Grow your CSS skills. Land your dream job.

Submission Form_ NEED ASSISTANCE! ASAP

  • # August 25, 2009 at 9:36 pm

    Hello

    I created this site http://www.leadertours.ca and the client wanted me to create a submission form and paste into the existing contact form. I used the tutorial from css-tricks # 62, and changed and removed a fews things.

    1. I had the existing contact.html which I re-saved as a php and added a code <?php include(‘contactform.php’); ?>
    to included the php form that i changed from the downloaded files from css-tricks # 62.

    2. I posted to see if it works it doesn’t so i placed it online http://www.leadertours.ca/contact.php.

    3rd Problem is that I have i dont know where to put the js stuff into re-saved contact.html to php. What do I do with that.
    So the stylized, and the validation is included. I have no clue how to go about it.

    Please help, this client needs by this weekend I already emailed Chris but I though to take two measures to fix this issue.
    And I tried to figure it out on my own.

    Please find the

    Code: contactform.php attached which is the one i re-named (from the downloaded files from css tricks)

    Code:
    < ?php

    session_start();

    function getRealIp() {
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) { //check ip from share internet
    $ip=$_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { //to check ip is pass from proxy
    $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
    $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
    }

    function writeLog($where) {

    $ip = getRealIp(); // Get the IP from superglobal
    $host = gethostbyaddr($ip); // Try to locate the host of the attack
    $date = date("d M Y");

    // create a logging message with php heredoc syntax
    $logging = << n
    << Start of Message >>
    There was a hacking attempt on your form. n
    Date of Attack: {$date}
    IP-Adress: {$ip} n
    Host of Attacker: {$host}
    Point of Attack: {$where}
    < < End of Message >>
    LOG;
    // Awkward but LOG must be flush left

    // open log file
    if($handle = fopen(‘hacklog.log’, ‘a’)) {

    fputs($handle, $logging); // write the Data to file
    fclose($handle); // close the file

    } else { // if first method is not working, for example because of wrong file permissions, email the data

    $to = ‘ADMIN@gmail.com’;
    $subject = ‘HACK ATTEMPT’;
    $header = ‘From: ADMIN@gmail.com‘;
    if (mail($to, $subject, $logging, $header)) {
    echo “Sent notice to admin.”;
    }

    }
    }

    function verifyFormToken($form) {

    // check if a session is started and a token is transmitted, if not return an error
    if(!isset($_SESSION[$form.'_token'])) {
    return false;
    }

    // check if the form is sent with token in it
    if(!isset($_POST['token'])) {
    return false;
    }

    // compare the tokens against each other if they are still the same
    if ($_SESSION[$form.'_token'] !== $_POST['token']) {
    return false;
    }

    return true;
    }

    function generateFormToken($form) {

    // generate a token from an unique value, took from microtime, you can also use salt-values, other crypting methods…
    $token = md5(uniqid(microtime(), true));

    // Write the generated token to the session variable to check it against the hidden field when the form is sent
    $_SESSION[$form.'_token'] = $token;

    return $token;
    }

    // VERIFY LEGITIMACY OF TOKEN
    if (verifyFormToken(‘form1′)) {

    // CHECK TO SEE IF THIS IS A MAIL POST
    if (isset($_POST['URL-main'])) {

    // Building a whitelist array with keys which will send through the form, no others would be accepted later on
    $whitelist = array(‘token’,’req-name’,’req-email’,’typeOfChange’,’urgency’,’URL-main’,’addURLS’, ‘curText’, ‘newText’, ‘save-stuff’, ‘mult’);

    // Building an array with the $_POST-superglobal
    foreach ($_POST as $key=>$item) {

    // Check if the value $key (fieldname from $_POST) can be found in the whitelisting array, if not, die with a short message to the hacker
    if (!in_array($key, $whitelist)) {

    writeLog(‘Unknown form fields’);
    die(“Hack-Attempt detected. Please use only the fields in the form”);

