Jump to content

Archived

This topic is now archived and is closed to further replies.

leemer

can someone check this script ?

Recommended Posts

Can someone look over this script and tell me why in this form mailer that the address,city,state,zipcode, and phone number does not show up? and i recieve no errors as well.
but, everything else seems to work just fine like the name,email and random numbers.




<?php


//----- Start Config -----\\

//enter the path to sendmail
$mail_path = "/usr/sbin/sendmail";

//Recipient should be selected from a list, true or false
$listofrecipients = "false";

//sub variable (only edit if above value is set to false)
//enter the email address you wish emails to be sent to
$mail_to = "email is added here";

//sub variable (only edit if above value is set to true)
//define list of recipients the user can chose from. Name & Email address should be seperated by ><
$recipientslist = array("Name 1 >< name1@yourdomain.com", "Name 2 >< name2@yourdomain.com", "Name 3 >< name3@yourdomain.com");


//Subject should be selected from a list, true or false
$listofsubjects = "true";

//sub variable (only edit if above value is set to true)
//define list of subjects the user can chose from
$subjects = array("Ordering", "Free Price Quote","Questions","Website Help", "Other");

//use security code feature, true or false
$usesecuritycode = "true";

//use time limit feature, true or false
$usetimelimit = "true";

//sub variable (only edit if above value is set to true)
//set time delay if using time limit feature
$delay = "60";

//redirect to another page after successful submission, true or false
$redirectonsuccess = "true";

//sub variable (only edit if above value is set to true)
//set address of page to redirect to after successful submission, can be relative
$redirecturl = "webpage on server";

//allow user to get a copy of the message sent to them, true or false
$copyme = "true";

//store submissions in a database, true or false
$store = "true";

//sub variables (only edit if above value is set to true
//MySQL Host
$host = "localhost";
//MySQL User
$user = "username";
//MySQL Pass
$pass = "password";
//MySQL Database Name
$dbname = "databasename";
//Table Name
$tablename = "ContactFormLog";
//Date Format, see http://www.php.net/date
$dateformat = "d/m/Y H:i:s";

//user has to preview before can submit, true or false
$preview = "true";

//remember user's name and e-mail, true or false
$rememberdetails = "true";

//sub variables (only edit if above value is set to true
//Days to remember details for
$rememberdays = "7";

//----- End Config -----\\

//----- Start Set PHP Variables -----\\
ini_set("sendmail_path", $mail_path);
ini_set("magic_quotes_gpc", 1);
//----- End Set PHP Variables -----\\

//----- Start Functions -----\\

//function to check email format
function check_email($str)
{
if(ereg("^.+@.+\\..+$", $str))
return 1;
else
return 0;
}

//function to get submitted values
function get_values($slashes,$decode)
{
global $userName;
        global $useraddress;
        global $usercity;
        global $userstate;
        global $userzipcode;
        global $userphone;
global $userEmail;
global $userSubject;
global $userMessage;
global $userCopyMe;
global $userEmailTo;
global $rememberdetails;
       

$userName = htmlentities(strip_tags($_POST['userName']));
        $useraddress = htmlentities(strip_tags($_POST['useraddress']));
        $usercity = htmlentities(strip_tags($_POST['usercity']));
        $userstate = htmlentities(strip_tags($_POST['userstate']));
        $userzipcode = htmlentities(strip_tags($_POST['userzipcode']));
        $userphone = htmlentities(strip_tags($_POST['userphone']));
$userEmail = htmlentities(strip_tags($_POST['userEmail']));
$userSubject = htmlentities(strip_tags($_POST['userSubject']));
$userMessage = htmlentities(strip_tags($_POST['userMessage']));
$userCopyMe = htmlentities(strip_tags($_POST['userCopyMe']));
$userEmailTo = htmlentities(strip_tags($_POST['userEmailTo']));

if ($slashes == "1") {

$userName = stripslashes($userName);
                $useraddress = stripslashes($useraddress);
                $usercity = stripslashes($usercity);
                $userstate = stripslashes($userstate);
                $userzipcode = stripslashes($userzipcode);
                $userphone = stripslashes($userphone);
$userEmail = stripslashes($userEmail);
$userSubject = stripslashes($userSubject);
$userMessage = stripslashes($userMessage);
$userCopyMe = stripslashes($userCopyMe);
$userEmailTo = stripslashes($userEmailTo);

