'100', The input type of this form field 'type' => 'text', The label for this form field 'name'=>'name', it is mandatory to enter a value for this field. 'mandatory'=>1, this will be prefaced by 'Please enter...' to create an error message in the event that this field is empty 'err_msg' => 'your name' */ $tbl_email = array( 'fields' => array( 'name' => array('maxsize' => '100', 'type' => 'text', 'name'=>'your name', 'mandatory'=>1, 'filter_for_injection_attack' => 1), 'email' =>array('maxsize' => '100', 'type' => 'text', 'name'=>'your e-mail address', 'mandatory'=>1, 'is_email' => 1, 'filter_for_injection_attack' => 1), 'subject' =>array('maxsize' => '255', 'type' => 'text', 'name'=>'subject', 'mandatory'=>1, 'err_msg' => 'a subject', 'filter_for_injection_attack' => 1), 'message' =>array('type' => 'textarea', 'name'=>'message', 'mandatory'=>1, 'err_msg' => 'a message'), ) ); class nw_mailform { /* create a simple form from an array representing one or more db tables vers.1.0 */ var $maintbl; // the field names var $mainfieldnames; //a single db row var $record; // an array of error messages var $err_msg; // the form var $form; // the name of the form, used to create a unique name for the js validator var $form_name; function nw_mailform (&$tbl, $form_name='') { $this->maintbl = &$tbl; $this->form_name = $form_name; $this->mainfieldnames = array_keys ($tbl['fields']); } function get_mainfieldnames() { return ($this->mainfieldnames); } function build_form($vars=array()) { if (is_array($vars['data'])) {$data = $vars['data'];} else {$data = $this->record;} //print_r($vars); /* * $data: array of values to fill form with same keys as table * $vars: array of additional info */ foreach ($this->maintbl['fields'] AS $key => $field) { if ($field['type'] != 'hidden') { $this->form .= ($vars['wrap_elements']?'<'.$vars['wrap_elements'].'>':''); if ($field['type'] == 'text') { // div, p or nothing around each element? $this->form .= ucwords($field['name']).'
'; } else if ($field['type'] == 'textarea') {$this->form .= ucwords($field['name']).'
'; } } else if ($field['type'] == 'hidden') {$this->form .= ''; } $this->form .= ($vars['wrap_elements']?'':''); } if($vars['a']) {$this->form .= '';} } function get_form($vars='') { //print_r($vars); if (!$vars['action']) {$vars['action']=$_SERVER['PHP_SELF'];} if ($vars['js_valid']) {$js = ' onsubmit="return submit'.$this->form_name.'(this)" ';} return ('
'.$this->form. '
'); } function set_record($data) { $this->record = $data; } function get_record() { return($this->record); } function checkvalid() { if (!$this->record) { $this->err_msg['all'] = 'Please fill in the form before pressing submit'; return; } foreach ($this->record as $key=>$val) { // prevent foreach iterating only over associative keys // to use just the numeric keys, change != to == if(strval(intval($key))!=$key) { // check if they are valid. $this->record[$key] = $this->nw_clean($val, $this->maintbl['fields'] [$key]['maxsize']); if (($this->maintbl ['fields'] [$key] ['mandatory']) && (!$val)){ $this->err_msg[$key] = 'Please enter '.($this-> maintbl ['fields'] [$key] ['err_msg']?$this-> maintbl ['fields'] [$key] ['err_msg']:$this-> maintbl ['fields'] [$key] ['name']); } if ($this->maintbl ['fields'] [$key] ['filter_for_injection_attack']) { /* echo '
'.__LINE__.'
'; echo 'hello
'; echo $val.'
'; */ if (eregi("\r",$val) || eregi("\n",$val)){ die('Why ?? :('); } } if ($this->maintbl ['fields'] [$key] ['is_email']){ if (($val) && (!$this->valid_email($val))) { $this->err_msg[$key] = 'The email address that you have entered does not appear to be valid.'; } } } } //print_r($err_msg); if (!is_array($this->err_msg)) {return (1);} } function error_report() { if (is_array($this->err_msg)) { $report .= '

Please check your entry. We found '.((count($this->err_msg)==1)?'one item that requires':'some items that require').' amending.

