Grow your CSS skills. Land your dream job.

Form works – If or else statement !!!!!! IS NOT!

  • # September 2, 2009 at 6:42 pm

    Hello

    I having a bit of a issue with php, i have created this submission form, however some of the parts should have what if statements and i am not sure how to implement them into my jquery.

    here is the actual page.http://www.greatsoutherngroup.ca/contactform.php

    here is my php code. everything highlighted in that colour should be a part of the if or else statement. however only the first declaration worked so far(thats the name of the first if or else statement name)
    below you will find my jquery code attached

    1. How do i continue writing the function in jquery so that when i press yes on first question, one slides out and once i answered that question the other slides out. So on and so forth (one by one)

    2. what do i do when it comes to filling out the form the radio buttons don’t appear when i receive the email with text only the first part of the form. Please help

    Code:
    < ?php

    //error_reporting(E_ALL);
    //ini_set('display_errors', '1');

    session_start();

    if (isset($_REQUEST["superkillcache"])) {
    session_unset();
    }

    function getRealIp() {
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) { //check ip from share internet
    $ip=$_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { //to check ip is pass from proxy
    $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
    $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
    }

    function writeLog($where) {

    $ip = getRealIp(); // Get the IP from superglobal
    $host = gethostbyaddr($ip); // Try to locate the host of the attack
    $date = date("d M Y");

    // create a logging message with php heredoc syntax
    $logging = << n
    << Start of Message >>
    There was a hacking attempt on your form. n
    Date of Attack: {$date}
    IP-Adress: {$ip} n
    Host of Attacker: {$host}
    Point of Attack: {$where}
    < < End of Message >>
    LOG;
    // Awkward but LOG must be flush left

    // open log file
    if($handle = fopen(‘hacklog.log’, ‘a’)) {

    fputs($handle, $logging); // write the Data to file
    fclose($handle); // close the file

    } else { // if first method is not working, for example because of wrong file permissions, email the data

    $to = ”;
    $subject = ‘HACK ATTEMPT’;
    $header = ‘From: ‘;
    if (mail($to, $subject, $logging, $header)) {
    echo “Sent notice to admin.”;
    }

    }
    }

    function verifyFormToken($form) {

    // check if a session is started and a token is transmitted, if not return an error
    if(!isset($_SESSION[$form.'_token'])) {
    return false;
    }

    // check if the form is sent with token in it
    if(!isset($_POST['token'])) {
    return false;
    }

    // compare the tokens against each other if they are still the same
    if ($_SESSION[$form.'_token'] !== $_POST['token']) {
    return false;
    }

    return true;
    }

    function generateFormToken($form) {

    // generate a token from an unique value, took from microtime, you can also use salt-values, other crypting methods…
    $token = md5(uniqid(microtime(), true));

    // Write the generated token to the session variable to check it against the hidden field when the form is sent
    $_SESSION[$form.'_token'] = $token;

    return $token;
    }

    // INIT
    $form = ‘form1′;
    $checkWhiteList = false;

    // CHECK IF FORM HAS BEEN SUBMITTED
    if (isset($_POST['token'])) {

    // FORM SUBMITTED, VERIFY LEGITIMACY OF TOKEN
    if (verifyFormToken($form)) {

    // Building a whitelist array with keys which will send through the form, no others would be accepted later on
    if ($checkWhiteList) {
    $whitelist = array(‘token’,’req-name’,’req-birth’,’req-address’,’req-address-2′,’req-phonenumber’,’req-emailad’,’req-dest’,’req-size’,’adults’,’Child’,’infant’,’req-pref’,’req-date’,’req-dep’,’req-return’,’addURLS’,’mult’,’newText’,’save-stuff’,’declaration’,’declaration4′,’declaration5′,’declaration6′,’declaration7′,’declaration8′,’declaration9′,’declaration10′,’declaration11′,’declaration12′,’declaration13′,’declaration14′,’declaration15′,’declaration16′,’declaration17′,’declaration18′,’declaration19′,’declaration20′,’declaration21′,’declaration22′,’declaration23′,’declaration24′,’declaration25′,’declaration26′,’declaration27′);

    // Building an array with the $_POST-superglobal
    foreach ($_POST as $key=>$item) {

