can someone check this script ?

leemer · July 29, 2006

Can someone look over this script and tell me why in this form mailer that the address,city,state,zipcode, and phone number does not show up? and i recieve no errors as well.
but, everything else seems to work just fine like the name,email and random numbers.

<?php

//----- Start Config -----\\

//enter the path to sendmail
$mail_path = "/usr/sbin/sendmail";

//Recipient should be selected from a list, true or false
$listofrecipients = "false";

//sub variable (only edit if above value is set to false)
//enter the email address you wish emails to be sent to
$mail_to = "email is added here";

//sub variable (only edit if above value is set to true)
//define list of recipients the user can chose from. Name & Email address should be seperated by ><
$recipientslist = array("Name 1 >< name1@yourdomain.com", "Name 2 >< name2@yourdomain.com", "Name 3 >< name3@yourdomain.com");

//Subject should be selected from a list, true or false
$listofsubjects = "true";

//sub variable (only edit if above value is set to true)
//define list of subjects the user can chose from
$subjects = array("Ordering", "Free Price Quote","Questions","Website Help", "Other");

//use security code feature, true or false
$usesecuritycode = "true";

//use time limit feature, true or false
$usetimelimit = "true";

//sub variable (only edit if above value is set to true)
//set time delay if using time limit feature
$delay = "60";

//redirect to another page after successful submission, true or false
$redirectonsuccess = "true";

//sub variable (only edit if above value is set to true)
//set address of page to redirect to after successful submission, can be relative
$redirecturl = "webpage on server";

//allow user to get a copy of the message sent to them, true or false
$copyme = "true";

//store submissions in a database, true or false
$store = "true";

//sub variables (only edit if above value is set to true
//MySQL Host
$host = "localhost";
//MySQL User
$user = "username";
//MySQL Pass
$pass = "password";
//MySQL Database Name
$dbname = "databasename";
//Table Name
$tablename = "ContactFormLog";
//Date Format, see http://www.php.net/date
$dateformat = "d/m/Y H:i:s";

//user has to preview before can submit, true or false
$preview = "true";

//remember user's name and e-mail, true or false
$rememberdetails = "true";

//sub variables (only edit if above value is set to true
//Days to remember details for
$rememberdays = "7";

//----- End Config -----\\

//----- Start Set PHP Variables -----\\
ini_set("sendmail_path", $mail_path);
ini_set("magic_quotes_gpc", 1);
//----- End Set PHP Variables -----\\

//----- Start Functions -----\\

//function to check email format
function check_email($str)
{
if(ereg("^.+@.+\\..+$", $str))
return 1;
else
return 0;
}

//function to get submitted values
function get_values($slashes,$decode)
{
global $userName;
global $useraddress;
global $usercity;
global $userstate;
global $userzipcode;
global $userphone;
global $userEmail;
global $userSubject;
global $userMessage;
global $userCopyMe;
global $userEmailTo;
global $rememberdetails;

$userName = htmlentities(strip_tags($_POST['userName']));
$useraddress = htmlentities(strip_tags($_POST['useraddress']));
$usercity = htmlentities(strip_tags($_POST['usercity']));
$userstate = htmlentities(strip_tags($_POST['userstate']));
$userzipcode = htmlentities(strip_tags($_POST['userzipcode']));
$userphone = htmlentities(strip_tags($_POST['userphone']));
$userEmail = htmlentities(strip_tags($_POST['userEmail']));
$userSubject = htmlentities(strip_tags($_POST['userSubject']));
$userMessage = htmlentities(strip_tags($_POST['userMessage']));
$userCopyMe = htmlentities(strip_tags($_POST['userCopyMe']));
$userEmailTo = htmlentities(strip_tags($_POST['userEmailTo']));

if ($slashes == "1") {

$userName = stripslashes($userName);
$useraddress = stripslashes($useraddress);
$usercity = stripslashes($usercity);
$userstate = stripslashes($userstate);
$userzipcode = stripslashes($userzipcode);
$userphone = stripslashes($userphone);
$userEmail = stripslashes($userEmail);
$userSubject = stripslashes($userSubject);
$userMessage = stripslashes($userMessage);
$userCopyMe = stripslashes($userCopyMe);
$userEmailTo = stripslashes($userEmailTo);

