<?php printf(__('Confirm Petition Signature - %s', "fcpetition"), get

'', "petition_text" => __("We the undersigned ask you to sign our petition.","fcpetition"), "petition_confirmation" => __("Thank you for signing the petition. You must confirm this by visiting the following address: \n\n[[curl]]\n\nRegards,\n\nJames","fcpetition"), //"petition_confirmurl" => __("","fcpetition"), "petition_from" => sprintf(__("My Petition <%s>","fcpetition"),get_option('admin_email')), "petition_maximum" => 10, "petition_enabled" => 0, "petition_comments" => 0 ); /* Define the maximum comment size. You can't simply just change this for an existing install * you must modify the database table too */ define("MAX_COMMENT_SIZE",255); /* Disable e-mail verficiation of petitions. * THIS IS A BAD THING. ENABLING THIS FEAUTRE WILL OPEN YOUR PETITION TO ABUSE AND SPAM. * Set the option to 1 if you really want this. Otherwise, leave well alone. * This option is purposely hidden to ordinary users. */ define("OVERRIDE_VERIFICATION",0); /* Allow the administrator to manually confirm sigatures. * THIS IS A BAD THING AND MAY DECREASE TRUST PLACED IN THE RESULTS OF YOUR PETITION * (saying that, you could do the same by manually editting the database). * Set the option to 1 if you really want to do this. * This option is purposely hidden to ordinary users. */ define("OVERRIDE_CONFIRMATION",0); // The petition table $signature_table = $table_prefix . "petition_signatures"; $signature_table_sql = "CREATE TABLE $signature_table ( `petition` INT, `email` VARCHAR(100), `name` VARCHAR(100), `confirm` VARCHAR(100), `comment` TEXT, `fields` TEXT, `time` DATETIME, `keep_private` enum('on','off') NOT NULL default 'off', UNIQUE KEY email (email,petition) ) %s; "; $petitions_table = $table_prefix . "petitions"; $petitions_table_sql = "CREATE TABLE $petitions_table ( `petition` INT AUTO_INCREMENT, `petition_title` VARCHAR(100), `petition_text` TEXT, `petition_confirmation` TEXT, `petition_from` VARCHAR(100), `petition_maximum` INT, `petition_enabled` TINYINT(1), `petition_comments` TINYINT(1), PRIMARY KEY (petition) ) %s; "; $fields_table = $table_prefix . "petition_fields"; $fields_table_sql = "CREATE TABLE $fields_table ( `petition` INT, `name` VARCHAR(100), `type` VARCHAR(10), `opt` TEXT, `hide` TINYINT(1), `ts` TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, UNIQUE KEY name (petition,name) ) %s; "; $old_table = $table_prefix . "petition"; /* * Actions */ add_action('init','fcpetition_widget_register'); add_action('admin_menu', 'fcpetition_add_pages'); //Action adds pages add_action('the_content','fcpetition_filter_pages'); //Action to display the petition to the user add_action('get_header','fcpetition_export'); //Action for exporting the petition if ( isset($_REQUEST['petition-confirm']) ) add_action('template_redirect', 'fcpetition_confirm'); register_activation_hook(__FILE__, fcpetition_install()); /* * Functions */ function fcpetition_widget($args){ global $wpdb; global $signature_table; global $petitions_table; extract($args); echo $before_widget; echo $before_title . __("Total Petition Signatures","fcpetition") . $after_title; $sql = "SELECT count($signature_table.email) as count,petition_title FROM $signature_table,$petitions_table where $signature_table.petition = $petitions_table.petition and $signature_table.confirm = '' and petition_enabled = 1 group by petition_title;"; ?>

