Jump to content

Few issues with my mailing form

Irresistable

By Irresistable
in PHP Coding Help

Recommended Posts

Irresistable Member

Irresistable

Posted
Posted

Hello Freaks :D

I have a few issues with my mail form.

It is password protected and this works fine. So ignore the "include password_protect.php"

The email has 5 fields:-

To:

From:

Subject:

Message:

Captcha:

 

At the moment, looking at it, I don't think it has a "to:" address implemented.

If it is there, or if it's not. I would like to be created so that the user types in the "to:" address and the mail gets sent there.

 

All spam mails should be delivered to [email protected]

Which I'm not sure if thats set either. Theres a bunch of [email protected]

However.. I'm not sure what line of them is for what?

 

The captcha, has an error field in the PHP code. Though its not connected to the captcha field.

 

To sum up the above. To: should be who the email is sent to. From: is who its from. Spam goes to the specified spam email address. With captcha field having the error field connected.

 

Theres annoying thing about this. I login to the password protected page which is.. the page that has the email form etc. It automatically shows the error fields connected. eg:

"To: is empty! ( this field is required )"

"Email does not appear to be valid"

"Subject: is empty! ( This field is required )"

"Message: is empty! ( This field is required )"

 

Those error fields show.. without entering any values or attempting to submit the form.

*Unless.. when clicking the submit button on the password protect, the php for the email form recognises it as trying to submit the email form too* If so.. this needs to be fixed.

 

Here is the whole php code with form (Big huge file):

<?php include("password_protect.php"); ?>
<?php

$FName = 'Newsletter';
$FEmail = '';
$FSpamEmail = '';
$FWebsiteAfter = 'www.developers-community.com/thankyou.html';
$FCopyToSender = 0;
$FExporting = 0;
$FDMode = 1;
$FMesFromT = 2;
$FMesName = 1;
$FMesFrom = 1;
$FMesSubjectT = 2;
$FMesSubject = 2;
$FCopyToSender = 0;
$FExporting = 0;
$FieldsNo = 4;
$FieldName[0] = 'To:';
$FieldType[0] = 1;
$FieldTypeExt[0] = '';
$FieldCols[0] = 30;
$FieldRows[0] = 0;
$FieldS[0] =
$FieldRequired[0] = 1;
$FieldName[1] = 'From:';
$FieldType[1] = 1;
$FieldTypeExt[1] = '';
$FieldCols[1] = 30;
$FieldRows[1] = 0;
$FieldS[1] =
$FieldRequired[1] = 1;
$FieldName[2] = 'Subject:';
$FieldType[2] = 1;
$FieldTypeExt[2] = '';
$FieldCols[2] = 30;
$FieldRows[2] = 0;
$FieldS[2] =
$FieldRequired[2] = 1;
$FieldName[3] = 'Message: ';
$FieldType[3] = 2;
$FieldTypeExt[3] = '';
$FieldCols[3] = 60;
$FieldRows[3] = 10;
$FieldS[3] =
$FieldRequired[3] = 1;

// Error Messages
$HtmlErrorStart = '<font size="2" color="#CC0808">';
$HtmlErrorEnd = '</font>';
$msgErrorTooLongs = ' is too long! (Max ';
$msgErrorTooLonge = ' characters)';
$msgErrorTooShorts = ' is too short! (Min ';
$msgErrorTooShorte = ' characters)';
$msgErrorFieldEmpty = ' is empty! ( This field is required )';
$msgError = 'Error : ';
$msgErrorBadFields = 'Some fields are empty or invalid.';

// Needed functions
// --------------------------------------------------------------
function checkminsize($input, $min) // Check a string size
{
if (strlen($input)<$min) return 0;
else return 1;

}

// --------------------------------------------------------------
function checkmaxsize($input, $max) // Check a string size
{
if (strlen($input)>$max) return 0;
else return 1;
}

