Grow your CSS skills. Land your dream job.

62-advanced-form-styling-functionality Issue

  • # August 27, 2009 at 6:43 pm

    Greetings Everyone,

    After viewing Chris’s tutorial on 62-advanced-form-styling-functionality I decided to chose it and used it in a clients site. I changed the form slightly with different options. Changed some of the code in the header to reflect these changes. I developed this site locally using Xampp so I couldn’t test the forms. Now they are on a live site and the forms don’t actually work. I don’t know why. Would someone be willing to look over this code to see if something is off for me?

    Code:
    < ?php
    /*
    Template Name: Feedback
    */
    ?>
    < ?php

    session_start();

    function getRealIp() {
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) { //check ip from share internet
    $ip=$_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { //to check ip is pass from proxy
    $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
    $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
    }

    function writeLog($where) {

    $ip = getRealIp(); // Get the IP from superglobal
    $host = gethostbyaddr($ip); // Try to locate the host of the attack
    $date = date("d M Y");

    // create a logging message with php heredoc syntax
    $logging = << n
    << Start of Message >>
    There was a hacking attempt on your form. n
    Date of Attack: {$date}
    IP-Adress: {$ip} n
    Host of Attacker: {$host}
    Point of Attack: {$where}
    < < End of Message >>
    LOG;
    // Awkward but LOG must be flush left

    // open log file
    if($handle = fopen(‘hacklog.log’, ‘a’)) {

    fputs($handle, $logging); // write the Data to file
    fclose($handle); // close the file

    } else { // if first method is not working, for example because of wrong file permissions, email the data

    $to = ‘feedback@northstar-ems.us’;
    $subject = ‘HACK ATTEMPT’;
    $header = ‘From: feedback@northstar-ems.us‘;
    if (mail($to, $subject, $logging, $header)) {
    echo “Sent notice to admin.”;
    }

    }
    }

    function verifyFormToken($form) {

    // check if a session is started and a token is transmitted, if not return an error
    if(!isset($_SESSION[$form.'_token'])) {
    return false;
    }

    // check if the form is sent with token in it
    if(!isset($_POST['token'])) {
    return false;
    }

    // compare the tokens against each other if they are still the same
    if ($_SESSION[$form.'_token'] !== $_POST['token']) {
    return false;
    }

    return true;
    }

    function generateFormToken($form) {

    // generate a token from an unique value, took from microtime, you can also use salt-values, other crypting methods…
    $token = md5(uniqid(microtime(), true));

    // Write the generated token to the session variable to check it against the hidden field when the form is sent
    $_SESSION[$form.'_token'] = $token;

    return $token;
    }

    // VERIFY LEGITIMACY OF TOKEN
    if (verifyFormToken(‘form1′)) {

    // CHECK TO SEE IF THIS IS A MAIL POST
    if (isset($_POST['req-phone'])) {

    // Building a whitelist array with keys which will send through the form, no others would be accepted later on
    $whitelist = array(‘token’,’req-name’,’req-email’,’req-phone’,’req-position’, ‘curText’, ‘save-stuff’);

    // Building an array with the $_POST-superglobal
    foreach ($_POST as $key=>$item) {

    // Check if the value $key (fieldname from $_POST) can be found in the whitelisting array, if not, die with a short message to the hacker
    if (!in_array($key, $whitelist)) {

    writeLog(‘Unknown form fields’);
    die(“Hack-Attempt detected. Please use only the fields in the form”);

    }
    }

    // Lets check the URL whether it’s a real URL or not. if not, stop the script

    if(!filter_var($_POST['URL-main'],FILTER_VALIDATE_URL)) {
    writeLog(‘URL Validation’);
    die(‘Hack-Attempt detected. Please insert a valid URL’);
    }

    // SAVE INFO AS COOKIE, if user wants name and email saved

    $saveCheck = $_POST['save-stuff'];
    if ($saveCheck == ‘on’) {
    setcookie(“WRCF-Name”, $_POST['req-name'], time()+60*60*24*365);
    setcookie(“WRCF-Phone”, $_POST['req-phone'], time()+60*60*24*365);
    setcookie(“WRCF-Email”, $_POST['req-email'], time()+60*60*24*365);

    }

    // PREPARE THE BODY OF THE MESSAGE

    $message = ‘‘;
    $message .= ‘

    ‘;
    $message .= “

    “;
    $message .= “

    “;
    $message .= “

    “;
    $message .= “

    “;
    $addURLS = $_POST['addURLS'];
    if (($addURLS) != ”) {
    $message .= “

    “;
    }
    $curText = htmlentities($_POST['curText']);
    if (($curText) != ”) {
    $message .= “

    “;
    }
    $message .= “

    “;
    $message .= “

    Name: ” . strip_tags($_POST['req-name']) . “
    Email: ” . strip_tags($_POST['req-email']) . “
    Position: ” . strip_tags($_POST['req-position']) . “
    Phone: ” . strip_tags($_POST['req-phone']) . “
    URL To Change (additional): ” . strip_tags($addURLS) . “
    CURRENT Content: ” . $curText . “
    NEW Content: ” . htmlentities($_POST['newText']) . “

    “;
    $message .= ““;

    // MAKE SURE THE “FROM” EMAIL ADDRESS DOESN’T HAVE ANY NASTY STUFF IN IT

    $pattern = “/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$/i”;
    if (preg_match($pattern, trim(strip_tags($_POST['req-email'])))) {
    $cleanedFrom = trim(strip_tags($_POST['req-email']));
    } else {
    return “The email address you entered was invalid. Please try again!”;
    }

    // CHANGE THE BELOW VARIABLES TO YOUR NEEDS

    $to = ‘feedback@northstar-ems.us’;

    $subject = ‘Feedback’;

    $headers = “From: ” . $cleanedFrom . “rn”;
    $headers .= “Reply-To: “. strip_tags($_POST['req-email']) . “rn”;
    $headers .= “MIME-Version: 1.0rn”;
    $headers .= “Content-Type: text/html; charset=ISO-8859-1rn”;

    if (mail($to, $subject, $message, $headers)) {
    echo ‘Your message has been sent.’;
    } else {
    echo ‘There was a problem sending the email.’;
    }

    // DON’T BOTHER CONTINUING TO THE HTML…
    die();

    }
    } else {

    if (!isset($_SESSION[$form.'_token'])) {

    } else {
    echo “Hack-Attempt detected. Got ya!.”;
    writeLog(‘Formtoken’);
    }

    }

    if($_POST['submit'] && is_numeric($_POST['input'])) {
    //process data…
    //then die or redirect otherwise the form below will be shown again
    }
    ?>

    < !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    < ![endif]-->







    < ?php get_footer(); ?>

    # August 28, 2009 at 2:45 am

    To clarify this post. I have edited this form a few times over the past month. I don’t expect a hand out, just someone who knows php to check and see if I combined something in the php which is preventing it from functioning correctly.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".