".$row->petition_title . ": " . $row->count . "

escape($_GET['petition-confirm']); ?> <?php printf(__('Confirm Petition Signature - %s', "fcpetition"), get_bloginfo('name')); ?>

query("UPDATE $signature_table SET `confirm` = '' WHERE `confirm` = '$confirm'")==1) { print __("Your signature has now been added to the petition. Thank you.","fcpetition"); } else { print __("The confirmation code you supplied was invalid. Either it was incorrect or it has already been used.","fcpetition"); } ?>

supports_collation() ) { if ( ! empty($wpdb->charset) ) $charset_collate = "DEFAULT CHARACTER SET $wpdb->charset"; if ( ! empty($wpdb->collate) ) $charset_collate .= " COLLATE $wpdb->collate"; } // Create the table that holds the signatures if($wpdb->get_var("SHOW TABLES LIKE '$signature_table'") != $signature_table) { require_once(ABSPATH . 'wp-admin/upgrade-functions.php'); dbDelta(sprintf($signature_table_sql,$charset_collate)); } // Create the table that holds the individual petition settings if($wpdb->get_var("SHOW TABLES LIKE '$petitions_table'") != $petitions_table) { require_once(ABSPATH . 'wp-admin/upgrade-functions.php'); dbDelta(sprintf($petitions_table_sql,$charset_collate)); } // Create the table which holds the custom fields for individual petitions. if($wpdb->get_var("SHOW TABLES LIKE '$fields_table'") != $fields_table) { require_once(ABSPATH . 'wp-admin/upgrade-functions.php'); dbDelta(sprintf($fields_table_sql,$charset_collate)); } // Upgrade the petitions table if the custom fields column isn't present if($wpdb->get_var("SHOW COLUMNS FROM $signature_table LIKE 'fields'") != "fields") { $wpdb->get_results("ALTER TABLE $signature_table ADD `fields` TEXT;"); } // Upgrade the petitions table if the custom fields column isn't present if($wpdb->get_var("SHOW COLUMNS FROM $fields_table LIKE 'ts'") != "ts") { $wpdb->get_results("ALTER TABLE $fields_table ADD `ts` TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP;"); } // Upgrade the petitions table if the hide field isn't present if($wpdb->get_var("SHOW COLUMNS FROM $fields_table LIKE 'hide'") != "hide") { $wpdb->get_results("ALTER TABLE $fields_table ADD `hide` TINYINT(1);"); } // Upgrade the signatures table if the keep_private column isn't present if($wpdb->get_var("SHOW COLUMNS FROM $signature_table LIKE 'keep_private'") != "keep_private") { $wpdb->get_results("ALTER TABLE $signature_table ADD `keep_private` enum('on','off') NOT NULL default 'off';"); } // Change options to TEXT $wpdb->query("ALTER TABLE $fields_table MODIFY opt TEXT"); $wpdb->query("ALTER TABLE $signature_table MODIFY comment TEXT"); //$wpdb->query("ALTER TABLE $petitions_table MODIFY petition_confirmurl TEXT"); } /* * Imports data into a specified petition, from tables created by version 1 of the plugin */ function fcpetition_import_version1($target) { global $wpdb; global $old_table; global $signature_table; /* * The old database tables could only store a single petition per installation. Fetch these rows from the old table */ $old_rows = $wpdb->get_results("SELECT `email`,`name`,`confirm`,`comment`,`name`,`time` from $old_table"); $c = 0; foreach($old_rows as $row) { $q = "INSERT INTO $signature_table (`petition`,`email`,`name`,`confirm`,`comment`,`time`) values ($target,'$row->email','$row->name','$row->confirm','$row->comment','$row->time')"; $wpdb->query($q); $c++; } // Delete the old table $wpdb->query("DROP TABLE $old_table"); return $c; } /* Show the total number of confirmed signatures. * NEEDS fixing */ function fcpetition_count($petition){ global $wpdb; global $signature_table; $results = $wpdb->get_results("SELECT count(confirm) as c FROM $signature_table WHERE `confirm` = '' AND `petition` = $petition"); $count = $results[0]->c; return $count; } /* Show the total numbers of unconfirmed signatures * NEEDS fixing */ function fcpetition_countu($petition){ global $wpdb; global $signature_table; $results = $wpdb->get_results("SELECT count(confirm) as c FROM $signature_table WHERE `petition`= $petition"); $count = $results[0]->c; return $count; } /* Return the ID of the first petition. * Used so that management and options pages are initialised to display the * earliest extant petition. */ function fcpetition_first(){ global $wpdb; global $petitions_table; $results = $wpdb->get_results("SELECT `petition` FROM $petitions_table ORDER by `petition` limit 0,1"); if (count($results)==0) return false; return $results[0]->petition; } /* * The user facing section of the code. Inserts the petition into pages/posts. */ function fcpetition_filter_pages($content) { global $wpdb; global $signature_table; global $petitions_table; #Grab these first. This allows us to only match