Jump to content


Photo

can someone check this script ?


  • Please log in to reply
6 replies to this topic

#1 leemer

leemer
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 29 July 2006 - 11:17 PM

Can someone look over this script and tell me why in this form mailer that the address,city,state,zipcode, and phone number does not show up? and i recieve no errors as well.
but, everything else seems to work just fine like the name,email and random numbers.




<?php


//----- Start Config -----\\

//enter the path to sendmail
$mail_path = "/usr/sbin/sendmail";

//Recipient should be selected from a list, true or false
$listofrecipients = "false";

//sub variable (only edit if above value is set to false)
//enter the email address you wish emails to be sent to
$mail_to = "email is added here";

//sub variable (only edit if above value is set to true)
//define list of recipients the user can chose from. Name & Email address should be seperated by ><
$recipientslist = array("Name 1 >< name1@yourdomain.com", "Name 2 >< name2@yourdomain.com", "Name 3 >< name3@yourdomain.com");


//Subject should be selected from a list, true or false
$listofsubjects = "true";

//sub variable (only edit if above value is set to true)
//define list of subjects the user can chose from
$subjects = array("Ordering", "Free Price Quote","Questions","Website Help", "Other");

//use security code feature, true or false
$usesecuritycode = "true";

//use time limit feature, true or false
$usetimelimit = "true";

//sub variable (only edit if above value is set to true)
//set time delay if using time limit feature
$delay = "60";

//redirect to another page after successful submission, true or false
$redirectonsuccess = "true";

//sub variable (only edit if above value is set to true)
//set address of page to redirect to after successful submission, can be relative
$redirecturl = "webpage on server";

//allow user to get a copy of the message sent to them, true or false
$copyme = "true";

//store submissions in a database, true or false
$store = "true";

//sub variables (only edit if above value is set to true
//MySQL Host
$host = "localhost";
//MySQL User
$user = "username";
//MySQL Pass
$pass = "password";
//MySQL Database Name
$dbname = "databasename";
//Table Name
$tablename = "ContactFormLog";
//Date Format, see http://www.php.net/date
$dateformat = "d/m/Y H:i:s";

//user has to preview before can submit, true or false
$preview = "true";

//remember user's name and e-mail, true or false
$rememberdetails = "true";

//sub variables (only edit if above value is set to true
//Days to remember details for
$rememberdays = "7";

//----- End Config -----\\

//----- Start Set PHP Variables -----\\
ini_set("sendmail_path", $mail_path);
ini_set("magic_quotes_gpc", 1);
//----- End Set PHP Variables -----\\

//----- Start Functions -----\\

//function to check email format
function check_email($str)
{
if(ereg("^.+@.+\\..+$", $str))
return 1;
else
return 0;
}

//function to get submitted values
function get_values($slashes,$decode)
{
global $userName;
        global $useraddress;
        global $usercity;
        global $userstate;
        global $userzipcode;
        global $userphone;
global $userEmail;
global $userSubject;
global $userMessage;
global $userCopyMe;
global $userEmailTo;
global $rememberdetails;
       

$userName = htmlentities(strip_tags($_POST['userName']));
        $useraddress = htmlentities(strip_tags($_POST['useraddress']));
        $usercity = htmlentities(strip_tags($_POST['usercity']));
        $userstate = htmlentities(strip_tags($_POST['userstate']));
        $userzipcode = htmlentities(strip_tags($_POST['userzipcode']));
        $userphone = htmlentities(strip_tags($_POST['userphone']));
$userEmail = htmlentities(strip_tags($_POST['userEmail']));
$userSubject = htmlentities(strip_tags($_POST['userSubject']));
$userMessage = htmlentities(strip_tags($_POST['userMessage']));
$userCopyMe = htmlentities(strip_tags($_POST['userCopyMe']));
$userEmailTo = htmlentities(strip_tags($_POST['userEmailTo']));

if ($slashes == "1") {

$userName = stripslashes($userName);
                $useraddress = stripslashes($useraddress);
                $usercity = stripslashes($usercity);
                $userstate = stripslashes($userstate);
                $userzipcode = stripslashes($userzipcode);
                $userphone = stripslashes($userphone);
$userEmail = stripslashes($userEmail);
$userSubject = stripslashes($userSubject);
$userMessage = stripslashes($userMessage);
$userCopyMe = stripslashes($userCopyMe);
$userEmailTo = stripslashes($userEmailTo);