}

if ($decode == "1") {

$userName = html_entity_decode($userName);
                $useraddress = html_entity_decode ($useraddress);
                $usercity = html_entity_decode($usercity);
                $userstate = html_entity_decode($userstate);
                $userzipcode = html_entity_decode ($userzipcode);
                $userphone = html_entity_decode($userphone);
$userEmail = html_entity_decode($userEmail);
$userSubject = html_entity_decode($userSubject);
$userMessage = html_entity_decode($userMessage);
$userCopyMe = html_entity_decode($userCopyMe);
$userEmailTo = html_entity_decode($userEmailTo);

}

}

//function to clear submitted values
function clear_values()
{
global $userName;
        global $useraddress;
        global $usercity;
        global $userstate;
        global $userzipcode;
        global $userphone;
global $userEmail;
global $userSubject;
global $userMessage;
global $userCopyMe;
global $userEmailTo;
global $rememberdetails;

if ($rememberdetails != "true") {
$userName = "";
                $useraddress = "";
                $usercity = "";
                $userstate = "";
                $userzipcode = "";
                $userphone = "";
$userEmail = "";
                }
$userSubject = "";
$userMessage = "";
$userCopyMe = "";
$userEmailTo = "";
}

//function to display message
function display_messages()
{
global $message;
global $messagenoterror;

$y = "0";
if (!empty($message) && $messagenoterror != "1") {
echo "The following errors were encountered when trying to process your message:<br />";
}
while ($y < 10) {
if (!empty($message[$y])) {
if ($messagenoterror != "1") {
echo " - ";
}
echo $message[$y]."<br />";
}
$y++;
}
}

//----- End Functions -----\\

//----- Start Set Variables -----\\
$mail_subject = $_POST['userSubject'];
$submittime = $_SESSION['submittime'];
$currenttime = time();
$allowedtime = $currenttime - $delay;
$timeleft = $submittime - $allowedtime;
$p = "0";
get_values(1,1);
$EmailContent = "Name:\n".$userName."\n\n"."Address:\n".$useraddress."\n\n"."City:\n".$usercity."\n\n"."State:\n".userstate."\n\n"."Zipcode:\n".userzipcode."\n\n"."Phone Number:\n".userphone."\n\n"."Email:\n".$userEmail."\n\n"."Subject:\n".$userSubject."\n\n"."Message:\n".$userMessage."\n\n"."User Agent:\n".$_SERVER["HTTP_USER_AGENT"]."\n\n"."User IP:\n".$_SERVER["REMOTE_ADDR"];
//----- End Set Variables -----\\

//check if form submitted
if ($_POST){

//----- Start Error Checking -----\\

//check to see if fields already been checked
if ($_POST['previewdone'] != "1") {

//check if all fields filled in
if (!$_POST['userName'] ||!$POST['useraddress'] || !$_POST['userEmail'] || !$_POST['userSubject'] || !$_POST['userMessage']){
$message[$p] = "All required fields not filled in.";
$p++;
get_values(1,0);
$notcomplete = "1";
}

//check if email is in valid format
if(check_email($_POST['userEmail']) == "0" && $_POST['userEmail']){
$message[$p] = "Invalid e-mail address.";
$p++;
get_values(1,0);
}

//check if security code is correct
if($_POST['userSecurityCode'] != base64_decode($_POST['SecurityCode']) && $usesecuritycode == "true" && $notcomplete != "1"){
$message[$p] = "Wrong security code";
$p++;
get_values(1,0);
}

//check that x seconds has passed
if($submittime > $allowedtime && $usetimelimit == "true"){
$message[$p] = "You are trying to send messages too often, please try again after ".$timeleft." seconds";
$p++;
get_values(1,0);
}