on the precise post. Otherwise the next regex would match on all posts with petitions. $petition = $wpdb->escape($_POST['petition']); $petition = wp_kses($petition,array()); if( $_POST['petition_posted'] == 'Y' && preg_match("/\[\[petition-$petition\]\]/",$content)) { #If the petition has been posted #Clean some of the input, make SQL safe and remove HTML from name and comment which may be displayed later. $name = $wpdb->escape($_POST['petition_name']); $name = htmlchars(wp_kses($name,array())); $email = $wpdb->escape($_POST['petition_email']); $email = htmlchars(wp_kses($email,array())); $comment = $wpdb->escape($_POST['petition_comment']); $comment = htmlchars(wp_kses($comment,array())); #$petition = $wpdb->escape($_POST['petition']); #$petition = wp_kses($petition,array()); $keep_private = $wpdb->escape($_POST['petition_keep_private']); $keep_private = wp_kses($keep_private,array()); $fields = base64_encode(serialize(fcpetition_collectfields($petition))); #Make sure that no one is cheekily sending a comment when they shouldn't be $rs = $wpdb->get_results("SELECT `petition_comments` from $petitions_table"); if($rs[0]->petition_comments == 0) $comment = ""; #Pretty much lifted from lost password code $confirm = substr( md5( uniqid( microtime() ) ), 0, 16); $wpdb->hide_errors(); if ($name == ""){ return __("Sorry, you must enter a name to sign the petition.","fcpetition"); } elseif (!is_email($email)){ return __("Sorry, \"$email\" does not appear to be a valid e-mail address.","fcpetition"); } else if (0) { return __("Sorry, your comment is longer than ".MAX_COMMENT_SIZE." characters.","fcpetition"); } elseif ($wpdb->query("INSERT INTO $signature_table (`petition`,`email`,`name`,`confirm`,`comment`,`time`,`fields`,`keep_private`) VALUES ('$petition','$email','$name','$confirm','$comment',NOW(),'$fields','$keep_private')")===FALSE){ # This has almost certainly occured due to a duplicate email key $wpdb->show_errors(); return __("Sorry, someone has already attempted to sign the petition using this e-mail address.","fcpetition"); } else { $wpdb->show_errors(); # Successful signature, send an e-mail asking the user to confirm if (OVERRIDE_VERIFICATION) { $wpdb->query("UPDATE $signature_table SET `confirm` = '' WHERE `confirm` = '$confirm'"); return __("Your signature has now been added to the petition. Thank you.","fcpetition"); } else { $petition_confirmation = str_replace('[[curl]]',$confirm_url,$petition_confirmation); fcpetition_mail($email,$petition); return __("Thank you for signing the petition. An e-mail has been sent to you so that you may confirm your signature.","fcpetition"); } } } else { #If not, decide whether to display the petition if (preg_match('/\[\[petition-(.*)\]\]/',$content,$m)) { return preg_replace('/\[\[petition-(.*)\]\]/',fcpetition_form($m[1]),$content); } else { return $content; } } } /* * Sends the confirmation e-mail for petition $po to $email. */ function fcpetition_mail($email,$po){ global $wpdb; global $signature_table; global $petitions_table; $rs = $wpdb->get_results("SELECT `petition_confirmation`,`petition_from`,`petition_title`,`confirm` from $signature_table,$petitions_table where $petitions_table.petition = $signature_table.petition and `email` = '$email' and $petitions_table.petition = '$po';"); $petition_confirmation = $rs[0]->petition_confirmation; $petition_from = stripslashes($rs[0]->petition_from); $petition_title = stripslashes($rs[0]->petition_title); $confirm = $rs[0]->confirm; $confirm_url = get_bloginfo('home') . "/?petition-confirm=$confirm"; $petition_confirmation = str_replace('[[curl]]',$confirm_url,$petition_confirmation); $subject = sprintf(__("Petition: Confirm your signing of the petition '%s'","fcpetition"),$petition_title); wp_mail($email,"$subject","$petition_confirmation","From: $petition_from"); } /* * Returns the HTML form to be presented in a page/post. */ function fcpetition_fetchattributes($petition){ global $wpdb; global $petitions_table; $rs = $wpdb->get_results("SELECT * from $petitions_table where `petition` = $petition"); if (count($rs) != 1) { return 0; } else { return $rs[0]; } } function fcpetition_form_top($petition,$action){ $pa = fcpetition_fetchattributes($petition); if($pa == 0) return "". __("This petition does not exist","fcpetition"). ""; $text = wpautop(stripslashes($pa->petition_text)); $comments_enabled = $pa->petition_comments; $name = __("Name","fcpetition"); $email = __("E-mail address","fcpetition"); $privacy = __("Do not display name on website","fcpetition"); $button = __("Sign the petition","fcpetition"); if($comments_enabled){ $comments_form = sprintf(__("Please enter an optional comment","fcpetition")).":