}

if ($decode == "1") {

$userName = html_entity_decode($userName);
                $useraddress = html_entity_decode ($useraddress);
                $usercity = html_entity_decode($usercity);
                $userstate = html_entity_decode($userstate);
                $userzipcode = html_entity_decode ($userzipcode);
                $userphone = html_entity_decode($userphone);
$userEmail = html_entity_decode($userEmail);
$userSubject = html_entity_decode($userSubject);
$userMessage = html_entity_decode($userMessage);
$userCopyMe = html_entity_decode($userCopyMe);
$userEmailTo = html_entity_decode($userEmailTo);

}

}

//function to clear submitted values
function clear_values()
{
global $userName;
        global $useraddress;
        global $usercity;
        global $userstate;
        global $userzipcode;
        global $userphone;
global $userEmail;
global $userSubject;
global $userMessage;
global $userCopyMe;
global $userEmailTo;
global $rememberdetails;

if ($rememberdetails != "true") {
$userName = "";
                $useraddress = "";
                $usercity = "";
                $userstate = "";
                $userzipcode = "";
                $userphone = "";
$userEmail = "";
                }
$userSubject = "";
$userMessage = "";
$userCopyMe = "";
$userEmailTo = "";
}

//function to display message
function display_messages()
{
global $message;
global $messagenoterror;

$y = "0";
if (!empty($message) && $messagenoterror != "1") {
echo "The following errors were encountered when trying to process your message:<br />";
}
while ($y < 10) {
if (!empty($message[$y])) {
if ($messagenoterror != "1") {
echo " - ";
}
echo $message[$y]."<br />";
}
$y++;
}
}

//----- End Functions -----\\

//----- Start Set Variables -----\\
$mail_subject = $_POST['userSubject'];
$submittime = $_SESSION['submittime'];
$currenttime = time();
$allowedtime = $currenttime - $delay;
$timeleft = $submittime - $allowedtime;
$p = "0";
get_values(1,1);
$EmailContent = "Name:\n".$userName."\n\n"."Address:\n".$useraddress."\n\n"."City:\n".$usercity."\n\n"."State:\n".userstate."\n\n"."Zipcode:\n".userzipcode."\n\n"."Phone Number:\n".userphone."\n\n"."Email:\n".$userEmail."\n\n"."Subject:\n".$userSubject."\n\n"."Message:\n".$userMessage."\n\n"."User Agent:\n".$_SERVER["HTTP_USER_AGENT"]."\n\n"."User IP:\n".$_SERVER["REMOTE_ADDR"];
//----- End Set Variables -----\\

//check if form submitted
if ($_POST){

//----- Start Error Checking -----\\

//check to see if fields already been checked
if ($_POST['previewdone'] != "1") {

//check if all fields filled in
if (!$_POST['userName'] ||!$POST['useraddress'] || !$_POST['userEmail'] || !$_POST['userSubject'] || !$_POST['userMessage']){
$message[$p] = "All required fields not filled in.";
$p++;
get_values(1,0);
$notcomplete = "1";
}

//check if email is in valid format
if(check_email($_POST['userEmail']) == "0" && $_POST['userEmail']){
$message[$p] = "Invalid e-mail address.";
$p++;
get_values(1,0);
}

//check if security code is correct
if($_POST['userSecurityCode'] != base64_decode($_POST['SecurityCode']) && $usesecuritycode == "true" && $notcomplete != "1"){
$message[$p] = "Wrong security code";
$p++;
get_values(1,0);
}

//check that x seconds has passed
if($submittime > $allowedtime && $usetimelimit == "true"){
$message[$p] = "You are trying to send messages too often, please try again after ".$timeleft." seconds";
$p++;
get_values(1,0);
}

