JenCollette Posted November 30, 2011 Share Posted November 30, 2011 I have a php form submission on this website: www.judelawllc.com There are several required fields...and when I try to get around them, I am unable to?? Yet, over the last week...we have been getting upwards of 500 submissions that are completely blank? I don't understand how that is possible...or how to correct it. I have tried to add a captcha to the form to add further protection, but the captcha image is too big for the space I have to put this form. I don't like the layout of this site, but I am stuck with it for now...could you let me know what information I can supply you to help figure out how this is happening? Thank you in advance! Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/ Share on other sites More sharing options...
PFMaBiSmAd Posted November 30, 2011 Share Posted November 30, 2011 You would need to post the .php code for the page that processes the form data. Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1292461 Share on other sites More sharing options...
JenCollette Posted November 30, 2011 Author Share Posted November 30, 2011 How do I make the php code look right in this reply? Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1292465 Share on other sites More sharing options...
JenCollette Posted November 30, 2011 Author Share Posted November 30, 2011 Hmm...I read through the rules and the help topics. I don't see how to make the php code look like code, so I will just post it here: <?php function nukeMagicQuotes() { if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); $_GET = array_map('stripslashes_deep', $_GET); $_COOKIE = array_map('stripslashes_deep', $_COOKIE); } } if(function_exists('nukeMagicQuotes')) { nukeMagicQuotes(); } // process the email if (array_key_exists('send', $_POST)) { $to = 'forms@judelawllc.com'; $subject = 'Form Submission from JudeLaw LLC'; //list expected fields $expected = array('name', 'email', 'address', 'city', 'phone', 'time', 'findus', 'other', 'referral', 'needs', 'help'); //set required fields $required = array('name', 'email', 'address', 'city', 'phone'); //create empty array for any missing fields $missing = array(); //assume that there is nothing suspect $suspect = false; //create a pattern to locate suspect phrases $pattern = '/Content-Type:|Bcc:|Cc:/i'; //function to check for suspect phrases function isSuspect($val, $pattern, &$suspect) { //if the variable is an array, loop through each element //and pass it recursively back to the same function if (is_array($val)) { foreach ($val as $item) { isSuspect($item, $pattern, $suspect); } } else { //if one of the suspect phrases is found, set Boolean to true if (preg_match($pattern, $val)) { $suspect = true; } } } //check the $_POST array and any sub-arrays for suspect content isSuspect($_POST, $pattern, $suspect); if ($suspect) { $mailSent = false; unset($missing); } else { //process the $_POST variables foreach ($_POST as $key => $value) { //assign to temporary variable and strip whitespace if not an array $temp = is_array($value) ? $value : trim($value); //if empty and required, add to $missing array if (empty($temp) && in_array($key, $required)) { array_push($missing, $key); } //otherwise, assign to a variable of the same name as $key elseif (in_array($key, $expected)) { ${$key} = $temp; } } } //validate the email address if (!empty($email)) { //regex to ensure no illegal characters in email address $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/'; //reject the email address if it doesn't match if (!preg_match($checkEmail, $email)) { array_push($missing, 'email'); } } //go ahead only if not suspect and all required fields are OK if (!$suspect && empty($missing)) { //set default values for variables that might not exist $needs = isset($needs) ? $needs : array('None selected'); //build the message $message = "$name\n\n"; $message .= "$email\n\n"; $message .= "$address\n\n"; $message .= "$city\n\n"; $message .= "$phone\n\n"; $message .= "Best time to reach you? $time\n\n"; $message .= "Where did you find us? $findus\n\n"; $message .= "If (other) where did you find us? $other\n\n"; $message .= "If (referral) who referred you? $referral\n\n"; $message .= 'What do you need? '.implode(',',$needs)."