"; } $custom_fields = fcpetition_livefields($petition); return " $text "; } function fcpetition_form_bottom($petition) { global $wpdb; global $signature_table; global $petitions_table; $pa = fcpetition_fetchattributes($petition); if($pa == 0) return "". __("This petition does not exist","fcpetition"). ""; $petition_maximum = $pa->petition_maximum; $comments_enabled = $pa->petition_comments; if($petition_maximum == 0) { $sql = "SELECT `name`,`comment`,`fields`,`keep_private` from $signature_table WHERE `confirm`='' AND `petition` = '$petition' ORDER BY `time`"; $sub_title = __("Signatories"); } else { $sql = "SELECT `name`,`comment`,`fields`,`keep_private` from $signature_table WHERE `confirm`='' AND `petition` = '$petition' ORDER BY `time` DESC limit 0,$petition_maximum"; $sub_title = sprintf(__("Last %d of %d signatories","fcpetition"),min(fcpetition_count($petition),$petition_maximum),fcpetition_count($petition)); } # You can edit the following emtpy string if you wish. For instance: # $sub_form .= sprintf(""); $return .= sprintf(""); foreach($wpdb->get_results($sql) as $row) { // Is the name private? if ($row->keep_private == 'on') { $the_name = "xxxxxxxx"; } else { $the_name = $row->name; } if ($row->fields<>""){ $fields = fcpetition_prettyvalues(unserialize(base64_decode($row->fields)),$petition); } // Are comments enabled and a comment exists? if ( $comments_enabled == 1 && $row->comment != "") { $comment = stripslashes($row->comment); # The following format strings can be editted if you wish. For instance: # $sub_form .= sprintf("",$the_name,$fields,$comment); $return .= sprintf("

%s, %s
%s

",$the_name,$fields,$comment); } else { $return .= sprintf("

%s, %s

",$the_name,$fields); } } # You can edit the following emtpy string if you wish. For instance: # $sub_form .= sprintf("

"); $return .= sprintf(""); return $return; } function fcpetition_form($petition){ global $wpdb; global $signature_table; global $petitions_table; $pa = fcpetition_fetchattributes($petition); if($pa == 0) return "". __("This petition does not exist","fcpetition"). ""; // Fetch the petition's attributes $petition_maximum = $pa->petition_maximum; $petition_enabled = $pa->petition_enabled; // Check that the petition is enabled if(!$petition_enabled) return "".__("This petition is not enabled","fcpetition").""; $action = str_replace( '%7E', '~', $_SERVER['REQUEST_URI']); $form1 = fcpetition_form_top($petition,$action); $form2 = fcpetition_form_bottom($petition); return "

".$form1."

".$sub_title."

".$form2."