}

//----- End Error Checking -----\\

//----- Start Set Cookies ------\\

if ($rememberdetails == "true") {
$cookietime = time()+60*60*24*$rememberdays;
//set cookie to remember userid for x days
setcookie("userName", $_POST['userName'], $cookietime, "/");
//set cookie to remember password for x days
setcookie("userEmail", $_POST['userEmail'], $cookietime, "/");
}

//----- End Set Cookies ------\\

//----- Start Final Check & Process Form ------\\

if ($preview == "true" && $_POST['previewdone'] == "1") {
$continue = "1";
} elseif ($preview == "true" && $_POST['previewdone'] != "1") {
$continue = "0";
} else {
$continue = "1";
}

//check to see whether there are any errors, if no then continue
if (empty($message) && $continue == "1" && empty($_POST['edit'])){

//check to see whether the user can pick the recipitent, if yes get recepitent chosen
if ($listofrecipients == "true") {
$explodedresult = explode(" >< ", $recipientslist[$_POST['userEmailTo']]);
$mail_to = $explodedresult[1];
}

//Check to see if mail sent correctly
get_values(1,0);
if(mail($mail_to,$mail_subject,$EmailContent,"From:".$userName." <".$userEmail.">")){

//check to see if user wants a copy of the message, if yes send them one
if ($_POST['userCopyMe'] == "1"){
mail($_POST['userEmail'],"Copy of sent message: ".$mail_subject,$EmailContent,"From:".$userName." <".$userEmail.">");
}

//check to see if user wants to store submissions
if ($store == "true") {
//connect to db
$connect = @mysql_connect($host,$user,$pass);
//select db
$selectdb = @mysql_select_db($dbname);
//get variables
get_values(1,1);
$userAgent = $_SERVER["HTTP_USER_AGENT"];
$userIP = $_SERVER["REMOTE_ADDR"];
$userTime = date($dateformat);
//insert data
$sql = "INSERT INTO `$tablename` (`ID`, `userName`, 'useraddress' .' usercity' , 'userstate' , 'userzipcode', 'userphone' ,`userEmail`, `userSubject`, `userMessage`, `userCopyMe`, `userEmailTo`, `userAgent`, `userIP`, `userTime`) VALUES ('', '$userName', '$useraddress' , '$usercity' , '$userstate' , '$userzipcode' , '$userphone' , '$userEmail', '$userSubject', '$userMessage', '$userCopyMe', '$userEmailTo', '$userAgent', '$userIP', '$userTime')";
$result = @mysql_query($sql);
}

//tell user message sent successfully
$message[0] = "Thank you, your message has been sent.";
$messagenoterror = "1";

//clear form values
clear_values();

//store submit time for use with time limit feature
$_SESSION['submittime'] = time();

//check to see if user should be redirected
if ($redirectonsuccess == "true") {
?>
<script type="text/javascript">
<!--
window.location.href = "<?php echo $redirecturl; ?>";
-->
</script>
<?php
}

//if error provide link
}else{
//provide link to user to send using their default email
$message[0] = "There was an error.  Please click <a href=\"mailto:".$mail_to."?subject=".$_POST['userSubject']."&amp;body=".$_POST['userMessage']."\">here</a> to send your message via your default e-mail program.";
$messagenoterror = "1";
get_values(1,0);
}

$formsent = "1";

}

} else {

if ($rememberdetails == "true") {
$userName = $_COOKIE['userName'];
                $useraddress = $_COOKIE ['useraddress'];
                $usercity = $_COOKIE ['usercity'];
                $userstate = $_COOKIE ['userstate'];
                $userzipcode = $_COOKIE['userzipcode'];
                $userphone = $_COOKIE ['userphone'];
$userEmail = $_COOKIE['userEmail'];
}

}

//----- End Final Check & Process Form ------\\
?>

<!-- Start Output -->

<?php
if ($preview == "true" && $_POST['previewfirst'] == "1" && $formsent != "1" && empty($message) && empty($_POST['edit'])) {
get_values(1,0);
?>