}

//----- End Error Checking -----\\

//----- Start Set Cookies ------\\

if ($rememberdetails == "true") {
$cookietime = time()+60*60*24*$rememberdays;
//set cookie to remember userid for x days
setcookie("userName", $_POST['userName'], $cookietime, "/");
//set cookie to remember password for x days
setcookie("userEmail", $_POST['userEmail'], $cookietime, "/");
}

//----- End Set Cookies ------\\

//----- Start Final Check & Process Form ------\\

if ($preview == "true" && $_POST['previewdone'] == "1") {
$continue = "1";
} elseif ($preview == "true" && $_POST['previewdone'] != "1") {
$continue = "0";
} else {
$continue = "1";
}

//check to see whether there are any errors, if no then continue
if (empty($message) && $continue == "1" && empty($_POST['edit'])){

//check to see whether the user can pick the recipitent, if yes get recepitent chosen
if ($listofrecipients == "true") {
$explodedresult = explode(" >< ", $recipientslist[$_POST['userEmailTo']]);
$mail_to = $explodedresult[1];
}

//Check to see if mail sent correctly
get_values(1,0);
if(mail($mail_to,$mail_subject,$EmailContent,"From:".$userName." <".$userEmail.">")){

//check to see if user wants a copy of the message, if yes send them one
if ($_POST['userCopyMe'] == "1"){
mail($_POST['userEmail'],"Copy of sent message: ".$mail_subject,$EmailContent,"From:".$userName." <".$userEmail.">");
}

//check to see if user wants to store submissions
if ($store == "true") {
//connect to db
$connect = @mysql_connect($host,$user,$pass);
//select db
$selectdb = @mysql_select_db($dbname);
//get variables
get_values(1,1);
$userAgent = $_SERVER["HTTP_USER_AGENT"];
$userIP = $_SERVER["REMOTE_ADDR"];
$userTime = date($dateformat);
//insert data
$sql = "INSERT INTO `$tablename` (`ID`, `userName`, 'useraddress' .' usercity' , 'userstate' , 'userzipcode', 'userphone' ,`userEmail`, `userSubject`, `userMessage`, `userCopyMe`, `userEmailTo`, `userAgent`, `userIP`, `userTime`) VALUES ('', '$userName', '$useraddress' , '$usercity' , '$userstate' , '$userzipcode' , '$userphone' , '$userEmail', '$userSubject', '$userMessage', '$userCopyMe', '$userEmailTo', '$userAgent', '$userIP', '$userTime')";
$result = @mysql_query($sql);
}

//tell user message sent successfully
$message[0] = "Thank you, your message has been sent.";
$messagenoterror = "1";

//clear form values
clear_values();

//store submit time for use with time limit feature
$_SESSION['submittime'] = time();

//check to see if user should be redirected
if ($redirectonsuccess == "true") {
?>
<script type="text/javascript">
<!--
window.location.href = "<?php echo $redirecturl; ?>";
-->
</script>
<?php
}

//if error provide link
}else{
//provide link to user to send using their default email
$message[0] = "There was an error.  Please click <a href=\"mailto:".$mail_to."?subject=".$_POST['userSubject']."&amp;body=".$_POST['userMessage']."\">here</a> to send your message via your default e-mail program.";
$messagenoterror = "1";
get_values(1,0);
}

$formsent = "1";

}

} else {

if ($rememberdetails == "true") {
$userName = $_COOKIE['userName'];
                $useraddress = $_COOKIE ['useraddress'];
                $usercity = $_COOKIE ['usercity'];
                $userstate = $_COOKIE ['userstate'];
                $userzipcode = $_COOKIE['userzipcode'];
                $userphone = $_COOKIE ['userphone'];
$userEmail = $_COOKIE['userEmail'];
}

}

//----- End Final Check & Process Form ------\\
?>

<!-- Start Output -->

<?php
if ($preview == "true" && $_POST['previewfirst'] == "1" && $formsent != "1" && empty($message) && empty($_POST['edit'])) {
get_values(1,0);
?>