"; } function fcpetition_add_pages() { /* Add pages to the admin interface */ global $petitions_table; global $wpdb; add_options_page(__("Petition Add/Delete/Edit","fcpetition"), __("Petition Add/Delete/Edit","fcpetition"), 8,basename(__FILE__)."_main", 'fcpetition_main_page'); //Remove the options page, it doesn't really maintain the look and feel in 2.7. //add_options_page(__("Petition Settings","fcpetition"), __("Petition Settings","fcpetition"), 8,basename(__FILE__)."_settings", 'fcpetition_settings_page'); add_options_page(__("Petition Management","fcpetition"), __("Petition Management","fcpetition"), 8,basename(__FILE__)."_manage", 'fcpetition_manage_page'); } /* * Page for Adding/Deleting petitions. */ function fcpetition_main_page(){ global $wpdb; global $petitions_table; global $signature_table; global $old_table; global $options_defaults; //If a petition has been added if ($_POST['addpetition'] != ''){ $petition_title = $wpdb->escape($_POST['addpetition']); // Correctly form the SQL query $n = "(petition_title"; $v = "('$petition_title'"; foreach ($options_defaults as $option => $default) { if ($option == "petition_title") continue; $n .= ",`$option`"; $v .= ",'$default'"; } $n .= ")"; $v .= ")"; $wpdb->query("INSERT into $petitions_table $n values $v;"); } //Delete a petition if ($_POST['deletepetition'] != ''){ $petition = $wpdb->escape($_POST['deletepetition']); $wpdb->query("DELETE FROM $petitions_table WHERE `petition` = '$petition'"); $wpdb->query("DELETE FROM $signature_table WHERE `petition` = '$petition'"); } //Import petition data from version 1's database tables into a specified new petition if ($_POST['importpetition'] != ''){ $target = $wpdb->escape($_POST['importpetition']); $rows_imp = fcpetition_import_version1($target); ?>

get_results("SELECT `petition`,`petition_title` from $petitions_table ORDER BY `petition`") as $row) { ?>


petition;?>	petition_title);?>

get_results("SHOW TABLES FROM ".DB_NAME." LIKE '$old_table';"); if(count($old_t) > 0) { ?>

Import data from version 1.

get_results("SELECT `petition`,`petition_title` from $petitions_table ORDER BY `petition`"); if(count($plist) > 0) { ?>

escape($_GET['petition_export']); header('Content-Type: text/plain'); foreach ($wpdb->get_results("SELECT `name`,`email`,`comment`,`time`,`fields` from $signature_table WHERE `confirm`='' and `petition` = '$po' ORDER BY `time` DESC") as $row) { ?> "name); ?>","email); ?>","comment); ?>","time); ?>"fields))); ?> escape($_POST['petition_select']); } else { $po = fcpetition_first(); } /* $count - number of entries to display a time * default to ten unless the user asks otherwise */ if($_POST['count']) { $count = $wpdb->escape($_POST['count']); } elseif ($_GET['count']) { $count = $wpdb->escape($_GET['count']); } else { $count = 10; } /* $n - The row number of the first entry to be displayed. * Defaults to 0, start from the first row */ if($_POST['n']) { $n = $wpdb->escape($_POST['n']); } elseif ($_GET['n']) { $n = $wpdb->escape($_GET['n']); } else { $n = 0; } /* $i - the row number of the first row of the previous page * 0 if there is no previous page */ $i = ($n-$count>0)?$n-$count:0; /* $j - the row number of the first row of the next page */ $j = $n+$count; $base_url = $_SERVER['REQUEST_URI']; $base_url = preg_replace("/\&.*/","",$base_url); //Clear all signatures from a petition if( $_POST['clear'] == 'Y' ) { $wpdb->query("DELETE from $signature_table WHERE `petition`='$po'"); echo '

'; _e("Signatures cleared","fcpetition"); echo "

"; } //Delete a specific signature from a petition if($_POST['delete'] != ''){ $email = $_POST['delete']; $wpdb->query("DELETE FROM $signature_table WHERE `email` = '$email' AND `petition`='$po'"); echo '

'; _e("Signature Deleted.","fcpetition"); echo "

"; } //Deletes a comment from a specific signature if($_POST['erase'] != ''){ $email = $_POST['erase']; $wpdb->query("UPDATE $signature_table SET `comment`='' where `email` = '$email' AND `petition`='$po'"); echo '