<!-- Start Preview -->

<form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">

<!-- Start Name Field-->
Name
<br />
<?php echo $userName; ?><input type="hidden" name="userName" value="<?php echo $userName; ?>" />
<br /><br />
<!-- End Name Field-->

                <!--- Start Address Field--!>
                      Address
                       <br />
                        <?php echo $useraddress; ?><input type="hidden" name="useraddress" value="<?php echo $useraddress; ?>" />
                          <br /> <br />
                 <!--End of Address Field--!>

                  <!--Start of City Field--!>
                        City
                        <br />
                        <?php echo $usercity; ?><input type "hidden" name="usercity" value="<?php echo $usercity; ?>" />
                         <br /> <br />
                  <!--End of City Field--!>

                   <!--Start of State Field--!>
                   State
                        <br />
                         <?php echo $userstate; ?><input type ="hidden" name="userstate" value="<?php echo $userstate; ?>" />
                          <br /> <br />
    <!--End of State Field--!>

                     <!--Start of Zipcode Field--!>
                      Zipcode
                          <br />
                          <?php echo $userzipcode; ?><input type = "hidden" name="userzipcode" value ="<?php echo $userzipcode; ?>" />
                           <br /> <br />
                      <!--End of Zipcode Field--!>

                    <!--Start of Phone Field--!>
                        Phone
                        <br />
                        <?php echo $userphone; ?><input type="hidden" name="userphone" value="<?php echo $userphone; ?>" />
                         <br /> <br />
                     <!--End of Phone Field--!>

                     <!-- Start E-mail Field-->
E-mail
<br />
<?php echo $userEmail; ?><input type="hidden" name="userEmail" value="<?php echo $userEmail; ?>" />
<br /><br />
<!-- End E-mail Field-->

<!-- Start Recipient Field-->
<?php if ($listofrecipients == "true") { ?>
Recipient
<br />
<?php
$i = "0";
while ($i < count($recipientslist)){
$explodedrecipient = explode(" >< ", $recipientslist[$i]);
?>
<?php if ($userEmailTo == $i) { echo $explodedrecipient[0]; $n = $i; } ?>
<?php $i++; }?>
<input type="hidden" name="userEmailTo" value="<?php echo $n; ?>" />
<br /><br />
<?php } ?>
<!-- End Recipient Field-->

<!-- Start Subject Field-->
Subject
<br />
<?php if ($listofsubjects == "false") { ?>
<?php echo $userSubject; ?>
<?php } else { ?>
<?php
$i = "0";
while ($i < count($subjects)){
?>
<?php if ($userSubject == $subjects[$i]) {  echo $subjects[$i]; } ?>
<?php $i++; }?>
<?php } ?>
<input type="hidden" name="userSubject" value="<?php echo $userSubject; ?>" />
<br /><br />
<!-- End Subject Field-->

<!-- Start Message Field-->
Description of your Multi Media Needs
<br />
<?php echo nl2br($userMessage); ?><input type="hidden" name="userMessage" value="<?php echo $userMessage; ?>" />
<br /><br />
<!-- End Message Field-->


<!-- Start Copy Me Field-->
<?php if ($copyme == "true") { ?>
Send me a copy of the message?
<br />
<?php if ($userCopyMe == "1") { echo "Yes"; } else { echo "No"; }?>
<input type="hidden" name="userCopyMe" value="<?php echo $userCopyMe; ?>" />
<br /><br />
<?php } ?>
<!-- End Copy Me Field-->

<!-- Start Submit Button-->
<input type="submit" name="edit" value="Edit" /> <input type="submit" name="submit" value="Send" />
<!-- End Submit Button-->

<!-- Start Preview Done Field -->
<input type="hidden" name="previewdone" value="1" />
<!-- End Preview Done Field -->

</form>

<!----- End Preview ----->

<br /><br />
<?php
} else {
?>

<?php
//display any messages
display_messages();
?>

<form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">

<!-- Start Name Field-->
Name
<br />
<input type="text" name="userName" value="<?php echo $userName; ?>" />
<br /><br />
<!-- End Name Field-->