    }
    }

    // Lets check the URL whether it’s a real URL or not. if not, stop the script

    if(!filter_var($_POST['URL-main'],FILTER_VALIDATE_URL)) {
    writeLog(‘URL Validation’);
    die(‘Hack-Attempt detected. Please insert a valid URL’);
    }

    // SAVE INFO AS COOKIE, if user wants name and email saved

    $saveCheck = $_POST['save-stuff'];
    if ($saveCheck == ‘on’) {
    setcookie(“WRCF-Name”, $_POST['req-name'], time()+60*60*24*365);
    setcookie(“WRCF-Email”, $_POST['req-email'], time()+60*60*24*365);
    }

    // PREPARE THE BODY OF THE MESSAGE

    $message = ‘‘;

    $message .= ‘

    ‘;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $message .= “

    “;

    $addURLS = $_POST['addURLS'];
    if (($addURLS) != ”) {
    $message .= “

    “;
    }
    $curText = htmlentities($_POST['curText']);
    if (($curText) != ”) {
    $message .= “

    “;
    }
    $message .= “

    “;
    $message .= “

    Your Full Name: ” . strip_tags($_POST['req-name']) . “
    Group Name: ” . strip_tags($_POST['req-groupname']) . “
    Adress: ” . strip_tags($_POST['req-adress']) . “
    Adress: ” . strip_tags($_POST['req-adress']) . “
    City: ” . strip_tags($_POST['req-city']) . “
    Country: ” . strip_tags($_POST['req-country']) . “
    Home Phone: ” . strip_tags($_POST['req-homephone']) . “
    Business Phone: ” . strip_tags($_POST['req-businessphone']) . “
    Your email: ” . strip_tags($_POST['req-email']) . “
    Trip Information: ” . strip_tags($_POST['req-trip']) . “
    Proposed Group Size: ” . strip_tags($_POST['req-size']) . “
    Type of Change: ” . strip_tags($_POST['typeOfChange']) . “
    Preferred Departure City: ” . strip_tags($_POST['req-pref']) . “
    Proposed Travel Dates: ” . strip_tags($_POST['req-date']) . “
    Destination: ” . strip_tags($_POST['req-dest']) . “
    Departure Date: ” . strip_tags($_POST['req-dep']) . “
    Are you attending?: ” . strip_tags($_POST['attending']) . “
    Do you need?: ” . strip_tags($_POST['need']) . “
    URL To Change (main): ” . $_POST['URL-main'] . “
    URL To Change (additional): ” . strip_tags($addURLS) . “
    CURRENT Content: ” . $curText . “
    NEW Content: ” . htmlentities($_POST['newText']) . “

    “;
    $message .= ““;

    // MAKE SURE THE “FROM” EMAIL ADDRESS DOESN’T HAVE ANY NASTY STUFF IN IT

    $pattern = “/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$/i”;
    if (preg_match($pattern, trim(strip_tags($_POST['req-email'])))) {
    $cleanedFrom = trim(strip_tags($_POST['req-email']));
    } else {
    return “The email address you entered was invalid. Please try again!”;
    }

    // CHANGE THE BELOW VARIABLES TO YOUR NEEDS

    $to = ‘rachellambo@gmail.com’;

    $subject = ‘Group Travel Quote Form’;

    $headers = “From: ‘rachellambo@gmail.com’ ;
    $headers .= “Reply-To: “. strip_tags($_POST['req-email']) . “rn”;
    $headers .= “MIME-Version: 1.0rn”;
    $headers .= “Content-Type: text/html; charset=ISO-8859-1rn”;

    if (mail($to, $subject, $message, $headers)) {
    echo ‘Your message has been sent.’;
    } else {
    echo ‘There was a problem sending the email.’;
    }

    // DON’T BOTHER CONTINUING TO THE HTML…
    die();

    }
    } else {

    if (!isset($_SESSION[$form.'_token'])) {

    } else {
    echo “Hack-Attempt detected. Got ya!.”;
    writeLog(‘Formtoken’);
    }

    }

    ?>

    < !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">




    < ?php
    // generate a new token for the $_SESSION superglobal and put them in a hidden field
    $newToken = generateFormToken('form1');
    ?>

    Group Travel Quote Form


    value="” />

    value="” />

    value="” />

    ” />

    ” />

    ” />

    ” />

    ” />

    ” />

    ” />

    ” />





    ” />


    ” />

    ” />

    ” />

    ” />






    Contact.php (which is the one that used to be html which I re-saved)

    Code:


    Contact Leader Tours

    Leader Tours by Downunder Travel

    We are the LEADERS in GROUP TRAVEL!