// --------------------------------------------------------------
function CheckTextSize($text, $min, $max, $errno, $errfieldname)
{
global $mmsg, $verifyok, $HtmlErrorStart, $HtmlErrorEnd, $msgErrorTooLongs, $msgErrorTooLonge, $msgErrorTooShorts, $msgErrorTooShorte, $msgErrorFieldEmpty, $mmsgt, $msgError, $msgErrorBadFields;
                                
if (!checkminsize($text,$min)) 
{                        
$mmsg[$errno] = $HtmlErrorStart . $errfieldname . $msgErrorTooShorts . $min . $msgErrorTooShorte . $HtmlErrorEnd; 
$verifyok = 0;
}
if (!checkmaxsize($text,$max)) 
{
$mmsg[$errno] = $HtmlErrorStart . $errfieldname . $msgErrorTooLongs . $max . $msgErrorTooLonge . $HtmlErrorEnd; 
$verifyok = 0;
}
if ($min>0)
if (!checkminsize($text,1)) 
{
$mmsg[$errno] = $HtmlErrorStart . $errfieldname . $msgErrorFieldEmpty . $HtmlErrorEnd;
$verifyok = 0;
}

if ($verifyok == 0 ) 
{
$mmsg[0] = $msgError . $msgErrorBadFields; 
$mmsgt = 1;
} 

return $verifyok;

}

// --------------------------------------------------------------
function SecurityCheckCode($Turing)
{ 

global $ImageCode;
if ( !isset( $_SESSION['turing_string'] ) ) { $ImageCode = ''; return 1; }
else if ( strtoupper($_SESSION['turing_string']) == strtoupper($Turing) ) { $ImageCode = 'ok'; return 1; }
	else { $ImageCode = 'wrong'; return 0; }
}

// --------------------------------------------------------------
function getip() // Returns the real Ip in most cases
{
if (isSet($_SERVER)) {
if (isSet($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$realip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} elseif (isSet($_SERVER["HTTP_CLIENT_IP"])) {
$realip = $_SERVER["HTTP_CLIENT_IP"];
} else {
$realip = $_SERVER["REMOTE_ADDR"];
}

} else {
if ( getenv( 'HTTP_X_FORWARDED_FOR' ) ) {
$realip = getenv( 'HTTP_X_FORWARDED_FOR' );
} elseif ( getenv( 'HTTP_CLIENT_IP' ) ) {
$realip = getenv( 'HTTP_CLIENT_IP' );
} else {
$realip = getenv( 'REMOTE_ADDR' );
}
}
return $realip; 
}

// Processing form
// --------------------------------------------------------------

session_start();

$RealIp = getip();

if ( $_SESSION['FReferer'] == '' ) 
{
$R = @$_SERVER['HTTP_REFERER'];
if ( R != '' ) $_SESSION['FReferer'] = $R;
}

$Referer = $_SESSION['FReferer'];

// -------------------------------------------------------------------------------------
function CheckEmail($email,$minsize,$maxsize,$err,$fieldname)
{
global $mmsg, $mmsgt, $HtmlErrorStart, $HtmlErrorEnd, $verifyok;

// check if the email string is not empty, has at least 4 chars, is smaller than 64
CheckTextSize($email, $minsize, $maxsize, $err, $fieldname);

if ( ($minsize == 0 ) AND ( $email == '') ) return 0;

// check if is has a valid email format [email protected]
if ( ! (valid_email($email)) )
{$mmsg[$err] = $HtmlErrorStart . 'Email does not appear to be valid' . $HtmlErrorEnd; $mmsgt = 1; $verifyok = 0; return 1;}

// check if the email string contains more than 1 email
if ( substr_count($FEmail, '@') > 1 ) 
{$mmsg[$err] = $HtmlErrorStart . 'Only one email is allowed' . $HtmlErrorEnd; $mmsgt = 1; $verifyok = 0;};