\n\n"; $message .= "How may we help you? $help\n\n"; //Send Auto Response to Potential Client //Prepare autoresponder from $myname = "JudeLaw LLC"; $mymail = "doNotReply@judelawllc.com"; //Prepare autoresponder subject $respond_subject = "Thank you for contacting JudeLaw!"; //Prepare autoresponder message $respond_message = "Hello $name! THANK YOU FOR CONTACTING JUDELAW REGARDING YOUR LEGAL NEEDS JudeLaw is a highly experienced bankruptcy and personal injury law firm that can help you. We will provide you the best of client services. Review our client testimonials located on our website!!!!!!! If you need immediate assistance, my helpful staff will get you started, and the attorney will answer all your legal questions. Please contact my office at; • 303-757-JUDE (5833) • 970-339-JUDE (5833) • 719-632-JUDE (5833) Go to our website: www.judelawllc.com. Click on the FAQ tab, and other informational tabs related to Chapter 7 or Chapter 13 bankruptcy as well as car, truck and motorcycle accidents. Whatever your need, we are here for you. JudeLaw, People Helping People. Best Regards, Michael Jude Attorney Attorney Registration #39682 *Please do not reply to this message* For questions or concerns, please email: heidi@judelawllc.com. Thank you! "; $headers = "Content-Type: text/plain; charset=us-ascii\nFrom: $myname <$mymail>\nReply-To: <$mymail>\nReturn-Path: <$mymail>\nX-Mailer: PHP"; /* Send the message using mail() function */ mail($email,$respond_subject, $respond_message, $headers); //create additional headers $additionalHeaders = 'From: JudeLaw Form Submission\r\n'; $additionalHeaders .= 'Cc:FormSubmission@judelawllc.com'; if (!empty($email)) { $additionalHeaders .= "\r\nReply-To: $email"; } //send it to JudeLaw $mailSent = mail($to, $subject, $message, $additionalHeaders); if ($mailSent) { //redirect the page to a fully qualified URL header('Location: http://www.judelawllc.com/contact-thank-you.php'); exit; } } } ?> <div id="sidebarItem1"> <div id="sidebarItem1Content"> <?php if ($_POST && isset($missing) && !empty($missing)) { ?> <p class="warning">Please complete the missing item(s) indicated.</p> <?php } elseif ($_POST && !mailSent) { ?> <p class="warning">Sorry, there was a problem sending your message. Please try later.</p> <?php } elseif ($_POST && $mailSent) { ?> <p><strong>Your message has been sent. Thank you for your feedback. </strong></p> <?php } ?><br /> <a href="http://www.bbb.org/denver/business-reviews/60075-112/jude-law-llc-90107441" target="_blank"><img src="http://www.judelawllc.com/images/BBBLeftNav.gif?bid=90107441&c=blue&h=1" width="165" height="72" border="0" title="Click to verify BBB accreditation and to see a BBB report." alt="Click to verify BBB accreditation and to see a BBB report." /></a><br /><br /> </div> <!-- start RatePoint Widget - Please, do not change --> <iframe src="//sitetools.ratepoint.com/widget/36561?style=0&color=3&wide=1&number_of_reviews=3&average_rating=1&rotate_reviews=1&show_links=1" width="225" height="317" scrolling="no" frameborder="0" border="0"> </iframe> <!-- end RatePoint Widget - Please, do not change --> </div> <div id="sidebarItem4"> <h3>Fill out the form below...<br /> Get a Call TODAY!</h3> <div id="sidebarItem4Content"> <form id ="contactInfo" action="" method="post"> <p> <label for="name">Name: (First, Last)*required<?php if (isset($missing) && in_array('name', $missing)) { ?><br /><span class="warning">Please enter your name</span><?php } ?></label><br /> <input name="name" type="text" class="formbox" id="name" size="27" <?php if (isset($missing)){ echo 'value="'.htmlentities($_POST['name']).'"';}?> /><br /><br /> <label for="email">Email:*required<?php if (isset($missing) && in_array('email', $missing)) { ?><br /> <span class="warning">Please enter your email</span><?php } ?> </label><br /> <input name="email" type="text" class="formbox" id="email" size="27" <?php if (isset($missing)){ echo 'value="'.htmlentities($_POST['email']).'"';}?> /><br /><br /> <label for="address">Street Address:*required<?php if (isset($missing) && in_array('address', $missing)) { ?><br /> <span class="warning">Please enter your street</span><?php } ?> </label><br /> <input name="address" type="text" class="formbox" id="address" size="27" <?php if (isset($missing)){ echo 'value="' .htmlentities($_POST['address']).'"';}?