    Tour Packages, Airfare, Accommodation, Tours, Sightseeing, whatever you need, we have the travel options available to suit your needs and budget. We are able to organize and personalize your Group Travel!

    Local destination knowledge and itinerary planning can really make a difference between an ordinary holiday and a fantastic holiday!

    [color=#FF0000][b]< ?php include('contactform.php'); ?>
    [/b][/color]

    Our experienced and knowledgeable Group Travel Specialist Agents are able to assist you and enhance your holiday experience to the absolute maximum!

    Call today and discuss your Group Travel Plans.

    1-888-485-6589

    EMAIL US – where you would like to travel on a GROUP Tour, we will see
    what can be arranged.

    Leader Tours Logo dth="195" height="72"/>

    CONTACT US

    Leader Tours by Downunder Travel
    Lower Level, 121 14 th Street
    Calgary, Alberta
    Canada, T2N 1Z6

    Phone: 1-888-485-6589
    Email: enquired@leadertours.ca

    Scotland

    Rio de Janeiro

    JS stuff I left the same.

    Please help me and tell me what is wrong!

    THANKS IN ADVANCE!!

    RACHEL

    # August 26, 2009 at 6:41 am

    Firstly, go to you contact us php file which is online, view the page source… Its missing loads compared to the code that you pasted here.
    Secondly what is this,

    Code:
    [color=#FF0000][b]< ?php include('contactform.php'); ?>
    [/b][/color]

    Should it not just be

    Code:
    < ?php include('contactform.php'); ?>

    Also, i might be wrong but i am sure that these bits of code,

    Code:

    should be inside the <head> tags, not outside.

    # August 26, 2009 at 11:44 pm

    hello, thanks so much

    so i tried to put the site back up , but the same things is happening with it again, it stops showing code past this code

    <?php include(‘contactform.php’); ?> i just move lower. So something lies with the php contact form. What about my validation and js query code? What am I doing wrong? Is there another submission I can create that will work simple and effectively?

    Here is the site again. http://www.leadertours.ca/contact.php and the problem is that my contactform.php which included in the contact.php is not showing up? What do I do? Please help.

    Code:


    Contact Leader Tours

    Leader Tours by Downunder Travel

    We are the LEADERS in GROUP TRAVEL!

    Tour Packages, Airfare, Accommodation, Tours, Sightseeing, whatever you need, we have the travel options available to suit your needs and budget. We are able to organize and personalize your Group Travel!

    Local destination knowledge and itinerary planning can really make a difference between an ordinary holiday and a fantastic holiday!

    Our experienced and knowledgeable Group Travel Specialist Agents are able to assist you and enhance your holiday experience to the absolute maximum!

    Call today and discuss your Group Travel Plans.

    1-888-485-6589

    EMAIL US – where you would like to travel on a GROUP Tour, we will see
    what can be arranged.

    Leader Tours Logo dth="195" height="72"/>

    CONTACT US

    Leader Tours by Downunder Travel
    Lower Level, 121 14 th Street
    Calgary, Alberta
    Canada, T2N 1Z6

    Phone: 1-888-485-6589
    Email: enquired@leadertours.ca

    Scotland

    Rio de Janeiro

    [b]the php ( include contact form should be here) but its not and the page code cuts off, because I have end page wrap, end body and it cuts off???)[/b]

    Rob
    # August 27, 2009 at 4:22 am

    Looks like you didnt close your " :D

    $headers = "From: ‘rachellambo@gmail.com‘ ;

    should be

    $headers = "From: ‘rachellambo@gmail.com‘ ";

    see if that helps :)

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".