Title: Contribution :)
Last modified: August 22, 2016

---

# Contribution :)

 *  [ekocode](https://wordpress.org/support/users/ekocode/)
 * (@ekocode)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/contribution-3/)
 * Bonjour,
    Merci pour ce plugin. Je n’ai pas vu de bugs et il est facile à utiliser.
   Toutefois pour un projet personnel, j’ai modifié deux fichiers pour : – Sécuriser
   un peu les accès au $_POST – Récupérer les valeurs des champs en cas de non validation
   afin de ne pas avoir à re-remplir le formulaire – Ajouter des messages d’erreurs
   pour chaque champs et un style .wrong ou .ok sur le champs en question – Ajouter
   un type de champs code postal (pas tout à fait fini)… – Limiter le contenu des
   champs à 32 caractères – Ajouter email, nom et prénom dans des colonnes spécifiques
   de la BDD afin de pouvoir faire des recherches (la sérialisation ne permet pas
   trop de trier), la table a été modifiée à la main…. Je n’ai pas modifier la partie
   admin car c’est un projet unique…. bref si cela intéresse voici les deux fichiers
   modifiés :
 * ++
    eKo
 * display_yawpp.php
 *     ```
       <?php
       //ligne de securité
       defined('ABSPATH') or die("No script kiddies please!");
   
       include(plugin_dir_path( __FILE__ ). '/display_functions.php');
   
       //Affichage du formulaire de la pétition
       function yawpp_display_form($id){
   
       	if(isset($_POST['submit_yawpp'])){
   
       		add_signs();
   
       	}
   
       	global $wpdb;
       	global $yawpp_error;
   
       	//variable de retour
       	$html = '';
   
       	//On récupère les champs de la pétition
       	$fields = $wpdb->get_results($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."yawpp_fields WHERE id_petition = %d  ORDER BY id ASC", $id), OBJECT);
       	$html .= $yawpp_error;
       	$html .= '<div class="form_yawpp"><fieldset><form name="form_yawpp" method="post">';
   
       	foreach ($fields as $field){
   
       		//recuperer les variables post securisées
       		global ${'yawpp_f_field'.$field->id};
       		global ${'yawpp_f_needed'.$field->id};
       		global ${'yawpp_f_wrongmail'.$field->id};
       		global ${'yawpp_f_unique'.$field->id};
       		global ${'yawpp_f_zipcode'.$field->id};
       		global $yawpp_post;
   
       		//test des champs ok pour l'affichage
       		if(${'yawpp_f_needed'.$field->id}==true
       			|| ${'yawpp_f_wrongmail'.$field->id}==true
       			|| ${'yawpp_f_unique'.$field->id}==true
       			|| ${'yawpp_f_zipcode'.$field->id}==true
       			)
       		{
       			$wrongClass="wrong";
       		}
       		else if ($yawpp_post)
       		{
       			$wrongClass="ok";
       		}
   
       		$html .= '<div class="field_yawpp '.$wrongClass.'"><label for="field'.$field->id.'">'.$field->text;
       		if($field->needed == 0){
       			$html .= ' : </label>';
       		}else{
       			$html .= '* : </label>';
       		}
   
       		switch($field->type){
       			case 'text':
       				$html .='<input type="text" name="field'.$field->id.'" id="field'.$field->id.'" value="'.${'yawpp_f_field'.$field->id}.'"/>';
       				break;
   
       			case 'email':
       				$html .='<input type="email" name="field'.$field->id.'" id="field'.$field->id.'" value="'.${'yawpp_f_field'.$field->id}.'"/>';
       				break;
   
       			case 'comment':
       				$html .='<textarea name="field'.$field->id.'" id="field'.$field->id.'">'.${'yawpp_f_field'.$field->id}.'</textarea>';
       				break;
       			case 'checkbox':
       				//verifier si la check box était checked