<!-- Start Preview -->

<form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">

<!-- Start Name Field-->
Name
<br />
<?php echo $userName; ?><input type="hidden" name="userName" value="<?php echo $userName; ?>" />
<br /><br />
<!-- End Name Field-->

                <!--- Start Address Field--!>
                      Address
                       <br />
                        <?php echo $useraddress; ?><input type="hidden" name="useraddress" value="<?php echo $useraddress; ?>" />
                          <br /> <br />
                 <!--End of Address Field--!>

                  <!--Start of City Field--!>
                        City
                        <br />
                        <?php echo $usercity; ?><input type "hidden" name="usercity" value="<?php echo $usercity; ?>" />
                         <br /> <br />
                  <!--End of City Field--!>

                   <!--Start of State Field--!>
                   State
                        <br />
                         <?php echo $userstate; ?><input type ="hidden" name="userstate" value="<?php echo $userstate; ?>" />
                          <br /> <br />
    <!--End of State Field--!>

                     <!--Start of Zipcode Field--!>
                      Zipcode
                          <br />
                          <?php echo $userzipcode; ?><input type = "hidden" name="userzipcode" value ="<?php echo $userzipcode; ?>" />
                           <br /> <br />
                      <!--End of Zipcode Field--!>

                    <!--Start of Phone Field--!>
                        Phone
                        <br />
                        <?php echo $userphone; ?><input type="hidden" name="userphone" value="<?php echo $userphone; ?>" />
                         <br /> <br />
                     <!--End of Phone Field--!>

                     <!-- Start E-mail Field-->
E-mail
<br />
<?php echo $userEmail; ?><input type="hidden" name="userEmail" value="<?php echo $userEmail; ?>" />
<br /><br />
<!-- End E-mail Field-->

<!-- Start Recipient Field-->
<?php if ($listofrecipients == "true") { ?>
Recipient
<br />
<?php
$i = "0";
while ($i < count($recipientslist)){
$explodedrecipient = explode(" >< ", $recipientslist[$i]);
?>
<?php if ($userEmailTo == $i) { echo $explodedrecipient[0]; $n = $i; } ?>
<?php $i++; }?>
<input type="hidden" name="userEmailTo" value="<?php echo $n; ?>" />
<br /><br />
<?php } ?>
<!-- End Recipient Field-->

<!-- Start Subject Field-->
Subject
<br />
<?php if ($listofsubjects == "false") { ?>
<?php echo $userSubject; ?>
<?php } else { ?>
<?php
$i = "0";
while ($i < count($subjects)){
?>
<?php if ($userSubject == $subjects[$i]) {  echo $subjects[$i]; } ?>
<?php $i++; }?>
<?php } ?>
<input type="hidden" name="userSubject" value="<?php echo $userSubject; ?>" />
<br /><br />
<!-- End Subject Field-->

<!-- Start Message Field-->
Description of your Multi Media Needs
<br />
<?php echo nl2br($userMessage); ?><input type="hidden" name="userMessage" value="<?php echo $userMessage; ?>" />
<br /><br />
<!-- End Message Field-->


<!-- Start Copy Me Field-->
<?php if ($copyme == "true") { ?>
Send me a copy of the message?
<br />
<?php if ($userCopyMe == "1") { echo "Yes"; } else { echo "No"; }?>
<input type="hidden" name="userCopyMe" value="<?php echo $userCopyMe; ?>" />
<br /><br />
<?php } ?>
<!-- End Copy Me Field-->

<!-- Start Submit Button-->
<input type="submit" name="edit" value="Edit" /> <input type="submit" name="submit" value="Send" />
<!-- End Submit Button-->

<!-- Start Preview Done Field -->
<input type="hidden" name="previewdone" value="1" />
<!-- End Preview Done Field -->

</form>

<!----- End Preview ----->

<br /><br />
<?php
} else {
?>

<?php
//display any messages
display_messages();
?>

<form method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>">

<!-- Start Name Field-->
Name
<br />
<input type="text" name="userName" value="<?php echo $userName; ?>" />
<br /><br />
<!-- End Name Field-->