> /><br /><br /> <label for="city">City/State/Zip:*required<?php if (isset($missing) && in_array('city', $missing)) { ?><br /> <span class="warning">Please enter your city/state/zip</span><?php } ?> </label><br /> <input name="city" type="text" class="formbox" id="city" size="27" <?php if (isset($missing)){ echo 'value="' .htmlentities($_POST['city']).'"';}?> /><br /><br /> <label for="phone">Phone:*required<?php if (isset($missing) && in_array('phone', $missing)) { ?><br /> <span class="warning">Please enter your phone<br />Example: 555-555-5555</span><?php } ?> </label><br /> <input name="phone" type="text" class="formbox" id="phone" size="27" <?php if (isset($missing)){ echo 'value="' .htmlentities($_POST['phone']).'"';}?> /><br /><br /> <label for="findus">Where did you find us?</label><br /> <select name="findus" id="findus"> <option value="Select One" <?php if (!$_POST || $_POST['findus'] == 'Select One') { ?> selected="selected" <?PHP } ?> >Select One</option> <option value="Facebook"<?php if (isset($missing) && $_POST['findus'] == 'Facebook') { ?> selected="selected" <?PHP } ?> >Facebook</option> <option value="Google"<?php if (isset($missing) && $_POST['findus'] == 'Google') { ?> selected="selected" <?PHP } ?> >Google</option> <option value="Yahoo"<?php if (isset($missing) && $_POST['findus'] == 'Yahoo') { ?> selected="selected" <?PHP } ?> >Yahoo</option> <option value="Bing"<?php if (isset($missing) && $_POST['findus'] == 'Bing') { ?> selected="selected" <?PHP } ?> >Bing</option> <option value="Yelp"<?php if (isset($missing) && $_POST['findus'] == 'Yelp') { ?> selected="selected" <?PHP } ?> >Yelp.com</option> <option value="LinkedIn"<?php if (isset($missing) && $_POST['findus'] == 'LinkedIn') { ?> selected="selected" <?PHP } ?> >LinkedIn</option> <option value="Twitter"<?php if (isset($missing) && $_POST['findus'] == 'Twitter') { ?> selected="selected" <?PHP } ?> >Twitter</option> <option value="Craigslist"<?php if (isset($missing) && $_POST['findus'] == 'Craigslist') { ?> selected="selected" <?PHP } ?> >Craigslist</option> <option value="Backpage"<?php if (isset($missing) && $_POST['findus'] == 'Backpage') { ?> selected="selected" <?PHP } ?> >Backpage</option> <option value="AngiesList"<?php if (isset($missing) && $_POST['findus'] == 'AngiesList') { ?> selected="selected" <?PHP } ?> >Angie's List</option> <option value="Mapquest"<?php if (isset($missing) && $_POST['findus'] == 'Mapquest') { ?> selected="selected" <?PHP } ?> >Mapquest</option> <option value="GoogleMap"<?php if (isset($missing) && $_POST['findus'] == 'GoogleMap') { ?> selected="selected" <?PHP } ?> >Google Maps</option> <option value="9News"<?php if (isset($missing) && $_POST['findus'] == '9News') { ?> selected="selected" <?PHP } ?> >9 News</option> <option value="Google Places"<?php if (isset($missing) && $_POST['findus'] == 'GooglePlaces') { ?> selected="selected" <?PHP } ?> >Google Places</option> <option value="BBB"<?php if (isset($missing) && $_POST['findus'] == 'BBB') { ?> selected="selected" <?PHP } ?> >BBB</option> <option value="CBA"<?php if (isset($missing) && $_POST['findus'] == 'CBA') { ?> selected="selected" <?PHP } ?> >CBA</option> <option value="Martindale"<?php if (isset($missing) && $_POST['findus'] == 'Martindale') { ?> selected="selected" <?PHP } ?> >Martindale</option> <option value="Avvo"<?php if (isset($missing) && $_POST['findus'] == 'Avvo') { ?> selected="selected" <?PHP } ?> >Avvo</option> <option value="Haystack"<?php if (isset($missing) && $_POST['findus'] == 'Haystack') { ?> selected="selected" <?PHP } ?> >Haystack</option> <option value="YellowPages"<?php if (isset($missing) && $_POST['findus'] == 'YellowPages') { ?> selected="selected" <?PHP } ?> >YellowPages.com</option> <option value="GooglePlus"<?php if (isset($missing) && $_POST['findus'] == 'GooglePlus') { ?> selected="selected" <?PHP } ?> >Google +</option> <option value="Ning"<?php if (isset($missing) && $_POST['findus'] == 'Ning') { ?> selected="selected" <?PHP } ?> >Ning</option> <option value="Referral"<?php if (isset($missing) && $_POST['findus'] == 'Referral') { ?> selected="selected" <?PHP } ?> >Referral</option> <option value="Other"<?php if (isset($missing) && $_POST['findus'] == 'Other') { ?