}

// -------------------------------------------------------------------------------------

function valid_email($email) { 
  // First, we check that there's one @ symbol, and that the lengths are right 
  if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { 
    // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. 
    return false; 
  } 
  // Split it into sections to make life easier 
  $email_array = explode("@", $email); 
  $local_array = explode(".", $email_array[0]); 
  for ($i = 0; $i < sizeof($local_array); $i++) { 
     if (!ereg("^(([A-Za-z0-9!#$%&#038;'*+/=?^_`{|}~-][A-Za-z0-9!#$%&#038;'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { 
      return false; 
    } 
  }   
  if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name 
    $domain_array = explode(".", $email_array[1]); 
    if (sizeof($domain_array) < 2) { 
        return false; // Not enough parts to domain 
    } 
    for ($i = 0; $i < sizeof($domain_array); $i++) { 
      if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { 
        return false; 
      } 
    } 
  } 
  return true; 
} 


// Get form settings and fields
for ($i=0;$i<$FieldsNo;$i++)
{
if ( $FieldType[$i] ==3 ) 
	{
	// checkbox
	$FieldData[$i] = '';
	$Options = explode('|', $FieldTypeExt[$i]);
 	$OptionsNo = count($Options);
 	for ($j=0;$j<$OptionsNo;$j++)
		{
		$fd = trim($_POST['FieldData' . $i . '-' . $j]);
		$FieldData[$i] .= $fd;
		if ( ($j<($OptionsNo-1)) and ( $fd !='' ) ) $FieldData[$i] .= ', ';
		}
	}
   else $FieldData[$i] = trim($_POST['FieldData' . $i]); 
}
                          
if ( $HTTP_POST_VARS )
{
// Basic verifications of the form submitted, check if the version is ok 
// and the fields number corsesponds

if ($FieldsNo <> count($FieldData))
	{
        echo 'Error: The number of submitted data fields ( ' . count($FieldData) . ' ) does not corespond to the form ( ' . $FName . ' wich has ' . $FieldsNo . ' fields ).';
        return 3;
        }   

$Hida2 = trim($_POST['hida2']);
                                     
if ($Hida2 != '')
	{
        echo 'Error: Spam submission detected ).';
        return 4;
        }   

$mmsgt = 0;
$verifyok = 1;

$SpamScore = 0;
$DupFields = 0;

$Spam = 0;

$Hida2 = trim($_POST['hida2']);
                                     
if ($Hida2 != '')
	{
      	$mmsg[0] = $HtmlErrorStart . 'Error: Your submission is spam.' . $HtmlErrorEnd; 
	$mmsgt = 1;
	$Spam = 1;
        }   

$SpamWord = array( 'http', 'cialis', 'viagra', 'valium');

for ($i=0;$i<$FieldsNo;$i++)
	if ($FieldType[$i]<6) 
	{
	if ($FieldRequired[$i] == 1)
		{    
		CheckTextSize($FieldData[$i], 1, 10000, ($i+1), $FieldName[$i]);

		if ( ($FMesFromT ==2) && ( $FMesFrom == $i ) ) CheckEmail($FieldData[$FMesFrom], 4, 64, ($i+1), $FieldName[$i]);              
		}
	for ($j=0;$j<Count($SpamWord);$j++)
		{
		$SpamNo = substr_count($FieldData[$i],$SpamWord[$j]);
		$SpamScore = $SpamScore + $SpamNo;
		}
	for ($j=$i+1;$j<$FieldsNo;$j++)
		if  ( ( ($FieldType[$i] ==1 ) or ( $FieldType[$i] ==2) ) and ( ($FieldType[$j] ==1 ) or ( $FieldType[$j] ==2) ) ) if ($FieldData[$i] != '' ) if ($FieldData[$i] == $FieldData[$j]) $DupFields = $DupFields + 1;
	}

if ($SpamScore > 10)
	{
      	$mmsg[0] = $HtmlErrorStart . 'Error: Your submission is spam.' . $HtmlErrorEnd; 
	$mmsgt = 1;
	$Spam = 2;
	}

// Check if the Turing Code is correct
$Turing = trim($_POST['Turing']);
if ( ! ( SecurityCheckCode($Turing)) )
	{
      	$mmsg[0] = $HtmlErrorStart . 'Error: The Code that you entered is not the correct code from the Verification Image!' . $HtmlErrorEnd; 
	$mmsgt = 1;
	$Spam = 4;
	}