                <!--- Start Address Field--!>
                      Address
                       <br />
                        <input type="text" name="useraddress" value="<?php echo $useraddress; ?>" />
                          <br /> <br />
                 <!--End of Address Field--!>

                  <!--Start of City Field--!>
                        City
                        <br />
                        <input type "text" name="usercity" value="<?php echo $usercity; ?>" />
                         <br /> <br />
                  <!--End of City Field--!>

                   <!--Start of State Field--!>
                   State
                        <br />
                         <input type ="text" name="userstate" value="<?php echo $userstate; ?>" />
                          <br /> <br />
    <!--End of State Field--!>
                 
                     <!--Start of Zipcode Field--!>
                       Zipcode
                       <br />
                          <input type ="text" name= "userzipcode" value"<?php echo $userzipcode;?>" />
                           <br /> <br />

                       <!--End of Zipcode Field--!>

                    <!--Start of Phone Field--!>
                        Phone
                        <br />
                        <input type="text" name="userphone" value="<?php echo $userphone; ?>" />
                         <br /> <br />
                     <!--End of Phone Field--!>

<!-- Start E-mail Field-->
E-mail
<br />
<input type="text" name="userEmail" value="<?php echo $userEmail; ?>" />
<br /><br />
<!-- End E-mail Field-->

<!-- Start Recipient Field-->
<?php if ($listofrecipients == "true") { ?>
Recipient
<br />
<select name="userEmailTo">
<?php
$i = "0";
while ($i < count($recipientslist)){
$explodedrecipient = explode(" >< ", $recipientslist[$i]);
?>
<option value="<?php echo $i; ?>" <?php if ($userEmailTo == $i) { echo "selected=\"selected\""; }?>><?php echo $explodedrecipient[0]; ?></option>
<?php $i++; }?>
</select>
<br /><br />
<?php } ?>
<!-- End Recipient Field-->

<!-- Start Subject Field-->
Subject
<br />
<?php if ($listofsubjects == "false") { ?>
<input type="text" name="userSubject" value="<?php echo $userSubject; ?>" />
<?php } else { ?>
<select name="userSubject">
<?php
$i = "0";
while ($i < count($subjects)){
?>
<option value="<?php echo $subjects[$i]; ?>" <?php if ($userSubject == $subjects[$i]) { echo "selected=\"selected\""; }?>><?php echo $subjects[$i]; ?></option>
<?php $i++; }?>
</select>
<?php } ?>
<br /><br />
<!-- End Subject Field-->

<!-- Start Message Field-->
Description of your Multi Media needs
<br />
<textarea name="userMessage" rows="6" cols="40"><?php echo $userMessage; ?></textarea>
<br /><br />
<!-- End Message Field-->

<!-- Start Security Code Field-->
<?php
//check to see if security code feature is on
if ($usesecuritycode == "true") {
$randcode = mt_rand(100000, 999999);
$randcodesec = base64_encode($randcode);
?>
Type the code you see on the image below
<br />
<input type="text" name="userSecurityCode" /><input type="hidden" name="SecurityCode" value="<?php echo $randcodesec; ?>" />
<br /><br />
<img src="gd.php?randcode=<?php echo $randcodesec; ?>" alt="Security Code" />
<br /><br />
<?php } ?>
<!-- End Security Code Field-->

<!-- Start Copy Me Field-->
<?php if ($copyme == "true") { ?>
Check the box if you wish to be sent a copy of this message
<br />
<input type="checkbox" name="userCopyMe" value="1" <?php if ($userCopyMe == "1") { echo "checked=\"checked\""; }?> />
<br /><br />
<?php } ?>
<!-- End Copy Me Field-->

<!-- Start Submit Button-->
<input type="submit" name="submit" value="<?php if ($preview == "true") { echo "Preview Before Send"; } else { echo "Send"; } ?>" />
<!-- End Submit Button-->

<!-- Start Preview First Field -->
<?php if ($preview == "true") {?>
<input type="hidden" name="previewfirst" value="1" />
<?php } ?>
<!-- End Preview First Field -->

</form>
<br /><br />

<?php
}
ob_end_flush();
?>



<!-- End Output -->

Share this post


Link to post
Share on other sites
You're going to want to take out your password and just so you know, using buffers is not the way to go. There is a limit to how much data can be stored in them, and if your page is too big you will encounter errors.