}

if ($decode == "1") {

$userName = html_entity_decode($userName);
$useraddress = html_entity_decode ($useraddress);
$usercity = html_entity_decode($usercity);
$userstate = html_entity_decode($userstate);
$userzipcode = html_entity_decode ($userzipcode);
$userphone = html_entity_decode($userphone);
$userEmail = html_entity_decode($userEmail);
$userSubject = html_entity_decode($userSubject);
$userMessage = html_entity_decode($userMessage);
$userCopyMe = html_entity_decode($userCopyMe);
$userEmailTo = html_entity_decode($userEmailTo);

}

}

//function to clear submitted values
function clear_values()
{
global $userName;
global $useraddress;
global $usercity;
global $userstate;
global $userzipcode;
global $userphone;
global $userEmail;
global $userSubject;
global $userMessage;
global $userCopyMe;
global $userEmailTo;
global $rememberdetails;

if ($rememberdetails != "true") {
$userName = "";
$useraddress = "";
$usercity = "";
$userstate = "";
$userzipcode = "";
$userphone = "";
$userEmail = "";
}
$userSubject = "";
$userMessage = "";
$userCopyMe = "";
$userEmailTo = "";
}

//function to display message
function display_messages()
{
global $message;
global $messagenoterror;

$y = "0";
if (!empty($message) && $messagenoterror != "1") {
echo "The following errors were encountered when trying to process your message:<br />";
}
while ($y < 10) {
if (!empty($message[$y])) {
if ($messagenoterror != "1") {
echo " - ";
}
echo $message[$y]."<br />";
}
$y++;
}
}

//----- End Functions -----\\

//----- Start Set Variables -----\\
$mail_subject = $_POST['userSubject'];
$submittime = $_SESSION['submittime'];
$currenttime = time();
$allowedtime = $currenttime - $delay;
$timeleft = $submittime - $allowedtime;
$p = "0";
get_values(1,1);
$EmailContent = "Name:\n".$userName."\n\n"."Address:\n".$useraddress."\n\n"."City:\n".$usercity."\n\n"."State:\n".userstate."\n\n"."Zipcode:\n".userzipcode."\n\n"."Phone Number:\n".userphone."\n\n"."Email:\n".$userEmail."\n\n"."Subject:\n".$userSubject."\n\n"."Message:\n".$userMessage."\n\n"."User Agent:\n".$_SERVER["HTTP_USER_AGENT"]."\n\n"."User IP:\n".$_SERVER["REMOTE_ADDR"];
//----- End Set Variables -----\\

//check if form submitted
if ($_POST){

//----- Start Error Checking -----\\

//check to see if fields already been checked
if ($_POST['previewdone'] != "1") {

//check if all fields filled in
if (!$_POST['userName'] ||!$POST['useraddress'] || !$_POST['userEmail'] || !$_POST['userSubject'] || !$_POST['userMessage']){
$message[$p] = "All required fields not filled in.";
$p++;
get_values(1,0);
$notcomplete = "1";
}

//check if email is in valid format
if(check_email($_POST['userEmail']) == "0" && $_POST['userEmail']){
$message[$p] = "Invalid e-mail address.";
$p++;
get_values(1,0);
}

//check if security code is correct
if($_POST['userSecurityCode'] != base64_decode($_POST['SecurityCode']) && $usesecuritycode == "true" && $notcomplete != "1"){
$message[$p] = "Wrong security code";
$p++;
get_values(1,0);
}

//check that x seconds has passed
if($submittime > $allowedtime && $usetimelimit == "true"){
$message[$p] = "You are trying to send messages too often, please try again after ".$timeleft." seconds";
$p++;
get_values(1,0);
}

}

//----- End Error Checking -----\\

//----- Start Set Cookies ------\\

if ($rememberdetails == "true") {
$cookietime = time()+60*60*24*$rememberdays;
//set cookie to remember userid for x days
setcookie("userName", $_POST['userName'], $cookietime, "/");
//set cookie to remember password for x days
setcookie("userEmail", $_POST['userEmail'], $cookietime, "/");
}