// check for new lines in inapropiate places
// check for new lines in the From name and email
if ($FMesFromT ==2)
	if (preg_match("/(%0A|%0D|\\n+|\\r+)/i",$FieldData[$FMesName] . $FieldData[$FMesFrom]))
	      	$FMesFromT = 1; 

// check for new lines in the Subject
if ($FMesSubjectT ==2)
	if (preg_match("/(%0A|%0D|\\n+|\\r+)/i",$FieldData[$FMesSubject]))
	      	$FMesSubjectT = 1;

if ( ($mmsgt !=1) or ($Spam > 0 ) )
{                       

$mime_boundary=md5(time());

// Prepare email
$headers = "";

if ($Spam == 0) 
	{
	if ($FMesFromT ==1)            
		$fromaddress = $_POST("from");
   		elseif ($FMesFromT ==2)
			{
			$CustomerName = $FieldData[$FMesName];
			$CustomerEmail = $FieldData[$FMesFrom];

			$fromaddress = "$CustomerName <$from>";
			}
	$headers .= "From: $fromaddress\r\n";
	$headers .= "Reply-To: $FieldData[$FMesName] <$FieldData[$FMesFrom]>\r\n";
	}
    else $headers .= "From: Developers-Community <[email protected]>\r\n";

$subject = 'Feedback via the ' . $FName;
                                
if ($FMesSubjectT ==2)
      	$subject = $FName . ': ' . $FieldData[$FMesSubject];

if ($Spam > 0) $subject = $FName . ' Spam submission detected';

$headers .= "Message-ID: <".time()."[email protected]>\r\n";
$headers .= "X-Mailer: PHP v".phpversion()."\r\n";
                                                                                  
$headers .= "Content-Type: multipart/mixed; boundary=\"".$mime_boundary. '"' . "\r\n\r\n";

$body = "--".$mime_boundary. "\r\n";

$body .= "Content-Type: text/plain; charset=\"utf-8\"\r\n";
$body .= "Content-Transfer-Encoding: 8bit\r\n\r\n";

if ($Spam > 0) 
	{
	$body .= " The following submission has been detected as spam.\r\n";
	$body .= ' Spam type: ';
	switch ($Spam) {
		case 1 : $body .= "Bad hidden field\r\n\r\n"; break;
		case 2 : $body .= "Bad words detected\r\n\r\n"; break;
		case 3 : $body .= "Same data was filled in more than half fields\r\n\r\n"; break;
		case 4 : $body .= "Bad or invalid captcha code\r\n\r\n"; break;
		case 5 : $body .= "Unknown Ip\r\n\r\n"; break;
		case 6 : $body .= "Injection attack\r\n\r\n"; break;
		case 7 : $body .= "Injection attack\r\n\r\n"; break;
		}
	}

for ($i=0;$i<$FieldsNo;$i++)
	if ($FieldType[$i]<6) $body .= $FieldName[$i] . ': ' . $FieldData[$i] . "\r\n";

$body .= "---------------------------------------------------------------------\r\n";
$body .= 'Visitor Ip: ' . $RealIp . "\r\n";

if ($FExporting == 1)
	{
	$body .= "*** Text Database Entry ***\r\n";
	for ($i=0;$i<($FieldsNo-1);$i++)
		$body .= '"' . $FieldName[$i] . '",';
	$body .= '"' . $FieldName[$FieldsNo-1] . '"' . "\r\n";

	for ($i=0;$i<($FieldsNo-1);$i++)
		$body .= '"' . $FieldData[$i] . '",';
	$body .= '"' . $FieldData[$FieldsNo-1] . '"' . "\r\n";
	}
                                