                <!--- Start Address Field--!>
                      Address
                       <br />
                        <input type="text" name="useraddress" value="<?php echo $useraddress; ?>" />
                          <br /> <br />
                 <!--End of Address Field--!>

                  <!--Start of City Field--!>
                        City
                        <br />
                        <input type "text" name="usercity" value="<?php echo $usercity; ?>" />
                         <br /> <br />
                  <!--End of City Field--!>

                   <!--Start of State Field--!>
                   State
                        <br />
                         <input type ="text" name="userstate" value="<?php echo $userstate; ?>" />
                          <br /> <br />
    <!--End of State Field--!>
                 
                     <!--Start of Zipcode Field--!>
                       Zipcode
                       <br />
                          <input type ="text" name= "userzipcode" value"<?php echo $userzipcode;?>" />
                           <br /> <br />

                       <!--End of Zipcode Field--!>

                    <!--Start of Phone Field--!>
                        Phone
                        <br />
                        <input type="text" name="userphone" value="<?php echo $userphone; ?>" />
                         <br /> <br />
                     <!--End of Phone Field--!>

<!-- Start E-mail Field-->
E-mail
<br />
<input type="text" name="userEmail" value="<?php echo $userEmail; ?>" />
<br /><br />
<!-- End E-mail Field-->

<!-- Start Recipient Field-->
<?php if ($listofrecipients == "true") { ?>
Recipient
<br />
<select name="userEmailTo">
<?php
$i = "0";
while ($i < count($recipientslist)){
$explodedrecipient = explode(" >< ", $recipientslist[$i]);
?>
<option value="<?php echo $i; ?>" <?php if ($userEmailTo == $i) { echo "selected=\"selected\""; }?>><?php echo $explodedrecipient[0]; ?></option>
<?php $i++; }?>
</select>
<br /><br />
<?php } ?>
<!-- End Recipient Field-->

<!-- Start Subject Field-->
Subject
<br />
<?php if ($listofsubjects == "false") { ?>
<input type="text" name="userSubject" value="<?php echo $userSubject; ?>" />
<?php } else { ?>
<select name="userSubject">
<?php
$i = "0";
while ($i < count($subjects)){
?>
<option value="<?php echo $subjects[$i]; ?>" <?php if ($userSubject == $subjects[$i]) { echo "selected=\"selected\""; }?>><?php echo $subjects[$i]; ?></option>
<?php $i++; }?>
</select>
<?php } ?>
<br /><br />
<!-- End Subject Field-->

<!-- Start Message Field-->
Description of your Multi Media needs
<br />
<textarea name="userMessage" rows="6" cols="40"><?php echo $userMessage; ?></textarea>
<br /><br />
<!-- End Message Field-->

<!-- Start Security Code Field-->
<?php
//check to see if security code feature is on
if ($usesecuritycode == "true") {
$randcode = mt_rand(100000, 999999);
$randcodesec = base64_encode($randcode);
?>
Type the code you see on the image below
<br />
<input type="text" name="userSecurityCode" /><input type="hidden" name="SecurityCode" value="<?php echo $randcodesec; ?>" />
<br /><br />
<img src="gd.php?randcode=<?php echo $randcodesec; ?>" alt="Security Code" />
<br /><br />
<?php } ?>
<!-- End Security Code Field-->

<!-- Start Copy Me Field-->
<?php if ($copyme == "true") { ?>
Check the box if you wish to be sent a copy of this message
<br />
<input type="checkbox" name="userCopyMe" value="1" <?php if ($userCopyMe == "1") { echo "checked=\"checked\""; }?> />
<br /><br />
<?php } ?>
<!-- End Copy Me Field-->

<!-- Start Submit Button-->
<input type="submit" name="submit" value="<?php if ($preview == "true") { echo "Preview Before Send"; } else { echo "Send"; } ?>" />
<!-- End Submit Button-->

<!-- Start Preview First Field -->
<?php if ($preview == "true") {?>
<input type="hidden" name="previewfirst" value="1" />
<?php } ?>
<!-- End Preview First Field -->

</form>
<br /><br />

<?php
}
ob_end_flush();
?>



<!-- End Output -->

#2 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 29 July 2006 - 11:38 PM

You're going to want to take out your password and just so you know, using buffers is not the way to go. There is a limit to how much data can be stored in them, and if your page is too big you will encounter errors.

