sawade

hmmm... I don't know about the backup files. Couldn't find any. I am aware of the implode issue. I did some more tweaking of the htaccess.

Figured it out.

That works perfect. Thank you so much!

Hmmm. Okay. So I decided to see if your code is validating... add well it's not. You have 122 errors in your code. These errors could be why it's not working for you. I will add in the URL which I am hoping will retain your code and it's results. http://validator.w3.org/check If it doesn't. Just copy and paste your code into the validator and it will show you the results again. Also, I am not positive so double check in your free time. But I believe XHTML only allows for double quotes. IE = <a href='textsample.php'>Site map</a> would be <a href="textsample.php">Site map</a>

I made some changes. Thank you. Now when I do access the folders I want it does change to the SSL, but once I click on a page in the secure folder if I click lets say back to the home page it is still under the SSL. It doesn't revert back to the regular http. My full script: Options +FollowSymLinks RewriteEngine On RewriteBase / AddHandler application/x-httpd-php5s .php # REDIRECT if www or not to www.domain.com RewriteCond %{HTTP_HOST} ^domain.com$ [OR] RewriteCond %{HTTP_HOST} ^www.domain.com$ RewriteRule ^/?$ "http\:\/\/www\.domain\.com\/" [R=301,L] # REDIRECT w/ folder secureforms/forms/ to SSL RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} (/secureforms/forms//?)|(/secureforms/forms//.*)$ RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301] <Files .htaccess> deny from all </Files> Also, using the host generator, I made the following code. But when I try to test it in a browser, the browser just thinks and thinks. I close it down after 5 minutes and no results. # REDIRECT if www or not to www.domain.com RewriteCond %{HTTP_HOST} ^domain.com$ [OR] RewriteCond %{HTTP_HOST} ^www.domain.com$ RewriteRule ^/?$ "http\:\/\/www\.domain\.com\/" [R=301,L]

Okay. Let me say this. I know nothing about how to code a .htaccess file. The host service we are using has a generator, however when I try to use it I only get errors. So i found a code on line to use in the mean time. RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L] However what I want it to do is... The main site be a normal http, but once the pages in a certain folder are accessed it goes to the SSL. Right now the whole site is under the SSL. Next Question: We have several forms on the site. We use the POST global in PHP to process them. We want to make it so if they try to hack it through GET or otherwise that it will deny them. I have this, but I don't know if it is right. <Files .htaccess> deny from all </Files> <Limit GET> deny from all </Limit> Last Question: Is this acceptable code? # BLOCK Spambots RewriteEngine on RewriteBase / RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR] RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR] RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR] RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR] RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[bb]andit [OR] RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR] RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR] RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] RewriteCond %{HTTP_USER_AGENT} ^Ping [OR] RewriteCond %{HTTP_USER_AGENT} ^Link [OR] RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR] RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR] RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR] RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR] RewriteCond %{HTTP_USER_AGENT} ^psbot [OR] RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailCollector RewriteRule ^.* - [F] RewriteCond %{HTTP_REFERER} ^http://www.iaea.org$ RewriteRule !^http://[^/.]\.mydomain.com.* - [F] Thanks!!!