// Adding attachments
for($i=0; $i<$FieldsNo; $i++)
    		if ($FieldType[$i] == 6) 
		{     
		$fd = 'FieldData' . $i;
      			if (is_uploaded_file($_FILES["$fd"][tmp_name]))
      				{         
        			$handle=fopen($_FILES["$fd"][tmp_name], 'rb');
        			$f_contents=fread($handle, filesize($_FILES["$fd"][tmp_name]));
        			$f_contents=chunk_split(base64_encode($f_contents));    
        			$f_type=filetype($_FILES["$fd"][tmp_name]);
        			fclose($handle);
        
			# Attachment
        			$filename = $_FILES["$fd"][name]; 
			$body .= "--".$mime_boundary."\r\n";
        			$body .= 'Content-Type: ' . $_FILES["$fd"][type] . '; name="' . $filename . '"' . "\r\n";  
        			$body .= "Content-Transfer-Encoding: base64\r\n";
        			$body .= "Content-Description: $FieldName[$i]\r\n";
        			$body .= 'Content-Disposition: attachment; filename="' . $filename . '"'."\r\n\r\n";        				$body .= $f_contents."\r\n\r\n";
      				}
        		}

	 # Finished
  	$body .= "--".$mime_boundary."--\r\n\r\n";  // finish with two eol's for better security. see Injection.

if ($Spam == 0) 
	{
// We try to send the email with verification code
if (mail("$FEmail", $subject, $body, $headers) )
	if ( $SaveEmails == 1)
	{ 
	// The mail has been sent succesfuly, update the email table
 	$query="UPDATE email SET Status='delivered', DateDelivered = NOW() WHERE EmailId='$EmailId'";
		mysql_query($query) or die(mysql_error());
	}
	}
   else if ($FSpamEmail != '') @mail("$FSpamEmail", $subject, $body, $headers);
                  
// If Sending a copy to visitor is checked and the field from where to get the visitor email
// address is selected we send a copy to the visitor
if ( ($FCopyToSender == 1) && ($FMesFromT ==2) AND ($Spam == 0) )
	{ 
	$headers = "From: $FFirstName $FLastName $FEmail \r\n";
	$headers = "Reply-to: $FFirstName $FLastName <$FEmail>\r\n";
	$subject = 'We have received your email';
	if ($FMesSubjectT ==2) 
      		$subject .= ': ' . $FieldData[$FMesSubject];

	$body = 'Hello ' . $FieldData[$FMesName] . ",\r\n \r\n";

	$body .= "We have received your form submission, thank you!\r\n \r\n";
	$body .= "Below is the data submitted:\r\n \r\n";

	for ($i=0;$i<$FieldsNo;$i++)
		if ( $FieldType[$i] <6 ) $body .= $FieldName[$i] . ' : ' . $FieldData[$i] . "\r\n";

	$body .= "\r\nBest regards,\r\n";
	$body .= "$FFirstName $FLastName\r\n";
                                  
	// We try to send the email with verification code
	@mail("$FieldData[$FMesName] <$FieldData[$FMesFrom]>", $subject, $body, $headers);
	}
             
if ($Spam == 0 )
	{
	// Redirect visitor if form was on site, or display an message if form was in window
	switch ($FDMode) {
	case 0 : 
	case 1 : 
	case 2 : $loc = 'Location: ' . $FWebsiteAfter;
		 header($loc);
	 	 exit;
	case 3: echo 'We received your message, thank you for contacting us.';

	}
	return 0;
	}
}
}

// preparing font formating
$ft = '<font';
$sf = 0;
if ($FFontFace != '' ) { $ft .= ' face="' . $FFontFace . '"'; $sf = 1; }
if ($FFontSize != '' ) { $ft .= ' size="' . $FFontSize . '"'; $sf = 1; }
if ($FColor != '' ) { $ft .= ' color="' . $FColor . '"'; $sf = 1; }
if ($sf == 1 ) { $ft .= '>'; $fta = '</font>'; }
else {$ft = ''; $fta = ''; }