'; return ($report); } } function replace_MSWord_quotes($text) { $MSWord_chars=array( chr(145), chr(146), chr(147), chr(148), chr(151), chr(63) ); $valid_chars=array( "'", "'", '"', '"', '-', '-' ); return str_replace($MSWord_chars,$valid_chars,$text); } function nw_clean($input, $maxsize='', $leavehtmlentities=0) { $input = trim ($input); if (!$leavehtmlentities) { $input = $this->replace_MSWord_quotes($input); $input = htmlentities($input, ENT_QUOTES); $input = $this->myaddslashes($input); } if($maxsize) { if (strlen($input)>$maxsize) { $input = substr($input, 0, $maxsize); } $pos = strpos(substr($input,($maxsize-5),$maxsize), '&'); if (!($pos === false)) { $input = substr($input,0,($maxsize+($pos-4))); } } return ($input); } function myaddslashes($string) { if (get_magic_quotes_gpc()==1) { return $string; } else { return addslashes($string); } } function mystripslashes($string) { if (get_magic_quotes_gpc()==1) { return stripslashes($string); } else { return $string; } } function valid_email($email) { $regex = "^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$"; // Validate the syntax return (eregi($regex, $email)?1:0); } function send_mail($vars) { if(($vars['owner_email']) && ($vars['owner_name']) && ($this->record['email']) && ($this->record['subject']) && ($this->record['message'])) { /*****************************************************************/ // newlines added 27 Sept 06 $this->record['subject'] = stripslashes($_POST['subject']); $this->record['message'] = stripslashes($_POST['message']); /*****************************************************************/ $this->record['message'].= MESSAGE_FOOTER; $headers = 'From: '.$this->record['name'].' <'.$this->record['email'].'>'; $to = $vars['owner_name'].' <'.$vars['owner_email'].'>'; //echo '$to: '.$to.'
'; //echo '$headers: '.$headers.'
'; return(mail($to, $this->record['subject'], $this->record['message'], $headers)); } else { return(false); } } } $form = &new nw_mailform($tbl_email, FORM_NAME); $a=$form->nw_clean($_POST['a'],3); // remove the 'a' element from postvars so that it only contains the elements that correspond with the db table. unset($_POST['a']); if (!$a) { $a=$form->nw_clean($_GET['a'],3); } //print_r($_POST); if (!$a) { // set the default public page $a='neo'; } //non-display options if (substr($a,2) == 'i') { switch ($a) { case 'nei': // give incoming form vars to form object $form->set_record($_POST); //check validity and clean the record if ($form->checkvalid()) { //echo '
valid
'; $t = $form->send_mail(array('owner_email' => OWNER_EMAIL, 'owner_name' => OWNER_NAME)); header('Location: '.$_SERVER['PHP_SELF'].'?a=mlr&t='.$t); } else { // print the form again, filled with the data, with an error report at the start and error fields highlighted. $a='neo'; } //print_r($form->get_record()); break; } } // results: display something if ((substr($a,2) == 'o') || (substr($a,2) == 'r')){ //display options tmpl1(PAGE_TITLE); //echo ''; echo ''; echo ''; echo ''; tmpl2(); echo '
'; switch ($a) { case 'neo': if ($a=='neo') { $new_a = 'nei'; } /* echo '

'.PAGE_TITLE.'

'; */ echo $form->error_report(); $form->build_form(array('a'=>$new_a, 'wrap_elements' => 'p')); echo $form->get_form(array('js_valid'=>USE_JS_VALID, 'submit_label' => 'Send Message', 'submit_class' => 'btn ml265')); echo '
 
'; break; case 'mlr': if ($form->nw_clean($_GET['t'],5)) { //echo'

Thank You

'; echo'

Your Message has been sent.

'; } else { //echo '

Message not Sent

'; echo'

It was not possible to post the message at this time. If this error persists, please e-mail site admin.

'; } echo '

Click here to return to the home page.

 
'; break; } echo '
'; tmpl3(); } ?>