<?php
/**
 * Internet Persuasion
 * Dynamic Form Display System
 * Written By: Wesley Jordan 09-28-2009
 */
$fwOption['authUser'] = false;
$fwOption['requireSSL'] = false;
$fwOption['loadClass']['crypto'] = true;
require_once("../../includes/FrameWork.php");

# ================================================================================================================
# Get the variables that were passed in an encrypted string
ConvertEncryptedGETtoPOST(); #$out = print_r($_POST,1); echo "<pre>$out</pre>";
if( count($_POST) == 0 )
{
  throwException("The encrypted string is either missing or invalid.", __FILE, __LINE, "", false, false);
  echo "document.write('Form Error');";
  exit;
}

/**
 * Incoming Variables
 * f = form_id
 * u = user_id
 * r = return uri
 * o = opt-in uri
 * e = email campaign_id (optional)
 * s = source_id (optional)
 * c = category_id (optional)
 * h = http_host (optional)
 */
# ================================================================================================================
# Make sure that the encrypted string decoded properly and contains the required variables
    if( !isset($_POST['f']) || $_POST['f']=="" ) { throwException("The encoded string is missing the variable: 'f'", __FILE__, __LINE__, "", false, false); echo "document.write('Form Error');"; exit; }
elseif( !isset($_POST['u']) || $_POST['u']=="" ) { throwException("The encoded string is missing the variable: 'u'", __FILE__, __LINE__, "", false, false); echo "document.write('Form Error');"; exit; }

# ================================================================================================================
# Get the Form
$sql = "SELECT form_html FROM bo_wc_forms WHERE form_id='$_POST[f]'";
if( !$rs = $conn->Execute($sql) ) { throwException($conn->ErrorMsg(), __FILE__, __LINE__, $sql, false, false); echo "document.write('Form Error');"; exit; }
if( $rs->RecordCount() == 0 ) { throwException("Invalid Form Specified", __FILE__, __LINE__, $sql, false, false); echo "document.write('Form Error');"; exit; }
$FORM = $rs->Fields("form_html");

# ================================================================================================================
# Check that the required 'return uri' and 'opt-in uri' are either set in the form or passed in
$pos = strpos($FORM,'[ret_uri]');
if( $pos!==false && (!isset($_POST['r']) || $_POST['r']=="") ) { throwException("The required variable: 'r' is not set.", __FILE__, __LINE__, "", false, false); echo "document.write('Form Error');"; exit; }
//$pos = strpos($FORM,'[optin_uri]');
//if( $pos!==false && (!isset($_POST['o']) || $_POST['o']=="") ) { throwException("The required variable: 'o' is not set.", __FILE__, __LINE__, "", false, false); echo "document.write('Form Error');"; exit; }

# ================================================================================================================
# Default the optional variables to "" if they weren't passed in.
if( !isset($_POST['e']) || $_POST['e']=="" ) $_POST['e'] = "";
if( !isset($_POST['s']) || $_POST['s']=="" ) $_POST['s'] = "";
if( !isset($_POST['c']) || $_POST['c']=="" ) $_POST['c'] = "";
if( !isset($_POST['h']) || $_POST['h']=="" ) $_POST['h'] = "internetpersuasion.com";
if( !isset($_POST['b']) || $_POST['b']=="" ) $_POST['b'] = " Click here to Learn More! ";

# ================================================================================================================
# Get the sysCode from the users account
$sql = "SELECT system_code 
          FROM fw_user_accounts a 
     LEFT JOIN fw_users u on u.acct_id=a.acct_id 
         WHERE u.user_id='$_POST[u]'";
if( !$rs = $conn->Execute($sql) ) { throwException($conn->ErrorMsg(), __FILE__, __LINE__, $sql, false, false); echo "document.write('Form Error');"; exit; }
if( $rs->RecordCount() == 0 ) { throwException("Invalid UserID Specified ($_POST[u])", __FILE__, __LINE__, $sql, false, false); echo "document.write('Form Error');"; exit; }
$sysCode = $rs->Fields("system_code");

# ================================================================================================================
# Replace the Merge Codes with Data
$FORM = str_replace("[ret_uri]",$_POST['r'],$FORM);
$FORM = str_replace("[optin_uri]",$_POST['o'],$FORM);
$FORM = str_replace("[source_id]",$_POST['s'],$FORM);
$FORM = str_replace("[cat_id]",$_POST['c'],$FORM);
$FORM = str_replace("[camp_id]",$_POST['e'],$FORM);
$FORM = str_replace("[sysCode]",$sysCode,$FORM);
$FORM = str_replace("[user_id]",$_POST['u'],$FORM);
$FORM = str_replace("[http_host]",$_POST['h'],$FORM);
$FORM = str_replace("[btn_txt]",$_POST['b'],$FORM);
$FORM = str_replace('"',"'",$FORM);

# ================================================================================================================
# Prepare the form to be output to the screen
$js = "";
$lines = preg_split('/\n|\r|\n\r/',$FORM);
foreach($lines as $line)
{
  $line = trim($line);
  if( $line == "" ) continue;
  
  if( $js == "" ) $js = 'var formHTML = "'; else $js .= ' \\'."\n";
  $js .= "$line";
}
$js .= '";';

# ================================================================================================================
# Output the form to the screen
echo "$js\n";
echo "document.write(formHTML);";
?>