I'll edit this post after I go through the script.

Share this post


Link to post
Share on other sites
oooops oin my part thanks for the info .. well i am a noobie to php and i know what i have in mind just not sure how to get there. if this script cant be used how could i build a script that would work for my needs with security random letters/digits and also all the fields i need with error checking as well like wrong email or cant leave blank etc..

Share this post


Link to post
Share on other sites
For error checking you can do something like this:

<?php
if (isset($_POST['submitted'])) {
  $errors = array();
  if (empty($_POST['value'])) {
    $errors[] = 'You left value blank!';
  }
  else {
    $value = $_POST['value'];
  }
  if (empty($errors)) { // No errors occured
    // Do the query and such
  }
  else {
    foreach ($errors as $msg) {
      echo '<li> '.$msg.'</li>';
    }
  }
}
else {
    // Show the forum
}
?>

Then in your form just make a hidden input named "submitted" and the value TRUE. It's pretty simple.

You'll need to use a regular expression to check for a valid email address. We've got a forum here just for regular expressions you should check out!

EDIT:
Oh, and it's not that your script wont work, it just seems ridiculously long for something that SHOULD be simple. What exactly are you trying to accomplish?

+ Instead of doing a random code, you could just use regular random words--they're easier for the end user to type in and just as secure IMO.

Share this post


Link to post
Share on other sites
and thanks for the quick reply .. Just wanting to have a form to user to fill out lwith name,address,city,state,zipcode,and message area with a random code or letters to help prevent abuse. and another thing is i do not know how to do a drop down box with all the states in it abbervated like MS etc etc...

Share this post


Link to post
Share on other sites
Here's something really quick ($dbc is the variable of your connection to a database):

[code]
<?php

// This is a function to prevent MYSQL injection
function escape_data ($data) {
  global $dbc; // Need the connection.
  if (ini_get('magic_quotes_gpc')) {
    $data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
}

if (isset($_POST['submitted'])) {
  $errors = array();
  if (empty($_POST['name'])) {
    $errors[] = 'You did not enter a name!';
  }
  else {
    $name = escape_data($_POST['name']);
  }
  if (empty($errors)) {
    $query = "INSERT INTO tablename (name, address, city, state, zipcode, message) VALUES ('$name', '$address', '$city', '$state', '$zipcode', '$message')";
    $result = mysql_query($query) or die(mysql_error());
    if ($result) {
      echo 'Thankyou '.escape_data($name).' for filling out the form!';
    }
    else {
        echo mysql_error();
    }
  }
  else {
    foreach ($errors as $msg) {
      echo '<li> '.$msg.'</li>';
    }
  }
}
else {
   // Show the form
   echo '<form action="thisfile.php" method="post">
   <b>Name:</b> <input type="text" name="name" size="30">
   <input type="submit" name="submit" value="Submit">
  <input type="hidden" name="Submitted" value="TRUE"></form>';
}

?>
[/code]

I don't have time to put in all the name, address, etc. but you can just copy and paste the part I did for name. Also, you should add something for your zipcodes making sure they're numbers like so:

[code]<?php

if (!is_numeric($_POST['zipcode'])) {
  $errors[] = 'Invalid zipcode';
}

?>[/code]

As for making a drop down, you're going to be writing quite a bit, but this is the basic syntax:

[code]
<select name="state">
  <option value="AL">Alabama</option>
  <option value="AK">Alaska</option>
  <option value="AZ">Arizona</option>
  <option value="AR">Arkansas</option>
</select>[/code]

Just keep going with all the states! Quite tedious, yes, but that's the way it is. :)

I'm getting offline to eat dinner, but let me know if you need help and I'll answer when I can. Good luck with the script!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.