'; _e("Comment erased.","fcpetition"); echo "

"; } //Resends a specific confirmation e-mail if($_POST['resend'] != ''){ $email = $_POST['resend']; fcpetition_mail($email,$po); echo '

'; _e("Confirmation e-mail resent.","fcpetition"); echo "

"; } if($_POST['manualconfirm'] != ''){ $email = $_POST['manualconfirm']; $wpdb->query("UPDATE $signature_table SET `confirm`='' where `email` = '$email' AND `petition`='$po'"); echo '

'; _e(sprintf("%s manually confirmed",$email),"fcpetition"); echo "

"; } //User asks to resend confirmation e-mails to all unconfirmed addresses from a specified petition if($_GET['resendall'] && !$_POST['resendall']){ //Fetch the petition name $nm = $wpdb->get_results("SELECT `petition_title` from $petitions_table where `petition` = $po"); $name = $nm[0]->petition_title; //Work out how many e-mails would be sent, this is used to warn the user from //spamming signatories. $ct = $wpdb->get_results("SELECT count(*) as c from $signature_table WHERE `petition`='$po' AND `confirm` != ''"); $cu = $ct[0]->c; ?>

get_results("SELECT `email` from $signature_table WHERE `petition`='$po' AND `confirm` != ''"); foreach($list as $addr) { fcpetition_mail($addr->email,$po); } echo '

'; _e("Confirmation e-mails resent.","fcpetition"); echo "

"; } ?>

get_results("SELECT `petition`,`petition_title` from $petitions_table ORDER BY `petition`"); if (count($plist)>0) { ?>

"; return;} ?>

get_results("SELECT * FROM $signature_table WHERE `petition`='$po' ORDER BY `time` DESC LIMIT $n,$count"); if (count($results) < 1) { _e("There are no signatures to manage yet","fcpetition"); return; } ?> | get_results("SELECT * FROM $petitions_table WHERE `petition`='$po'") as $row) { foreach ($options_defaults as $option => $default){ $$option = $row->$option; } } ?> Showing %d to %d of %d (%d confirmed)

","fcpetition"),$n +1,$j,fcpetition_countu($po),fcpetition_count($po)); ?> 0) { $pager .= "" . __("Previous $count","fcpetition") ." ... ";} if (count($results)==$count) { $pager .= "... ". __("Next $count","fcpetition") ."";} if ($pager != '') { echo "

".$pager."

";} ?> ".__("Comments","fcpetition").""; } ?> confirm=='') { $confirm = "".__("Signature confirmed.","fcpetition").""; } else { $confirm = $row->confirm; $confirm = $confirm . ""; if(OVERRIDE_CONFIRMATION) { $confirm .= ""; } } ?>


name); ?>	email); ?>	comment);?> comment != "") { ?> '>	time; ?>		keep_private; ?>	fields))); ?>	'>

get_results($sql); } /* * Deletes a custom field from the database */ function fcpetition_deletefield($po,$fieldname){ global $wpdb; global $fields_table; $sql = "DELETE FROM $fields_table WHERE `petition` = '$po' and `name` = '$fieldname'"; $wpdb->get_results($sql); } /* * Displays the custom fields in a form suitable for the options page. * Also defines the form for deletion of fields */ function fcpetition_displayfields($po) { global $wpdb; global $fields_table; $sql = "SELECT * FROM $fields_table WHERE `petition` = '$po' ORDER BY ts"; $res = $wpdb->get_results($sql); if (count($res) > 0) { ?>

Name	Type	Options	Printed
name; ?>	type; ?>	type != "select") { ?> opt; ?> "/>	hide == 0) { ?> No Yes	"/>

query($sql); } /* * Returns the HTML for the user to input data for defined custom fields */ function fcpetition_livefields($po) { global $wpdb; global $fields_table; $sql = "SELECT * FROM $fields_table WHERE `petition` = '$po' ORDER by ts"; $res = $wpdb->get_results($sql); $output = ""; if(count($res)>0) { foreach($res as $row){ if($row->hide == 1) { $lmsg = __(" (won't be published)","fcpetition");} else { $lmsg = "";} if($row->type == "text") { $output .= "$row->name$lmsg:

\n"; } elseif($row->type == "select") { $output .= "$row->name$lmsg:

"; } else { $output .= "Sorry, the type '$row->type' has not been implemented yet
"; } } } return $output; } /* * Scans the HTTP headers for submitted data matching defined custom fields. * Places the results in an array/map. This is later stored in serialized form * in the signature's database row. */ function fcpetition_collectfields($po) { global $wpdb; global $fields_table; $sql = "SELECT `name` FROM $fields_table WHERE `petition` = '$po' ORDER by ts"; $res = $wpdb->get_results($sql); if(!$res) return; foreach($res as $field) { $f = str_replace(" ","_",$field->name); if($_POST[$f]){ $package[$f] = $wpdb->escape($_POST[$f]); } else { $package[$f] = ""; } } return $package; } /* * The form for adding custom fields on the options page. */ function fcpetition_fieldform($po) { ?> $value) { print "$field: ".htmlchars($value)." "; } } function fcpetition_prettyvalues($package,$petition) { global $wpdb; global $fields_table; if(!$package) return; foreach($wpdb->get_results("SELECT name,hide FROM $fields_table WHERE petition = '$petition' ORDER BY ts") as $row) { $hide[$row->name] = $row->hide; } foreach ($package as $fieldname => $fieldvalue){ if($hide[$fieldname] == 1) { unset($package[$fieldname]); } } $custom_fields = ""; $custom_fields = htmlchars(implode(", ",$package)); return $custom_fields; } function htmlchars( $string ) { return str_replace("\n","
",htmlspecialchars(trim($string),ENT_QUOTES)); } /* * CSV output of the custom field data */ function fcpetition_csvfields($package) { if(!$package) return; foreach ($package as $field => $value){ print ",\"$value\""; } } function fcpetition_settings_page() { /* Handles the petition settings */ global $wpdb; global $options_defaults; global $signature_table; global $petitions_table; if($_POST['petition_select']) { $po = $wpdb->escape($_POST['petition_select']); } elseif ($_GET['petition_select']) { $po = $wpdb->escape($_GET['petition_select']); } elseif ($_POST['editpetition']) { $po = $wpdb->escape($_POST['editpetition']); } else { $po = fcpetition_first(); } #Fetch options foreach ($wpdb->get_results("SELECT * FROM $petitions_table WHERE `petition`='$po'") as $row) { foreach ($options_defaults as $option => $default){ $$option = stripslashes($row->$option); } } // Test for submitted data if( $_POST['submitted'] == 'Y' ) { foreach ($options_defaults as $option => $default){ //Perform any checks here, continue over any problem input if($option == "petition_confirmation" && !strpos($_POST[$option],"[[curl]]")) { $p_error = __("[[curl]] must appear in your confirmation email text.","fcpetition"); $petition_confirmation = $$option; continue; } //Update options table $$option = $_POST[$option]; $foo = $wpdb->escape($_POST[$option]); $wpdb->query("UPDATE $petitions_table set `$option` = '$foo' where `petition`='$po'"); } if($p_error != "") { print "

$p_error

"; } ?>

escape($_POST['fieldtype']); $fieldname = $wpdb->escape($_POST['fieldname']); $fieldhide = $wpdb->escape($_POST['hide'])=='on'?1:0; $fieldoptions = $wpdb->escape($_POST['options']); fcpetition_addfield($po,$fieldname,$fieldtype,$fieldoptions,$fieldhide); } if ( $_POST['deletefield']) { $fieldname = $wpdb->escape($_POST['fieldname']); fcpetition_deletefield($po,$fieldname); } if ( $_POST['editfieldoptions']){ $fieldname = $wpdb->escape($_POST['fieldname']); $fieldoptions = $wpdb->escape($_POST['fieldoptions']); fcpetition_changefieldoptions($po,$fieldname,$fieldoptions); } ?>

get_results("SELECT `petition`,`petition_title` from $petitions_table ORDER BY `petition`"); if(count($plist) > 0) { ?>

Written by James Davis and licensed under the GNU GPL. For assistance please visit this plugin's web page.

"; } ?>