    // Check if the value $key (fieldname from $_POST) can be found in the whitelisting array, if not, die with a short message to the hacker
    if (!in_array($key, $whitelist)) {

    writeLog(‘Unknown form fields’);
    die(“Hack-Attempt detected. Please use only the fields in the form”);

    }
    }
    }

    // Lets check the URL whether it’s a real URL or not. if not, stop the script
    /*
    if(!filter_var($_POST['URL-main'],FILTER_VALIDATE_URL)) {
    writeLog(‘URL Validation’);
    die(‘Hack-Attempt detected. Please insert a valid URL’);
    }
    */

    // SAVE INFO AS COOKIE, if user wants name and email saved

    $saveCheck = (!isset($_POST['save-stuff'])) ? ‘off’ : $_POST['save-stuff'];
    if ($saveCheck == ‘on’) {
    setcookie(“WRCF-Name”, $_POST['req-name'], time()+60*60*24*365);
    setcookie(“WRCF-Email”, $_POST['req-email'], time()+60*60*24*365);
    }

    // PREPARE THE BODY OF THE MESSAGE

    $message = ‘‘;

    $message .= ‘

    ‘;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    //$message .= “

    “;

    $message .= “

    “;

    $addURLS = $_POST['addURLS'];
    if (($addURLS) != ”) {
    $message .= “

    “;
    }

    $message .= “

    “;
    $message .= “

    Applicants Name: ” . strip_tags($_POST['req-name']) . “
    Date of Birth: ” . strip_tags($_POST['req-birth']) . “
    Adress: ” . strip_tags($_POST['req-adress']) . “
    Adress: ” . strip_tags($_POST['req-adress-2']) . “
    Phone Number: ” . strip_tags($_POST['req-phonenumber']) . “
    Email Address: ” . strip_tags($_POST['req-emailad']) . “
    Departure Date: ” . strip_tags($_POST['req-dep']) . “
    Return Date: ” . strip_tags($_POST['req-return']) . “
    Destination: ” . strip_tags($_POST['req-dest']) . “
    Type of Change: ” . strip_tags($_POST['typeOfChange']) . “
    Departure Date: ” . strip_tags($_POST['req-dep']) . “
    URL To Change (additional): ” . strip_tags($addURLS) . “
    Comment: ” . htmlentities($_POST['newText']) . “

    “;
    $message .= ““;

    // MAKE SURE THE “FROM” EMAIL ADDRESS DOESN’T HAVE ANY NASTY STUFF IN IT
    /* From address not being used anywhere so no reason to check it

    $pattern = “/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$/i”;
    if (preg_match($pattern, trim(strip_tags($_POST['req-email'])))) {
    $cleanedFrom = trim(strip_tags($_POST['req-email']));
    } else {
    return “The email address you entered was invalid. Please try again!”;
    }
    */

    // CHANGE THE BELOW VARIABLES TO YOUR NEEDS

    //$to = ”;
    $to = ”;

    $subject = ‘Group Travel Quote Form’;

    $headers = “From: rn”;
    //$headers .= “Reply-To: “. strip_tags($_POST['req-email']) . “rn”;
    $headers .= “MIME-Version: 1.0rn”;
    $headers .= “Content-Type: text/html; charset=ISO-8859-1rn”;

    if (mail($to, $subject, $message, $headers)) {
    echo ‘Your message has been sent.’;
    } else {
    echo ‘There was a problem sending the email.’;
    }

    // DON’T BOTHER CONTINUING TO THE HTML…
    unset($_SESSION[$form.'_token']);
    //die();

    } else {

    if (!isset($_SESSION[$form.'_token'])) {

    } else {
    echo “Hack-Attempt detected. Got ya!.”;
    writeLog(‘Formtoken’);
    }

    }
    } else {
    //echo “Not yet submitted”;
    }

    ?>

    < !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">




    < ?php
    // generate a new token for the $_SESSION superglobal and put them in a hidden field
    $newToken = generateFormToken($form);
    ?>

    Travel Insurance Quote Request

    1-877-485-2085

     


    value="" />

    value="" />

    value="" />






     

    Declaration – You declare that the information you will provide in this questionnaire is truthful, complete and accurate.
    If you misrepresent your medical status in this questionnaire or don’t disclose material information about your medical status,your coverage will be null and void.

    [b]


Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".