//----- End Set Cookies ------\\

//----- Start Final Check & Process Form ------\\

if ($preview == "true" && $_POST['previewdone'] == "1") {
$continue = "1";
} elseif ($preview == "true" && $_POST['previewdone'] != "1") {
$continue = "0";
} else {
$continue = "1";
}

//check to see whether there are any errors, if no then continue
if (empty($message) && $continue == "1" && empty($_POST['edit'])){

//check to see whether the user can pick the recipitent, if yes get recepitent chosen
if ($listofrecipients == "true") {
$explodedresult = explode(" >< ", $recipientslist[$_POST['userEmailTo']]);
$mail_to = $explodedresult[1];
}

//Check to see if mail sent correctly
get_values(1,0);
if(mail($mail_to,$mail_subject,$EmailContent,"From:".$userName." <".$userEmail.">")){

//check to see if user wants a copy of the message, if yes send them one
if ($_POST['userCopyMe'] == "1"){
mail($_POST['userEmail'],"Copy of sent message: ".$mail_subject,$EmailContent,"From:".$userName." <".$userEmail.">");
}

//check to see if user wants to store submissions
if ($store == "true") {
//connect to db
$connect = @mysql_connect($host,$user,$pass);
//select db
$selectdb = @mysql_select_db($dbname);
//get variables
get_values(1,1);
$userAgent = $_SERVER["HTTP_USER_AGENT"];
$userIP = $_SERVER["REMOTE_ADDR"];
$userTime = date($dateformat);
//insert data
$sql = "INSERT INTO `$tablename` (`ID`, `userName`, 'useraddress' .' usercity' , 'userstate' , 'userzipcode', 'userphone' ,`userEmail`, `userSubject`, `userMessage`, `userCopyMe`, `userEmailTo`, `userAgent`, `userIP`, `userTime`) VALUES ('', '$userName', '$useraddress' , '$usercity' , '$userstate' , '$userzipcode' , '$userphone' , '$userEmail', '$userSubject', '$userMessage', '$userCopyMe', '$userEmailTo', '$userAgent', '$userIP', '$userTime')";
$result = @mysql_query($sql);
}

//tell user message sent successfully
$message[0] = "Thank you, your message has been sent.";
$messagenoterror = "1";

//clear form values
clear_values();

//store submit time for use with time limit feature
$_SESSION['submittime'] = time();

//check to see if user should be redirected
if ($redirectonsuccess == "true") {
?>
<script type="text/javascript">

</script>
<?php
}

//if error provide link
}else{
//provide link to user to send using their default email
$message[0] = "There was an error. Please click <a href=\"mailto:".$mail_to."?subject=".$_POST['userSubject']."&body=".$_POST['userMessage']."\">here</a> to send your message via your default e-mail program.";
$messagenoterror = "1";
get_values(1,0);
}

$formsent = "1";

}

} else {

if ($rememberdetails == "true") {
$userName = $_COOKIE['userName'];
$useraddress = $_COOKIE ['useraddress'];
$usercity = $_COOKIE ['usercity'];
$userstate = $_COOKIE ['userstate'];
$userzipcode = $_COOKIE['userzipcode'];
$userphone = $_COOKIE ['userphone'];
$userEmail = $_COOKIE['userEmail'];
}

}

//----- End Final Check & Process Form ------\\
?>



<?php
if ($preview == "true" && $_POST['previewfirst'] == "1" && $formsent != "1" && empty($message) && empty($_POST['edit'])) {
get_values(1,0);
?>



<form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">


Name
<br />
<?php echo $userName; ?><input type="hidden" name="userName" value="<?php echo $userName; ?>" />
<br /><br />



E-mail
<br />
<?php echo $userEmail; ?><input type="hidden" name="userEmail" value="<?php echo $userEmail; ?>" />
<br /><br />