> selected="selected" <?PHP } ?> >Other</option> </select><br /><br /> <label for="other">If (other) please tell us where?</label><br /> <input name="other" type="text" class="formbox" id="other" size="27" <?php if (isset($missing)){ echo 'value="'.htmlentities($_POST['other']).'"'; } ?> /><br /><br /> <label for="referral">If (referral) please tell us who?</label><br /> <input name="referral" type="text" class="formbox" id="referral" size="27" <?php if (isset($missing)){ echo 'value="'.htmlentities($_POST['referral']).'"'; } ?> /> <fieldset id="needs"> <p>What do you need?<br /> <input type="checkbox" name="needs[]" value="Bankruptcy" id="bk" <?php $OK = isset($_POST['needs']) ? true: false; if ($OK && isset($missing) && in_array('Bankruptcy',$_POST['needs'])) { ?> checked="checked" <?php } ?> /> <label for="bk">Bankruptcy</label><br /> <input type="checkbox" name="needs[]" value="Personal Injury" id="pi" <?php if ($OK && isset($missing) && in_array('Personal Injury',$_POST['needs'])) { ?> checked="checked" <?php } ?> /> <label for="pi">Personal Injury</label><br /> <input type="checkbox" name="needs[]" value="Other" id="other2"<?php if ($OK && isset($missing) && in_array('Other',$_POST['needs'])) { ?> checked="checked" <?php } ?> /> <label for="consult">Other</label><br /></p></fieldset> <p><label for="help">How may we help you?</label><br /> <textarea name="help" id="help" cols="21"><?php if (isset($missing)){echo htmlentities($_POST['help']);}?></textarea><br /><br /> <input name="send" id="send" type="submit" value="Send Email"> </p></form> </div> </div> MOD EDIT: . . . BBCode tags added. Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1292469 Share on other sites More sharing options...
Pikachu2000 Posted November 30, 2011 Share Posted November 30, 2011 When posting code, enclose it within the forum's . . . BBCode tags. Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1292472 Share on other sites More sharing options...
PFMaBiSmAd Posted November 30, 2011 Share Posted November 30, 2011 As long as $_POST['send'] is set, your code will execute the two mail() statements (which I just confirmed on a copy of the code you posted.) Your code to test for 'required' fields doesn't actually test anything. If no $_POST[some_key] key/values exist, that code doesn't have anything to loop over (it actually just loops once for the $_POST['send'] key/value.) You need to loop over the array of required fields in $required and test if the corresponding trimmed $_POST[key] is empty or not. Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1292478 Share on other sites More sharing options...
JenCollette Posted November 30, 2011 Author Share Posted November 30, 2011 You totally lost me... Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1292489 Share on other sites More sharing options...
PFMaBiSmAd Posted November 30, 2011 Share Posted November 30, 2011 Here is some code to use. 1) I recommend trimming all the $_POST data at once. This will address arrays in the code and make the code that loops over the data independent of the type of form field. You can either add a trim statement in your existing stripslashes_deep function definition or add the following new code near the start of your code - function trim_deep($value) { $value = is_array($value) ? array_map('trim_deep', $value) : trim($value); return $value; } $_POST = array_map('trim_deep', $_POST); // trim all the post data 2) Replace the existing foreach(){} loop with the following - //process the $_POST variables // loop over all the expected fields foreach($expected as $key){ $temp = isset($_POST[$key]) ? $_POST[$key] : ''; // value or default to empty string if(in_array($key,$required) && empty($temp)){ // a required field is empty $missing[] = $key; // flag the field as missing } if(in_array($key, $expected)) { ${$key} = $temp; // all expected fields are converted to named program variables } } 3) The special handling for an empty $needs array needs to be changed to - //set default values for variables that might not exist $needs = !empty($needs) ? $needs : array('None selected'); Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1292602 Share on other sites More sharing options...
