] = "Sender: $from_email";
$headers[] = "From: $reply_to";
$headers[] = "Reply-To: $reply_to";
$headers[] = "Content-Type: $header_content_type; charset=\"" . get_option( 'blog_charset' ) . '"';
// Send the mail.
wp_mail( $copy_email, $notify_subject, $auto_response_email, $headers, $attachments );
}
}
/**
* [format_field description]
*
* @param [type] $value [description].
* @param string $type [description].
* @return [type] [description]
*/
public function format_field( $value, $type = '' ) {
$output = '';
// Basic check for type when not set.
if ( empty( $type ) ) {
if ( is_array( $value ) && array_key_exists( 'address', $value ) ) {
$type = 'address';
} elseif ( is_array( $value ) && array_key_exists( 'hour', $value ) && array_key_exists( 'min', $value ) ) {
$type = 'time';
} elseif ( is_array( $value ) ) {
$type = 'checkbox';
} else {
$type = 'default';
}
}
// Build array'd form item output.
switch ( $type ) {
case 'time':
$output = ( array_key_exists( 'ampm', $value ) ) ? substr_replace( implode( ':', $value ), ' ', 5, 1 ) : implode( ':', $value );
break;
case 'address':
if ( ! empty( $value['address'] ) ) {
$output .= $value['address'];
}
if ( ! empty( $value['address-2'] ) ) {
if ( ! empty( $output ) ) {
$output .= '<br>';
}
$output .= $value['address-2'];
}
if ( ! empty( $value['city'] ) ) {
if ( ! empty( $output ) ) {
$output .= '<br>';
}
$output .= $value['city'];
}
if ( ! empty( $value['state'] ) ) {
if ( ! empty( $output ) && empty( $value['city'] ) ) {
$output .= '<br>';
} elseif ( ! empty( $output ) && ! empty( $value['city'] ) ) {
$output .= ', ';
}
$output .= $value['state'];
}
if ( ! empty( $value['zip'] ) ) {
if ( ! empty( $output ) && ( empty( $value['city'] ) && empty( $value['state'] ) ) ) {
$output .= '<br>';
} elseif ( ! empty( $output ) && ( ! empty( $value['city'] ) || ! empty( $value['state'] ) ) ) {
$output .= ' ';
}
$output .= $value['zip'];
}
if ( ! empty( $value['country'] ) ) {
if ( ! empty( $output ) ) {
$output .= '<br>';
}
$output .= $value['country'];
}
break;
case 'checkbox':
$output = esc_html( implode( ', ', $value ) );
break;
default:
$output = wp_specialchars_decode( wp_unslash( esc_html( $value ) ), ENT_QUOTES );
break;
}
return $output;
}
/**
* Validate the input
*
* @param [type] $data [$data description].
* @param [type] $name [$name description].
* @param [type] $type [$type description].
* @param [type] $required [$required description].
*
* @return [type] [return description]
*/
public function validate_input( $data, $name, $type, $required ) {
if ( 'yes' === $required && strlen( $data ) === 0 ) {
wp_die( esc_html( "<h1>$name</h1><br>" ) . esc_html__( 'This field is required and cannot be empty.', 'visual-form-builder' ), esc_html( $name ), array( 'back_link' => true ) );
}
if ( strlen( $data ) > 0 ) {
switch ( $type ) {
case 'email':
if ( ! is_email( $data ) ) {
wp_die( esc_html( "<h1>$name</h1><br>" ) . esc_html__( 'Not a valid email address', 'visual-form-builder' ), '', array( 'back_link' => true ) );
}
break;
case 'number':
case 'currency':
if ( ! is_numeric( $data ) ) {
wp_die( esc_html( "<h1>$name</h1><br>" ) . esc_html__( 'Not a valid number', 'visual-form-builder' ), '', array( 'back_link' => true ) );
}
break;
case 'phone':
if ( strlen( $data ) > 9 && preg_match( '/^((\+)?[1-9]{1,2})?([-\s\.])?((\(\d{1,4}\))|\d{1,4})(([-\s\.])?[0-9]{1,12}){1,2}$/', $data ) ) {
return true;
} else {
wp_die( esc_html( "<h1>$name</h1><br>" ) . esc_html__( 'Not a valid phone number. Most US/Canada and International formats accepted.', 'visual-form-builder' ), '', array( 'back_link' => true ) );
}
break;
case 'url':
if ( ! preg_match( '|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $data ) ) {
wp_die( esc_html( "<h1>$name</h1><br>" ) . esc_html__( 'Not a valid URL.', 'visual-form-builder' ), '', array( 'back_link' => true ) );
}
break;
}
return true;
}
}
/**
* Sanitize the input
*
* @param [type] $data [$data description].
* @param [type] $type [$type description].
*
* @return [type] [return description]
*/
public function sanitize_input( $data, $type ) {
if ( strlen( $data ) > 0 ) {
switch ( $type ) {
case 'text':
return sanitize_text_field( $data );
break;
case 'textarea':
return wp_strip_all_tags( $data );
break;
case 'email':
return sanitize_email( $data );
break;
case 'html':
return wp_kses_data( force_balance_tags( $data ) );
break;
case 'min':
case 'max':
case 'digits':
return preg_replace( '/\D/i', '', $data );
break;
case 'address':
$allowed_html = array( 'br' => array() );
return wp_kses( $data, $allowed_html );
break;
}
return wp_kses_data( $data );
}
}
/**
* Get form ID
*
* @access private
* @return int
*/
private function get_form_id() {
if ( ! isset( $_POST['form_id'] ) ) {
return false;
}
return (int) $_POST['form_id'];
}
/**
* Basic check to exit if the form hasn't been submitted
*
* @access public
* @return void
*/
public function submit_check() {
// If form ID hasn't been submitted by $_POST, exit.
if ( ! $this->get_form_id() ) {
return;
}
// If form ID hasn't been submitted by $_POST, exit.
if ( ! isset( $_POST['vfb-submit'] ) ) {
return;
}
return true;
}
}