       				if(${'yawpp_f_field'.$field->id}=="1")
       				{
       					$checked="checked";
       				}
       				else
       				{
       					$checked="";
       				}
       				$html .= '<input type="checkbox" name="field'.$field->id.'" id="field'.$field->id.'" value="1" '.$checked.'/>';
       		}
       		$html .='<br /></div>';
   
       	}
   
       	$html .= '<p>* '.__("Champs obligatoires", 'yawpp').'</p><input type="hidden" name="id" value="'.$id.'" /><input type="submit" value="Valider" name="submit_yawpp" /></fieldset></form></div>';
   
       	return $html;		
   
       }
   
       //Affichage de la liste des signataires
       function yawpp_display_signs($id){
   
       global $wpdb;
   
       $html = null;
   
       //On récupère la liste des signataires pour la pétition
   
       $html .= '<div class="signs_yawpp">';
   
       $p = $wpdb->get_results($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."yawpp_petitions WHERE id = %d", $id), OBJECT);
   
       if(empty($p[0]->max)){
       	$result = $wpdb->get_results($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."yawpp_signs WHERE id_petition = %d ORDER BY id DESC", $id), OBJECT);
       }
       else{
       	$result = $wpdb->get_results($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."yawpp_signs WHERE id_petition = %d ORDER BY id DESC LIMIT 0, %d", $id, $p[0]->max), OBJECT);
       }
   
           if($result) {
   
           	//S'il y a des signataires, on affiche les champs dans le tableau
               $html .= "<table class='signs_table'>
               <thead>
               <tr>";
   
               //Affichage des entêtes du tableau
               $resultfields = $wpdb->get_results($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."yawpp_fields WHERE id_petition = %d", $id), OBJECT);
   
               foreach($resultfields as $rf){
               	if ($rf->private != 1) $html .= "<th>".$rf->text."</th>";
               }
   
               $html .=  "
               	</tr>
              		</thead>
               	<tfoot>
              	 	<tr>";
   
               foreach($resultfields as $rf){
               	if ($rf->private != 1) $html .=  "<th>".$rf->text."</th>";
               }
   
               $html .=  "
               </tr>
               </tfoot>";
   
               foreach($result as $r)
               {
                       $html .=  "<tbody><tr>";
   
                       //On désérialise les champs
                       $fieldsvalue = unserialize($r->fieldstable);
                       //On boucle sur les champs
                       foreach($resultfields as $rf){
       	                if ($rf->private != 1)  $html .=  "<td>".$fieldsvalue[$rf->id]."</td>";
       	            }
                       $html .=  '</td>';
                      $html .=  "<td></td></tr></tbody>";
               }
               $html .=  "</table>";
   
       	}else{
               $html .=  "<h3>".__("Aucun signataire pour cette pétition.", 'yawpp')."</h3>";
           }
   
           $html .=  '</div>';
   
       	return $html    ;
   
       }
   
       //Affichage du nombre de signataire
   
       function yawpp_display_num_signs($id){
   
       global $wpdb;
       	$wpdb->get_results($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."yawpp_signs WHERE id_petition = %d ORDER BY id DESC", $id), OBJECT);
   
       	return '<span class="yawppnumsign">'.$wpdb->num_rows.'</span>';
       }
       ?>
       ```
   
 * et display_fonctions.php
 *     ```
       <?php
   