floridaflatlander Posted November 30, 2011 Share Posted November 30, 2011 I have tried to add a captcha to the form to add further protection, but the captcha image is too big for the space I have to put this form. Have input validation as stated already. You can't add some type of captcha between "May be help you box" and the "send email" button, it might not look pretty but it would work. Also you can just make a small jpg and have someone enter that, it would slow down bots. I have one that's just a jpg of 4321 with some lines through it and it slowed down the bots alot. Here's how I verify data, AKA the poor man's method, it's simple and someone with almost any level of experience can see whats go'in on. // Check for a Description: if (empty($_POST['descrip'])) { $error [] = 1; $descrip_e = '<h5 style="color: red;">* You forgot to enter a description.</h5>'; // echo this is field empty } else { $descrip = strip_tags($_POST ['descrip']); $descrip = mysqli_real_escape_string($dbc, trim($descrip)); } if (!$error) {INSERT DATA} Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1292632 Share on other sites More sharing options...
JenCollette Posted December 2, 2011 Author Share Posted December 2, 2011 Thanks PFMaBiSmAd! I have made those changes...would you mind checking to make sure I did it right? <?php function nukeMagicQuotes() { if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); $_GET = array_map('stripslashes_deep', $_GET); $_COOKIE = array_map('stripslashes_deep', $_COOKIE); } } if(function_exists('nukeMagicQuotes')) { nukeMagicQuotes(); } function trim_deep($value) { $value = is_array($value) ? array_map('trim_deep', $value) : trim($value); return $value; } $_POST = array_map('trim_deep', $_POST); // trim all the post data // process the email if (array_key_exists('send', $_POST)) { $to = 'forms@judelawllc.com'; $subject = 'Form Submission from JudeLaw LLC'; //list expected fields $expected = array('name', 'email', 'address', 'city', 'phone', 'time', 'findus', 'other', 'referral', 'needs', 'help'); //set required fields $required = array('name', 'email', 'address', 'city', 'phone'); //create empty array for any missing fields $missing = array(); //assume that there is nothing suspect $suspect = false; //create a pattern to locate suspect phrases $pattern = '/Content-Type:|Bcc:|Cc:/i'; //function to check for suspect phrases function isSuspect($val, $pattern, &$suspect) { //if the variable is an array, loop through each element //and pass it recursively back to the same function if (is_array($val)) { foreach ($val as $item) { isSuspect($item, $pattern, $suspect); } } else { //if one of the suspect phrases is found, set Boolean to true if (preg_match($pattern, $val)) { $suspect = true; } } } //check the $_POST array and any sub-arrays for suspect content isSuspect($_POST, $pattern, $suspect); if ($suspect) { $mailSent = false; unset($missing); } else { //process the $_POST variables // loop over all the expected fields foreach($expected as $key){ $temp = isset($_POST[$key]) ? $_POST[$key] : ''; // value or default to empty string if(in_array($key,$required) && empty($temp)){ // a required field is empty $missing[] = $key; // flag the field as missing } if(in_array($key, $expected)) { ${$key} = $temp; // all expected fields are converted to named program variables } } //validate the email address if (!empty($email)) { //regex to ensure no illegal characters in email address $checkEmail = '/^[^@]+@[^\s\r\n\'";,@%]+$/'; //reject the email address if it doesn't match if (!preg_match($checkEmail, $email)) { array_push($missing, 'email'); } } //go ahead only if not suspect and all required fields are OK if (!$suspect && empty($missing)) { //set default values for variables that might not exist $needs = !empty($needs) ? $needs : array('None selected'); //build the message $message = "$name\n\n"; $message .= "$email\n\n"; $message .= "$address\n\n"; $message .= "$city\n\n"; $message .= "$phone\n\n"; $message .= "Best time to reach you? $time\n\n"; $message .