I'll edit this post after I go through the script.

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#3 leemer

leemer
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 30 July 2006 - 01:42 AM

oooops oin my part thanks for the info .. well i am a noobie to php and i know what i have in mind just not sure how to get there. if this script cant be used how could i build a script that would work for my needs with security random letters/digits and also all the fields i need with error checking as well like wrong email or cant leave blank etc..

#4 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 30 July 2006 - 01:48 AM

For error checking you can do something like this:

<?php
if (isset($_POST['submitted'])) {
  $errors = array();
  if (empty($_POST['value'])) {
    $errors[] = 'You left value blank!';
  }
  else {
    $value = $_POST['value'];
  }
  if (empty($errors)) { // No errors occured
    // Do the query and such
  }
  else {
    foreach ($errors as $msg) {
      echo '<li> '.$msg.'</li>';
    }
  }
}
else {
    // Show the forum
}
?>

Then in your form just make a hidden input named "submitted" and the value TRUE. It's pretty simple.

You'll need to use a regular expression to check for a valid email address. We've got a forum here just for regular expressions you should check out!

EDIT:
Oh, and it's not that your script wont work, it just seems ridiculously long for something that SHOULD be simple. What exactly are you trying to accomplish?

+ Instead of doing a random code, you could just use regular random words--they're easier for the end user to type in and just as secure IMO.

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#5 leemer

leemer
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 30 July 2006 - 02:02 AM

and thanks for the quick reply .. Just wanting to have a form to user to fill out lwith name,address,city,state,zipcode,and message area with a random code or letters to help prevent abuse. and another thing is i do not know how to do a drop down box with all the states in it abbervated like MS etc etc...

#6 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 30 July 2006 - 02:27 AM

Here's something really quick ($dbc is the variable of your connection to a database):

<?php

// This is a function to prevent MYSQL injection
function escape_data ($data) { 
  global $dbc; // Need the connection. 
  if (ini_get('magic_quotes_gpc')) { 
    $data = stripslashes($data); 
 } 
 return mysql_real_escape_string($data, $dbc); 
}

if (isset($_POST['submitted'])) {
  $errors = array();
  if (empty($_POST['name'])) {
    $errors[] = 'You did not enter a name!';
  }
  else {
    $name = escape_data($_POST['name']);
  }
  if (empty($errors)) {
    $query = "INSERT INTO tablename (name, address, city, state, zipcode, message) VALUES ('$name', '$address', '$city', '$state', '$zipcode', '$message')";
    $result = mysql_query($query) or die(mysql_error());
    if ($result) {
      echo 'Thankyou '.escape_data($name).' for filling out the form!';
    }
    else {
        echo mysql_error();
    }
  }
  else {
    foreach ($errors as $msg) {
      echo '<li> '.$msg.'</li>';
    }
  }
}
else {
   // Show the form
   echo '<form action="thisfile.php" method="post">
   <b>Name:</b> <input type="text" name="name" size="30">
   <input type="submit" name="submit" value="Submit">
  <input type="hidden" name="Submitted" value="TRUE"></form>';
}

?>

I don't have time to put in all the name, address, etc. but you can just copy and paste the part I did for name. Also, you should add something for your zipcodes making sure they're numbers like so:

<?php

if (!is_numeric($_POST['zipcode'])) {
  $errors[] = 'Invalid zipcode';
}

?>

As for making a drop down, you're going to be writing quite a bit, but this is the basic syntax:

<select name="state">
  <option value="AL">Alabama</option>
  <option value="AK">Alaska</option>
  <option value="AZ">Arizona</option>
  <option value="AR">Arkansas</option>
</select>

Just keep going with all the states! Quite tedious, yes, but that's the way it is. :)

I'm getting offline to eat dinner, but let me know if you need help and I'll answer when I can. Good luck with the script!

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#7 leemer

leemer
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 30 July 2006 - 03:51 PM

Thanks for the help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users