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Developers Community - Currently Down</title>
<style type="text/css">
#wrapper h1 {
color: #F00;
}
div#wrapper {
margin-left: auto;
margin-right: auto;
width: 825px;
text-align: center;
font-weight: bold;
font-family: "Comic Sans MS", cursive;
color: #000;
}.text {
text-align: center;
font-family: "Comic Sans MS", cursive;
color: #F00;
}
.forever {
font-style: italic;
}
</style>
<div id="wrapper">
  <h1><u>Developers Community</u></h1>
  <p>This is the newsletter mailer. Only Admin and Moderators may use this.<br />
    If for some reason to got into this page and you are not an Admin or Moderator,<br />
    then DO NOT send a newsletter. If you did, the Admins and Moderators are signed up.<br />
    Therefore, we will find out. It will also have the IP logged, and you will be banned.<br />
    <br />
  Any questions, contact the <a href="mailto:[email protected]" class="text">Admin</a>.<br />
  Please logout after sending the newsletter - <a href="http://www.developers-community.com/mailer/index.php?logout=1" class="text">Logout</a>
  <br />
  </p>
  <form method="post" action="" enctype="multipart/form-data" accept-charset="UTF-8">
    <table width="509" border="0" cellpadding="2" cellspacing="0" bgcolor="#FFFFFF">
<tr valign="top"> 
  <td width="124" nowrap>
  </td>
  <td width="377">
  <? echo $mmsg[0]; ?>
  </td>
  </tr>
<tr valign="top">
<td nowrap>  
  <font face="Verdana" size="2" color="#000000">*To:</font></td> 
  <td>
  <input type="text" name="FieldData0" size="63" value="<? echo $FieldData[0] ?>"><?
echo ' ' . $mmsg[1];
?> 
  </td>
  </tr>
  <tr valign="top"> 
  <td nowrap>
  <font face="Verdana" size="2" color="#000000">*From:</font>
  </td> 
  <td>
  <input type="text" name="FieldData1" size="63" value="<? echo $FieldData[1] ?>"><?
echo ' ' . $mmsg[2];
?> 
  </td>
  </tr>
  <tr valign="top"> 
  <td nowrap>
  <font face="Verdana" size="2" color="#000000">*Subject:</font>
  </td> 
  <td>
  <input type="text" name="FieldData2" size="63" value="<? echo $FieldData[2] ?>"><?
echo ' ' . $mmsg[3];
?> 
  </td>
  </tr>
  <tr valign="top"> 
  <td nowrap>
  <font face="Verdana" size="2" color="#000000">*Message: </font>
  </td> 
  <td><textarea name="FieldData3" cols="60" rows="10"><? echo $FieldData[3] ?></textarea><br><?
echo ' ' . $mmsg[4];
?> 
  </td>
  </tr>
  <tr valign="top"> 
  <td height="49" nowrap><span class="captcha" style="padding: 2px;"><img src="http://www.emailmeform.com/turing.php" alt="captcha" width="121" height="45" id="captcha" /></span></td> 
  <td><span class="captcha" style="padding: 2px;">
    <input type="text" name="Turing" value="" maxlength="100" size="18" />
    [ </span><a href="/capwhat.php">Whats this?</a> ]<br />
    [  <a href="#" onclick=" document.getElementById('captcha').src = document.getElementById('captcha').src + '?' + (new Date()).getMilliseconds()"> Refresh Image</a> ]<br /></td>
  </tr>
  <td align="right">
  <input type="text" name="hida2" value="" maxlength="100" size="3" style="display : none;">
  </td>
  <td>
  <input type="submit" class="btn" value="Send" name="Submit" />
  <input type="reset" class="btn" value="Reset" name="Clear" />
  </td>
  </tr>
    </table>
</form>
<div><script type="text/javascript">
var d=new Date()
var weekday=new Array("Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday")
var monthname=new Array("Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec")
document.write(weekday[d.getDay()] + " ")
document.write(d.getDate() + ". ")
document.write(monthname[d.getMonth()] + " ")
document.write(d.getFullYear())
</script>
<br />
© 2009 Developers Community - All Rights Reserved </p>
  </div>
</div>
</html>

Link to comment
https://forums.phpfreaks.com/topic/180549-few-issues-with-my-mailing-form/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.