= "Where did you find us? $findus\n\n"; $message .= "If (other) where did you find us? $other\n\n"; $message .= "If (referral) who referred you? $referral\n\n"; $message .= 'What do you need? '.implode(',',$needs)."\n\n"; $message .= "How may we help you? $help\n\n"; //Send Auto Response to Potential Client //Prepare autoresponder from $myname = "JudeLaw LLC"; $mymail = "doNotReply@judelawllc.com"; //Prepare autoresponder subject $respond_subject = "Thank you for contacting JudeLaw!"; //Prepare autoresponder message $respond_message = "Hello $name! THANK YOU FOR CONTACTING JUDELAW REGARDING YOUR LEGAL NEEDS JudeLaw is a highly experienced bankruptcy and personal injury law firm that can help you. We will provide you the best of client services. Review our client testimonials located on our website!!!!!!! If you need immediate assistance, my helpful staff will get you started, and the attorney will answer all your legal questions. Please contact my office at; • 303-757-JUDE (5833) • 970-339-JUDE (5833) • 719-632-JUDE (5833) Go to our website: www.judelawllc.com. Click on the FAQ tab, and other informational tabs related to Chapter 7 or Chapter 13 bankruptcy as well as car, truck and motorcycle accidents. Whatever your need, we are here for you. JudeLaw, People Helping People. Best Regards, Michael Jude Attorney Attorney Registration #39682 *Please do not reply to this message* For questions or concerns, please email: heidi@judelawllc.com. Thank you! "; $headers = "Content-Type: text/plain; charset=us-ascii\nFrom: $myname <$mymail>\nReply-To: <$mymail>\nReturn-Path: <$mymail>\nX-Mailer: PHP"; /* Send the message using mail() function */ mail($email,$respond_subject, $respond_message, $headers); //create additional headers $additionalHeaders = 'From: JudeLaw Form Submission\r\n'; $additionalHeaders .= 'Cc:FormSubmission@judelawllc.com'; if (!empty($email)) { $additionalHeaders .= "\r\nReply-To: $email"; } //send it to JudeLaw $mailSent = mail($to, $subject, $message, $additionalHeaders); if ($mailSent) { //redirect the page to a fully qualified URL header('Location: http://www.judelawllc.com/contact-thank-you.php'); exit; } } } ?> <div id="sidebarItem1"> <div id="sidebarItem1Content"> <?php if ($_POST && isset($missing) && !empty($missing)) { ?> <p class="warning">Please complete the missing item(s) indicated.</p> <?php } elseif ($_POST && !mailSent) { ?> <p class="warning">Sorry, there was a problem sending your message. Please try later.</p> <?php } elseif ($_POST && $mailSent) { ?> <p><strong>Your message has been sent. Thank you for your feedback. </strong></p> <?php } ?><br /> <a href="http://www.bbb.org/denver/business-reviews/60075-112/jude-law-llc-90107441" target="_blank"><img src="http://www.judelawllc.com/images/BBBLeftNav.gif?bid=90107441&c=blue&h=1" width="165" height="72" border="0" title="Click to verify BBB accreditation and to see a BBB report." alt="Click to verify BBB accreditation and to see a BBB report." /></a><br /><br /> </div> <!-- start RatePoint Widget - Please, do not change --> <iframe src="//sitetools.ratepoint.com/widget/36561?style=0&color=3&wide=1&number_of_reviews=3&average_rating=1&rotate_reviews=1&show_links=1" width="225" height="317" scrolling="no" frameborder="0" border="0"> </iframe> <!-- end RatePoint Widget - Please, do not change --> </div> <div id="sidebarItem4"> <h3>Fill out the form below...<br /> Get a Call TODAY!</h3> <div id="sidebarItem4Content"> <form id ="contactInfo" action="" method="post"> <p> <label for="name">Name: (First, Last)*required<?php if (isset($missing) && in_array('name', $missing)) { ?><br /><span class="warning">Please enter your name</span><?php } ?></label><br /> <input name="name" type="text" class="formbox" id="name" size="27" <?php if (isset($missing)){ echo 'value="'.htmlentities($_POST['name']).'"';}?> /><br /><br /> <label for="email">Email:*required<?php if (isset($missing) && in_array('email', $missing)) { ?><br /> <span class="warning">Please enter your email</span><?php } ?