<?php if ($listofrecipients == "true") { ?>
Recipient
<br />
<?php
$i = "0";
while ($i < count($recipientslist)){
$explodedrecipient = explode(" >< ", $recipientslist[$i]);
?>
<?php if ($userEmailTo == $i) { echo $explodedrecipient[0]; $n = $i; } ?>
<?php $i++; }?>
<input type="hidden" name="userEmailTo" value="<?php echo $n; ?>" />
<br /><br />
<?php } ?>



Subject
<br />
<?php if ($listofsubjects == "false") { ?>
<?php echo $userSubject; ?>
<?php } else { ?>
<?php
$i = "0";
while ($i < count($subjects)){
?>
<?php if ($userSubject == $subjects[$i]) { echo $subjects[$i]; } ?>
<?php $i++; }?>
<?php } ?>
<input type="hidden" name="userSubject" value="<?php echo $userSubject; ?>" />
<br /><br />



Description of your Multi Media Needs
<br />
<?php echo nl2br($userMessage); ?><input type="hidden" name="userMessage" value="<?php echo $userMessage; ?>" />
<br /><br />



<?php if ($copyme == "true") { ?>
Send me a copy of the message?
<br />
<?php if ($userCopyMe == "1") { echo "Yes"; } else { echo "No"; }?>
<input type="hidden" name="userCopyMe" value="<?php echo $userCopyMe; ?>" />
<br /><br />
<?php } ?>



<input type="submit" name="edit" value="Edit" /> <input type="submit" name="submit" value="Send" />



<input type="hidden" name="previewdone" value="1" />


</form>



<br /><br />
<?php
} else {
?>

<?php
//display any messages
display_messages();
?>

<form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">


Name
<br />
<input type="text" name="userName" value="<?php echo $userName; ?>" />
<br /><br />



E-mail
<br />
<input type="text" name="userEmail" value="<?php echo $userEmail; ?>" />
<br /><br />



<?php if ($listofrecipients == "true") { ?>
Recipient
<br />
<select name="userEmailTo">
<?php
$i = "0";
while ($i < count($recipientslist)){
$explodedrecipient = explode(" >< ", $recipientslist[$i]);
?>
<option value="<?php echo $i; ?>" <?php if ($userEmailTo == $i) { echo "selected=\"selected\""; }?>><?php echo $explodedrecipient[0]; ?></option>
<?php $i++; }?>
</select>
<br /><br />
<?php } ?>



Subject
<br />
<?php if ($listofsubjects == "false") { ?>
<input type="text" name="userSubject" value="<?php echo $userSubject; ?>" />
<?php } else { ?>
<select name="userSubject">
<?php
$i = "0";
while ($i < count($subjects)){
?>
<option value="<?php echo $subjects[$i]; ?>" <?php if ($userSubject == $subjects[$i]) { echo "selected=\"selected\""; }?>><?php echo $subjects[$i]; ?></option>
<?php $i++; }?>
</select>
<?php } ?>
<br /><br />



Description of your Multi Media needs
<br />
<textarea name="userMessage" rows="6" cols="40"><?php echo $userMessage; ?></textarea>
<br /><br />



<?php
//check to see if security code feature is on
if ($usesecuritycode == "true") {
$randcode = mt_rand(100000, 999999);
$randcodesec = base64_encode($randcode);
?>
Type the code you see on the image below
<br />
<input type="text" name="userSecurityCode" /><input type="hidden" name="SecurityCode" value="<?php echo $randcodesec; ?>" />
<br /><br />
<img src="gd.php?randcode=<?php echo $randcodesec; ?>" alt="Security Code" />
<br /><br />
<?php } ?>



<?php if ($copyme == "true") { ?>
Check the box if you wish to be sent a copy of this message
<br />
<input type="checkbox" name="userCopyMe" value="1" <?php if ($userCopyMe == "1") { echo "checked=\"checked\""; }?> />
<br /><br />
<?php } ?>



<input type="submit" name="submit" value="<?php if ($preview == "true") { echo "Preview Before Send"; } else { echo "Send"; } ?>" />



<?php if ($preview == "true") {?>
<input type="hidden" name="previewfirst" value="1" />
<?php } ?>


</form>
<br /><br />

<?php
}
ob_end_flush();
?>

pixy · July 29, 2006

You're going to want to take out your password and just so you know, using buffers is not the way to go. There is a limit to how much data can be stored in them, and if your page is too big you will encounter errors.