I think I have this figured out. I added in code that unlinks the file after it is emailed. I also made some more adjustments to the code. But I am still getting the same results. What it CAN do: 1- Create and write data to the file 2- Create and send the email 3- Received email is BLANK but does show an attachment, however attachment can not be opened. 4- Complete the echo confirm on the website What is is FAILING at: 1- Successfully attaching to the email message 2- Showing the actual email message I am getting so close to completing this. I'm sure it is something small that I am missing. Here is the new code: // Send the Email require_once "/Mail.php"; require_once "/ContactConstants.php"; //Creates CSV file $cr = "\n"; $csvData = "Name" . ',' . "Phone" . ',' . "Email" . ',' . "Question/Comment" . $cr; $csvData .= $visitor_name . ',' . $phone_number . ',' . $email_address . ',' . $question_comment . $cr; //Open the file $filehandler = fopen("csvdemo.csv","a") or die("Can't write file."); //change to "w" later fwrite($filehandler,$csvData); // Write information to the file fclose($filehandler); // Close the file $attachments[] = Array( 'data' => $csvData, 'name' => 'csvdemo.csv', 'type' => 'application/vnd.ms-excel'); //Generate a boundary string $semi_rand = md5(time()); $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; $to = $email_address; $headers['Subject'] = "CSV"; $headers['From'] = CONTACT_US; //Headers for a file attachment $headers['MIME-Version'] = '1.0'; $headers['Content-Type'] = 'multipart/mixed; boundary=\"{$mime_boundary}\"'; $smtp["host"] = SMTP_HOST; $smtp["port"] = SMTP_PORT; $smtp["auth"] = true; $smtp["username"] = SMTP_USERNAME; $smtp["password"] = SMTP_PASSWORD; $msg = "This is a multi-part message in MIME format.\n\n" . "--{$mime_boundary}\n" . "Content-Type: text/csv; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" . "Code No.: $user_pass_phrase\n" . "IP: $client_ip_address\n" . "Date: $date\n" . "Name: $visitor_name\n" . "Phone Number: $phone_number\n" . "E-mail Address: $email_address\n" . "Question or Comment: $question_comment\n" . "\n\n"; //Add attachments foreach($attachments as $attachment){ $data = chunk_split(base64_encode($attachment['data'])); $name = $attachment['name']; $type = $attachment['type']; $msg .= "--{$mime_boundary}\n" . "Content-Type: {$type};\n" . " name=\'{$name}\'\n" . "Content-Disposition: attachment;\n" . "filename=\'{$name}\'\n" . "Content-Transfer-Encoding: base64\n" . $data . "\n\n" . "--{$mime_boundary}--\n"; } // Sends the email $mail = Mail::factory('smtp', $smtp); $mail->send($to, $headers, $msg) or die('Error while processing your submission.'); //Delete Created File if (unlink($name)) { echo '<p class="error">FILE DELETED</p>'; } else { echo '<p class="error">FILE NOT DELETED</p>'; } // Confirm success with the user

Learning takes time. For a good resource that offers LOTS of hands on projects. Head First PHP and MYSQL by O'Reilly. It breaks it down in an easy to understand fashion.

Okay, here is the code. Use CSS to make it pretty (IE: add borders, changes font size, colors etc.) Everyone has their own preference in reference to HTML or XHTML. I personally use XHTML since sooner or later HTML will be completely a thing of the past and I'd rather not have to relearn anything when it does happen. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <style type="text/css"> * { margin: 0; padding: 0; } body { width: 800px; margin-left: auto; margin-right: auto; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: small; } table { width: 100%; } th { vertical-align: top; } #column { float: right; width: 40%; padding: 5px; margin: 5px; } #content { width: 40%; padding: 5px; } #reviews { width: inherit; } </style> </head> <body> <div id="body"> <!--Overview--> <table id="overview" summary=""> <tr> <th rowspan="2">Suggestions, Rating and Review: </th> <td rowspan="2">Nike air Jordan </td> <th>Rating: </th> <td>---- </td> </tr> <tr> <th>Price: </th> <td>$70.90 </td> </tr> </table> <!--Summary--> <div id="column"> <table id="" summary=""> <tr> <th>Rate: </th> <td>Nike Air Jordan </td> </tr> <tr> <th>Rate: </th> <td>Insert image/script for rating </td> </tr> <tr> <th colspan="2">Seasoning Suggestions </th> </tr> <tr> <th>Describe your like about the shoe: </th> <td><textarea name="positive" rows="10"></textarea> </td> </tr> <tr> <th>Shoe resistance: </th> <td><textarea name="resistance" rows="10"></textarea> </td> </tr> <tr> <th>Do you regret: </th> <td><textarea name="regret" rows="5"></textarea> </td> </tr> <tr> <th>Describe show materials: </th> <td><textarea name="materials" rows="5"></textarea> </td> </tr> <tr> <th>Appearance: </th> <td><textarea name="appearance" rows="5"></textarea> </td> </tr> <tr> <th>Critic Shape and Form: </th> <td><textarea name="critic" rows="5"></textarea> </td> </tr> </table> </div> <div id="content"> <table id="" summary=""> <tr> <th colspan="2">Healthy Suggestions </th> </tr> <tr> <th>Description of Comfort level: </th> <td><textarea name="comfort" rows="10"></textarea> </td> </tr> <tr> <th>Description of energy level: </th> <td><textarea name="energy" rows="10"></textarea> </td> </tr> <tr> <th>How does it make you feel: </th> <td><textarea name="feel" rows="5"></textarea> </td> </tr> <tr> <th>What was the purpose: </th> <td><textarea name="purpose" rows="5"></textarea> </td> </tr> <tr> <th>How long have you used: </th> <td><input name="used" type="text" size="25" /> </td> </tr> </table> </div> <!--Reviews--> <div id="reviews"> <table id="" summary=""> <tr> <th colspan="2">Pros and Cons Reviews </th> </tr> <tr> <th>Pros: </th> <td><textarea name="pros" rows="20" cols="80"></textarea> </td> </tr> <tr> <th>Cons: </th> <td><textarea name="cons" rows="20" cols="80"></textarea></td> </tr> </table> </div> </div> </body> </html>