> </label><br /> <input name="email" type="text" class="formbox" id="email" size="27" <?php if (isset($missing)){ echo 'value="'.htmlentities($_POST['email']).'"';}?> /><br /><br /> <label for="address">Street Address:*required<?php if (isset($missing) && in_array('address', $missing)) { ?><br /> <span class="warning">Please enter your street</span><?php } ?> </label><br /> <input name="address" type="text" class="formbox" id="address" size="27" <?php if (isset($missing)){ echo 'value="' .htmlentities($_POST['address']).'"';}?> /><br /><br /> <label for="city">City/State/Zip:*required<?php if (isset($missing) && in_array('city', $missing)) { ?><br /> <span class="warning">Please enter your city/state/zip</span><?php } ?> </label><br /> <input name="city" type="text" class="formbox" id="city" size="27" <?php if (isset($missing)){ echo 'value="' .htmlentities($_POST['city']).'"';}?> /><br /><br /> <label for="phone">Phone:*required<?php if (isset($missing) && in_array('phone', $missing)) { ?><br /> <span class="warning">Please enter your phone<br />Example: 555-555-5555</span><?php } ?> </label><br /> <input name="phone" type="text" class="formbox" id="phone" size="27" <?php if (isset($missing)){ echo 'value="' .htmlentities($_POST['phone']).'"';}?> /><br /><br /> <label for="findus">Where did you find us?</label><br /> <select name="findus" id="findus"> <option value="Select One" <?php if (!$_POST || $_POST['findus'] == 'Select One') { ?> selected="selected" <?PHP } ?> >Select One</option> <option value="Facebook"<?php if (isset($missing) && $_POST['findus'] == 'Facebook') { ?> selected="selected" <?PHP } ?> >Facebook</option> <option value="Google"<?php if (isset($missing) && $_POST['findus'] == 'Google') { ?> selected="selected" <?PHP } ?> >Google</option> <option value="Yahoo"<?php if (isset($missing) && $_POST['findus'] == 'Yahoo') { ?> selected="selected" <?PHP } ?> >Yahoo</option> <option value="Bing"<?php if (isset($missing) && $_POST['findus'] == 'Bing') { ?> selected="selected" <?PHP } ?> >Bing</option> <option value="Yelp"<?php if (isset($missing) && $_POST['findus'] == 'Yelp') { ?> selected="selected" <?PHP } ?> >Yelp.com</option> <option value="LinkedIn"<?php if (isset($missing) && $_POST['findus'] == 'LinkedIn') { ?> selected="selected" <?PHP } ?> >LinkedIn</option> <option value="Twitter"<?php if (isset($missing) && $_POST['findus'] == 'Twitter') { ?> selected="selected" <?PHP } ?> >Twitter</option> <option value="Craigslist"<?php if (isset($missing) && $_POST['findus'] == 'Craigslist') { ?> selected="selected" <?PHP } ?> >Craigslist</option> <option value="Backpage"<?php if (isset($missing) && $_POST['findus'] == 'Backpage') { ?> selected="selected" <?PHP } ?> >Backpage</option> <option value="AngiesList"<?php if (isset($missing) && $_POST['findus'] == 'AngiesList') { ?> selected="selected" <?PHP } ?> >Angie's List</option> <option value="Mapquest"<?php if (isset($missing) && $_POST['findus'] == 'Mapquest') { ?> selected="selected" <?PHP } ?> >Mapquest</option> <option value="GoogleMap"<?php if (isset($missing) && $_POST['findus'] == 'GoogleMap') { ?> selected="selected" <?PHP } ?> >Google Maps</option> <option value="9News"<?php if (isset($missing) && $_POST['findus'] == '9News') { ?> selected="selected" <?PHP } ?> >9 News</option> <option value="Google Places"<?php if (isset($missing) && $_POST['findus'] == 'GooglePlaces') { ?> selected="selected" <?PHP } ?> >Google Places</option> <option value="BBB"<?php if (isset($missing) && $_POST['findus'] == 'BBB') { ?> selected="selected" <?PHP } ?> >BBB</option> <option value="CBA"<?php if (isset($missing) && $_POST['findus'] == 'CBA') { ?> selected="selected" <?PHP } ?> >CBA</option> <option value="Martindale"<?php if (isset($missing) && $_POST['findus'] == 'Martindale') { ?> selected="selected" <?PHP } ?> >Martindale</option> <option value="Avvo"<?php if (isset($missing) && $_POST['findus'] == 'Avvo') { ?> selected="selected" <?PHP } ?> >Avvo</option> <option value="Haystack"<?php if (isset($missing) && $_POST['findus'] == 'Haystack') { ?> selected="selected" <?PHP } ?