       //ligne de securité
       defined('ABSPATH') or die("No script kiddies please!");
   
       ///verification du XSS en GET et en POST
       if (isset($_POST))
       {
       	foreach ($_POST as $key=>$secvalue)
       	{
       		//echo "debug0: key=".$key.",value=".$secvalue.",";
       		if (is_array($secvalue))
       		 {
       		 		$secvalue=implode(",",$secvalue);
       		 }
   
       		if (preg_match("/<[^>]*script*\"?[^>]*>/i", $secvalue))
       		{
       			if ($key!="form_description" && $key!="form_content") die ("You can't do this...");
       			// Traitement de la description saisie qui peut contenir du code
       		}
       	}
       }
       if (isset($_GET))
       {
       	foreach ($_GET as $key=>$secvalue)
       	{
       	 if (is_array($secvalue)) $secvalue=implode(",",$secvalue);
       		if (preg_match("/<[^>]*script*\"?[^>]*>/i", $secvalue))
       		{
       		if ($key!="form_description") die ("You can't do this...");
       		// Traitement de la description saisie qui peut contenir du code
       		}
       	}
       }
       // recuperation des variables de session
       if (isset($_SESSION)) foreach($_SESSION as $k=>$v) $$k=$v;
       //limite de taille des champs
       $nb_caractere_limit=32;
       // recuperation des parametres envoyes par formulaire (POST) ou URL (GET)
       if (isset($_POST)) foreach($_POST as $k=>$v) ${"yawpp_f_".$k}=substr($v, 0, $nb_caractere_limit);
       if (isset($_GET)) foreach($_GET as $k=>$v) ${"yawpp_f_".$k}=substr($v, 0, $nb_caractere_limit);
   
       /*-------------------------------------
       Vérification de l'unicité d'un champs
       --------------------------------------*/
   
       //Affichage de la liste des signataires
       function check_unicity($id, $field, $id_petition)
       {
   
       	global $wpdb;
   
       	//On récupère la liste des signataires pour la pétition
   
       	$result = $wpdb->get_results($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."yawpp_signs WHERE id_petition = %d", $id_petition), OBJECT);
   
           if($result)
       	{
   
       	        //On récupère les champs
       	        $resultfields = $wpdb->get_results($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."yawpp_fields WHERE id_petition = %d", $id_petition), OBJECT);
   
       		  foreach($result as $r)
       		  {
                       //On désérialise les champs
                       $fieldsvalue = unserialize($r->fieldstable);
                      	if ($fieldsvalue[$id] == $field) {
                      		return false;
                      	}
                      	else{
   
                      	}
   
               	}
       		return true;
   
       	}
       	else
       	{
       		return true;
   
           	}
   
       }
   
       /*----------------------------------------
       Ajout d'une signature à la base de donnée
       -----------------------------------------*/
   
       function add_signs()
       {
   
       	global $wpdb;
       	global $yawpp_f_id;
       	//On vérifie que tous les champs obigatoires ont été remplis
   
       	//On récupère l'ID de la pétition
       	$id_petition = $yawpp_f_id;
   
       	// On récupère les champs dans la base de donnée.
       	$fields = $wpdb->get_results($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."yawpp_fields WHERE id_petition = %d", $id_petition), OBJECT);
   
       	//On boucle sur les champs
       	$test = 0;
       	$wrongmail = 0;
       	$unique = 0;
       	$zipcode=0;
       	foreach($fields as $field)
       	{
       		//flag de passage en post
       		global $yawpp_post;
       		$yawpp_post=true;
   
       		global ${'yawpp_f_field'.$field->id};
       		global ${'yawpp_f_needed'.$field->id};
       		global ${'yawpp_f_wrongmail'.$field->id};
       		global ${'yawpp_f_unique'.$field->id};
       		global ${'yawpp_f_zipcode'.$field->id};
       		//echo 'yawpp_f_field'.$field->id." :";
       		//echo ' -'.$field->text.'- ';
       		//echo ${'yawpp_f_field'.$field->id};
       		//echo "<br />";
   
       		//champs obligatoire
       		if(($field->needed == 1) && (empty(${'yawpp_f_field'.$field->id})))
       		{
   
       			$test++;
       			${'yawpp_f_needed'.$field->id}=true;
   
       		}
   
       		//champs email
       		if(($field->type == "email") &&((!filter_var(${'yawpp_f_field'.$field->id}, FILTER_VALIDATE_EMAIL) || ${'yawpp_f_field'.$field->id}=="" )))
       		{
   
       			$wrongmail++;
       			${'yawpp_f_wrongmail'.$field->id}=true;	
   
       		}
   
       		//champs unique
       		if(($field->uniquefield == 1) && (!check_unicity($field->id, ${'yawpp_f_field'.$field->id}, $id_petition)))
       		{
   