I'll edit this post after I go through the script.

leemer · July 30, 2006

oooops oin my part thanks for the info .. well i am a noobie to php and i know what i have in mind just not sure how to get there. if this script cant be used how could i build a script that would work for my needs with security random letters/digits and also all the fields i need with error checking as well like wrong email or cant leave blank etc..

pixy · July 30, 2006

For error checking you can do something like this:

<?php
if (isset($_POST['submitted'])) {
$errors = array();
if (empty($_POST['value'])) {
$errors[] = 'You left value blank!';
}
else {
$value = $_POST['value'];
}
if (empty($errors)) { // No errors occured
// Do the query and such
}
else {
foreach ($errors as $msg) {
echo '<li> '.$msg.'</li>';
}
}
}
else {
// Show the forum
}
?>

Then in your form just make a hidden input named "submitted" and the value TRUE. It's pretty simple.

You'll need to use a regular expression to check for a valid email address. We've got a forum here just for regular expressions you should check out!

EDIT:
Oh, and it's not that your script wont work, it just seems ridiculously long for something that SHOULD be simple. What exactly are you trying to accomplish?

+ Instead of doing a random code, you could just use regular random words--they're easier for the end user to type in and just as secure IMO.

leemer · July 30, 2006

and thanks for the quick reply .. Just wanting to have a form to user to fill out lwith name,address,city,state,zipcode,and message area with a random code or letters to help prevent abuse. and another thing is i do not know how to do a drop down box with all the states in it abbervated like MS etc etc...

pixy · July 30, 2006

Here's something really quick ($dbc is the variable of your connection to a database):

[code]
<?php

// This is a function to prevent MYSQL injection
function escape_data ($data) {
global $dbc; // Need the connection.
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
}

if (isset($_POST['submitted'])) {
$errors = array();
if (empty($_POST['name'])) {
$errors[] = 'You did not enter a name!';
}
else {
$name = escape_data($_POST['name']);
}
if (empty($errors)) {
$query = "INSERT INTO tablename (name, address, city, state, zipcode, message) VALUES ('$name', '$address', '$city', '$state', '$zipcode', '$message')";
$result = mysql_query($query) or die(mysql_error());
if ($result) {
echo 'Thankyou '.escape_data($name).' for filling out the form!';
}
else {
echo mysql_error();
}
}
else {
foreach ($errors as $msg) {
echo '<li> '.$msg.'</li>';
}
}
}
else {
// Show the form
echo '<form action="thisfile.php" method="post">
<b>Name:</b> <input type="text" name="name" size="30">
<input type="submit" name="submit" value="Submit">
<input type="hidden" name="Submitted" value="TRUE"></form>';
}

?>
[/code]

I don't have time to put in all the name, address, etc. but you can just copy and paste the part I did for name. Also, you should add something for your zipcodes making sure they're numbers like so:

[code]<?php

if (!is_numeric($_POST['zipcode'])) {
$errors[] = 'Invalid zipcode';
}

?>[/code]

As for making a drop down, you're going to be writing quite a bit, but this is the basic syntax:

[code]
<select name="state">
<option value="AL">Alabama</option>
<option value="AK">Alaska</option>
<option value="AZ">Arizona</option>
<option value="AR">Arkansas</option>
</select>[/code]

Just keep going with all the states! Quite tedious, yes, but that's the way it is. :)

I'm getting offline to eat dinner, but let me know if you need help and I'll answer when I can. Good luck with the script!

leemer · July 30, 2006

Thanks for the help

Sign In

can someone check this script ?

Recommended Posts

leemer

Link to comment

Share on other sites

pixy

Link to comment

Share on other sites

leemer

Link to comment

Share on other sites

pixy

Link to comment

Share on other sites

leemer

Link to comment

Share on other sites

pixy

Link to comment

Share on other sites

leemer

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information