OKay wow. No offense, but I got way confused trying to read your code. Try comment tags to make it easier to read not just for other people but for yourself as well. Also, one word. CSS. I have your code, and am sifting through it. I'll let you know when I have something for you.

You have: <a href='dc-34f.php#order_form'> Try: <a href='#order_form'> Why: You don't need the page name since you are in the page. Hope that helps.

I did see one div layer that was different, so i repositioned it on the contact us page. But did not change the outcome. It is still repositioning only this one page. Each page is fully mirrored, so this is confusing and irritating. Thanks for any help.

Thank you. That fixed the header issue. So I don't get any error messages. But the email that I receive is blank. It shows that there is an attachment, but I can't get to it. require_once "/Mail.php"; require_once "/ContactConstants.php"; //Creates CSV file $cr = "\n"; $csvData = "Name" . ',' . "Phone" . ',' . "Email" . ',' . "Question/Comment" . $cr; $csvData .= $visitor_name . ',' . $phone_number . ',' . $email_address . ',' . $question_comment . $cr; //Open the file $filehandler = fopen("csvdemo.csv","a") or die("Can't write file."); //change to "w" later fwrite($filehandler,$csvData); // Write information to the file fclose($filehandler); // Close the file $attachments[] = Array( 'data' => $csvData, 'name' => 'csvdemo.csv', 'type' => 'application/vnd.ms-excel'); //Generate a boundary string $semi_rand = md5(time()); $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; $to = $email_address; $headers['Subject'] = "CSV"; $headers['From'] = CONTACT_US; //Headers for a file attachment $headers['MIME-Version'] = '1.0'; $headers['Content-Type'] = 'multipart/mixed; boundary=\"{$mime_boundary}\"'; $smtp["host"] = SMTP_HOST; $smtp["port"] = SMTP_PORT; $smtp["auth"] = true; $smtp["username"] = SMTP_USERNAME; $smtp["password"] = SMTP_PASSWORD; $msg = "--{$mime_boundary}\n" . "Content-Type: text/csv; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: base64\n" . "Content-Disposition: attachment; filename='csvdemo.csv'\n\n" . "Code No.: $user_pass_phrase\n" . "IP: $client_ip_address\n" . "Date: $date\n" . "Name: $visitor_name\n" . "Phone Number: $phone_number\n" . "E-mail Address: $email_address\n" . "Question or Comment: $question_comment\n" . "\n\n"; //Add attachments foreach($attachments as $attachment){ $data = chunk_split(base64_encode($attachment['data'])); $name = $attachment['name']; $type = $attachment['type']; $msg .= "--{$mime_boundary}\n" . "Content-Type: $type name= $name\n" . "Content-Transfer-Encoding: base64\n" . $data . "\n\n" ; } $msg .= "--{$mime_boundary}--\n\n"; // Sends the email $mail = Mail::factory('smtp', $smtp); $mail->send($to, $headers, $msg) or die('Error while processing your submission.');