       			$unique++;
       			${'yawpp_f_unique'.$field->id}=true;			
   
       		}
       		//champs code postal
       		if(($field->type == "zipcode") && (!filter_var(${'yawpp_f_field'.$field->id}, FILTER_VALIDATE_INT)) && (strlen (${'yawpp_f_field'.$field->id}))==5)
       		{
   
       			$zipcode++;
       			${'yawpp_f_zipcode'.$field->id}=true;	
   
       		}	
   
       	}
   
       	// ok pour signer
       	if($test == 0 && $wrongmail == 0 && $unique == 0 && $zipcode == 0)
       	{
       		//Sérialisation des valeurs des champs
       		$fieldstable[] = NULL;
   
       		//champs enregistré en dur : nom prénom et email
       		$nom="";
       		$prenom="";
       		$email="";
   
       		foreach($fields as $field){
   
       			if(empty(${'yawpp_f_field'.$field->id}))
       			{
       				$fieldstable[$field->id] = '';
       			}else{
       				$fieldstable[$field->id] = ${'yawpp_f_field'.$field->id};
       			}
       			//quelques champs en dur dans la bdd (pour les recherches)
       			switch(strtolower($field->text))
       			{
       				case "email" :
       				//echo "email ok";
       				$email=${'yawpp_f_field'.$field->id};
       				break;
       				case "prénom" :
       				//echo "prenom ok";
       				$prenom=${'yawpp_f_field'.$field->id};
       				break;
       				case "nom" :
       				//echo "nom ok";
       				$nom=${'yawpp_f_field'.$field->id};
       				break;
       			}
   
       		}
   
       		$serializefields = serialize($fieldstable);
       		$wpdb->query($wpdb->prepare("INSERT INTO ".$wpdb->prefix."yawpp_signs (time, fieldstable, display, id_petition,email,firstname,lastname) VALUES ( now(), %s, 1, %d, %s,%s,%s)", $serializefields,  $id_petition, $email, $prenom, $nom));
       		echo '<div class="okmessage_yawpp">'.__("Merci, votre signature a bien été enregistrée.", 'yawpp').'</div>';
       	}
   
       	else
       	{
       		global $yawpp_error;
   
       		//generer les messages d'erreur
       		$yawpp_error="";
       		$yawpp_error.= '<div class="errormessage_yawpp">';
       		foreach($fields as $field)
       		{	
   
       			//erreur obligatoire
       			if(${'yawpp_f_needed'.$field->id}==true)
       			{
       				$yawpp_error.= $field->text." ".__("est un champs obligatoires.", 'yawpp').'<br />';
       			}
       			//erreur unique
       			if(${'yawpp_f_unique'.$field->id}==true)
       			{
       				$yawpp_error.= __("Cet email a déjà été utilisé pour une autre inscription.", 'yawpp').'<br />';
       			}
       			//erreur email
       			if(${'yawpp_f_wrongmail'.$field->id}==true)
       			{
       				$yawpp_error.= $field->text." ".__("n'est pas un e-mail valide.", 'yawpp').'<br />';
       			}
       			//erreur code postal
       			if(${'yawpp_f_zipcode'.$field->id}==true)
       			{
       				$yawpp_error.= $field->text." ".__("n'est pas un code postal valide.", 'yawpp').'<br />';
       			}
       		}
       		$yawpp_error.= '</div>';
       	}
       }
   
       ?>
       ```
   
 * [https://wordpress.org/plugins/yawpp/](https://wordpress.org/plugins/yawpp/)

The topic ‘Contribution :)’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/yawpp_fcd7da.svg)
 * [YAWPP (Yet Another Wordpress Petition Plugin)](https://wordpress.org/plugins/yawpp/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/yawpp/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/yawpp/)
 * [Active Topics](https://wordpress.org/support/plugin/yawpp/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/yawpp/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/yawpp/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [ekocode](https://wordpress.org/support/users/ekocode/)
 * Last activity: [11 years, 8 months ago](https://wordpress.org/support/topic/contribution-3/)
 * Status: not resolved