> >Haystack</option> <option value="YellowPages"<?php if (isset($missing) && $_POST['findus'] == 'YellowPages') { ?> selected="selected" <?PHP } ?> >YellowPages.com</option> <option value="GooglePlus"<?php if (isset($missing) && $_POST['findus'] == 'GooglePlus') { ?> selected="selected" <?PHP } ?> >Google +</option> <option value="Ning"<?php if (isset($missing) && $_POST['findus'] == 'Ning') { ?> selected="selected" <?PHP } ?> >Ning</option> <option value="Referral"<?php if (isset($missing) && $_POST['findus'] == 'Referral') { ?> selected="selected" <?PHP } ?> >Referral</option> <option value="Other"<?php if (isset($missing) && $_POST['findus'] == 'Other') { ?> selected="selected" <?PHP } ?> >Other</option> </select><br /><br /> <label for="other">If (other) please tell us where?</label><br /> <input name="other" type="text" class="formbox" id="other" size="27" <?php if (isset($missing)){ echo 'value="'.htmlentities($_POST['other']).'"'; } ?> /><br /><br /> <label for="referral">If (referral) please tell us who?</label><br /> <input name="referral" type="text" class="formbox" id="referral" size="27" <?php if (isset($missing)){ echo 'value="'.htmlentities($_POST['referral']).'"'; } ?> /> <fieldset id="needs"> <p>What do you need?<br /> <input type="checkbox" name="needs[]" value="Bankruptcy" id="bk" <?php $OK = isset($_POST['needs']) ? true: false; if ($OK && isset($missing) && in_array('Bankruptcy',$_POST['needs'])) { ?> checked="checked" <?php } ?> /> <label for="bk">Bankruptcy</label><br /> <input type="checkbox" name="needs[]" value="Personal Injury" id="pi" <?php if ($OK && isset($missing) && in_array('Personal Injury',$_POST['needs'])) { ?> checked="checked" <?php } ?> /> <label for="pi">Personal Injury</label><br /> <input type="checkbox" name="needs[]" value="Other" id="other2"<?php if ($OK && isset($missing) && in_array('Other',$_POST['needs'])) { ?> checked="checked" <?php } ?> /> <label for="consult">Other</label><br /></p></fieldset> <p><label for="help">How may we help you?</label><br /> <textarea name="help" id="help" cols="21"><?php if (isset($missing)){echo htmlentities($_POST['help']);}?></textarea><br /><br /> <input name="send" id="send" type="submit" value="Send Email"> </p></form> </div> </div> Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1293333 Share on other sites More sharing options...
JenCollette Posted December 2, 2011 Author Share Posted December 2, 2011 Thanks floridaflatlander....the reason I couldn't add the captcha code wasn't because it didn't fit that way. This form goes in the left navigation of the site. That div tag is only about 200px I believe, if I remember right. The width of the captcha was about 300px and I couldn't find any way to make it small enough to fit in the width I needed. Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1293334 Share on other sites More sharing options...
JenCollette Posted December 2, 2011 Author Share Posted December 2, 2011 Hmmmm, I think I did mess something up. Now, when I upload this to the ftp...I get this error: Parse error: syntax error, unexpected $end in content-nav-sidebar-test.php on line 372 Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1293336 Share on other sites More sharing options...
PFMaBiSmAd Posted December 2, 2011 Share Posted December 2, 2011 Right after the foreach(){} loop code that you replaced, there is now a missing } that corresponds to the else { that is just above that foreach(){} loop code. Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1293349 Share on other sites More sharing options...
JenCollette Posted December 2, 2011 Author Share Posted December 2, 2011 Ahhh...yes, I had found that and fixed it. And everything seems to still work. So, I guess now I just wait to see if I get 500 blank forms! Thank you for your help...I really appreciate it. Quote Link to comment https://forums.phpfreaks.com/topic/252087-i-believe-the-form-submission-on-our-website-has-been-hacked/#findComment-1293364 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.