I made some changes in the code. Tried rewriting the headers. But I still get stuck on the foreach() in mail.php file. Which is a pear file. Basically I know it doesn't like the $headers variable strings, but am not sure how to fix them. // Send the Email require_once "Mail.php"; require_once "ContactConstants.php"; $to = $email_address; $subject = "CSV"; $smtp["host"] = SMTP_HOST; $smtp["port"] = SMTP_PORT; $smtp["auth"] = true; $smtp["username"] = SMTP_USERNAME; $smtp["password"] = SMTP_PASSWORD; $msg = "Code No.: $user_pass_phrase\n" . "IP: $client_ip_address\n" . "Date: $date\n" . "Name: $visitor_name\n" . "Phone Number: $phone_number\n" . "E-mail Address: $email_address\n" . "Question or Comment: $question_comment"; //Creates CSV file $cr = "\n"; $csvData = "Name" . ',' . "Phone" . ',' . "Email" . ',' . "Question/Comment" . $cr; $csvData .= $visitor_name . ',' . $phone_number . ',' . $email_address . ',' . $question_comment . $cr; //Open the file $filehandler = fopen("csvdemo.csv","a") or die("Can't write file."); //change to "w" later fwrite($filehandler,$csvData); // Write information to the file fclose($filehandler); // Close the file $attachments[] = Array( 'data' => $csvData, 'name' => 'csvdemo.csv', 'type' => 'application/vnd.ms-excel'); //Generate a boundary string $semi_rand = md5(time()); $mime_boundary = "==Multipart_Boundary_x{$semi_rand}x"; //Add the headers for a file attachment $headers = 'From: CONTACT_US' . "\r\n"; $headers .= 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-Type: multipart/mixed; boundary=\"{$mime_boundary}\"' . "\r\n"; //Add a multipart boundary above the plain message $message = "--{$mime_boundary}\n" . "Content-Type: text/csv; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 8bit\n\n" . "Content-Disposition: attachment; filename=\"csvdemo.csv\"\n\n" . $msg . "\n\n"; //Add attachments foreach($attachments as $attachment){ $data = chunk_split(base64_encode($attachment['data'])); $name = $attachment['name']; $type = $attachment['type']; $message .= "--{$mime_boundary}\n" . "Content-Type: {$type};\n" . " name=\"{$name}\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data . "\n\n" ; } $message .= "--{$mime_boundary}--\n\n"; // Sends the email $mail = Mail::factory('smtp', $smtp); $mail->send($to, $subject, $message, $headers) or die('Error while processing your submission.');

OKay, the only thing I could think of was that it is able to find the file where the email address were kept. SO - I moved the files with email addresses out of the public_html area and into a non accessible area. Ran my tests, and the forms still work fine. *fingers crossed*

Phew. That was a lot of code to go through. But it's all done. All variables filtered and all email addresses removed.

Made some more updates. My list of these updates to make to my other forms is growing. LOL That's the point of all this though right. Trial and error. Getting it wrong is how we learn.

Yeah I have that fixed. I am moving my smtp login info into a seperate file and placing it out of public directory. Thanks for the help. I will post again when I have updated.

I don't know how I would update the ssl, it's not mine. Co-worker bought it. Fixed variables. For the XSS: When the site is finished and is moved, all form php files will be moved off of the public_html directory. Will that fix this?

I tried it. Still have the same error.

Anyone? How to make $headers = blah; to $headers['blah'] = blah;

Okay disabled

I have validated all my pages. All pass as XHTML strict 1.0. My contact us form is PHP, as all my forms are. But firefox is only affecting this one. I thought maybe it had to do with styling on my divs, but all divs are mirrored on all pages. I will include my navi html and the html (minus php) for the contact us form. navi: <div id="navigation"> <ul> <li id="active">Home</li> <li><a href="" title="">Page</a></li> <li><a href="Page.html" title="">Page</a></li> <li><a href="Page.html" title="">Page</a></li> <li><a href="Page.html" title="">Page</a></li> <li><a href="contactus.php" title="Our online contact form.">Contact Us</a></li> </ul> </div> contact us: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <meta name="keywords" content="" /> <meta name="description" content="This is ...." /> <meta name="author" content="Sarah Wade" /> <title>Web site Title</title> <link type="text/css" rel="stylesheet" href="style.css" media="screen" /> </head> <body> <div id="body"> <div id="header"> <p><img src="images/Tital.gif" alt="" /></p> <div id="navigation"> <ul> <li><a href="index.html" title="">Index</a></li> <li><a href="" title="">Page</a></li> <li><a href="page.html" title="">Page</a></li> <li><a href="page.html" title="">Page</a></li> <li><a href="page.html" title="">Page</a></li> <li id="active">Contact Us</li> </ul> </div> </div> removed php ... <div id="content"> <div id="form"> <form method="post" action=""> ... </form> </div> </div> <div id="footer"> <p>Terms of Use | Privacy Policy</p> <p>© 2009, Sarah Wade<br /> All trademarks and registered trademarks appearing on this site are the property of their respective owners.</p> </div> </div> </body> </html>

Thank you.

That is correct. The quotes got cut off during editting for the post. As for the value staying during a refresh, as long as the form as been submitted once, you can refresh the page and they hold.