Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End help with php form email tutorial from css-tricks Re: help with php form email tutorial from css-tricks

#92324
phendyr
Member


session_start();

function getRealIp() {
if (!empty($_SERVER)) { //check ip from share internet
$ip=$_SERVER;
} elseif (!empty($_SERVER)) { //to check ip is pass from proxy
$ip=$_SERVER;
} else {
$ip=$_SERVER;
}
return $ip;
}

function writeLog($where) {

$ip = getRealIp(); // Get the IP from superglobal
$host = gethostbyaddr($ip); // Try to locate the host of the attack
$date = date("d M Y");

// create a logging message with php heredoc syntax
$logging = << n
<< Start of Message >>
There was a hacking attempt on your form. n
Date of Attack: {$date}
IP-Adress: {$ip} n
Host of Attacker: {$host}
Point of Attack: {$where}
<< End of Message >>
LOG;
// Awkward but LOG must be flush left

// open log file
if($handle = fopen('hacklog.log', 'a')) {

fputs($handle, $logging); // write the Data to file
fclose($handle); // close the file

} else { // if first method is not working, for example because of wrong file permissions, email the data

$to = '[email protected]';
$subject = 'HACK ATTEMPT';
$header = 'From: [email protected]';
if (mail($to, $subject, $logging, $header)) {
echo "Sent notice to admin.";
}

}
}

function verifyFormToken($form) {

// check if a session is started and a token is transmitted, if not return an error
if(!isset($_SESSION[$form.'_token'])) {
return false;
}

// check if the form is sent with token in it
if(!isset($_POST)) {
return false;
}

// compare the tokens against each other if they are still the same
if ($_SESSION[$form.'_token'] !== $_POST) {
return false;
}

return true;
}

function generateFormToken($form) {

// generate a token from an unique value, took from microtime, you can also use salt-values, other crypting methods...
$token = md5(uniqid(microtime(), true));

// Write the generated token to the session variable to check it against the hidden field when the form is sent
$_SESSION[$form.'_token'] = $token;

return $token;
}

// VERIFY LEGITIMACY OF TOKEN
if (verifyFormToken('form1')) {

// CHECK TO SEE IF THIS IS A MAIL POST
if (isset($_POST)) {

// Building a whitelist array with keys which will send through the form, no others would be accepted later on
$whitelist = array('token','req-name','req-company','req-email','phone','domino','hitachi','vldeo','markemimaje','diagraph','otherequipment','thermal','hotstamps','labels','inkjet','othercoding','upgrade','othervalues','codequality','price','integration','postsales','interest');

// Building an array with the $_POST-superglobal
foreach ($_POST as $key=>$item) {

// Check if the value $key (fieldname from $_POST) can be found in the whitelisting array, if not, die with a short message to the hacker
if (!in_array($key, $whitelist)) {

writeLog('Unknown form fields');
die("Hack-Attempt detected. Please use only the fields in the form");

}
}

// PREPARE THE BODY OF THE MESSAGE

$message = '';
$message .= '

dominovseries.com Contest Submission

';
$message .= '';
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "";
$message .= "
Contact Information
Name: " . strip_tags($_POST) . "
Company: " . strip_tags($_POST) . "
Email: " . strip_tags($_POST) . "
Phone: " . strip_tags($_POST) . "
Survey Feedback
Equipment Supplier: " . strip_tags($_POST) . "
" . strip_tags($_POST) . "
" . strip_tags($_POST) . "
" . strip_tags($_POST) . "
" . strip_tags($_POST) . "
Other Equipment Suppliers: " . strip_tags($_POST) . "
Coding Method: " . strip_tags($_POST) . "
" . strip_tags($_POST) . "
" . strip_tags($_POST) . "
" . strip_tags($_POST) . "
Other Coding Methods: " . strip_tags($_POST) . "
Plans to Upgrade: " . strip_tags($_POST) . "
Values in a Supplier: " . strip_tags($_POST) . "
" . strip_tags($_POST) . "
" . strip_tags($_POST) . "
" . strip_tags($_POST) . "
Other Values in a Supplier: " . strip_tags($_POST) . "
Interested in Contact: " . strip_tags($_POST) . "
";
$message .= "";

// CHANGE THE BELOW VARIABLES TO YOUR NEEDS

$to = '[email protected]';

$subject = 'Contest Form Submission';

$headers = "From: " . $cleanedFrom . "rn";
$headers .= "Reply-To: ". strip_tags($_POST) . "rn";
$headers .= "MIME-Version: 1.0rn";
$headers .= "Content-Type: text/html; charset=ISO-8859-1rn";

if (mail($to, $subject, $message, $headers)) {
echo 'Your message has been sent.';
} else {
echo 'There was a problem sending the email.';
}

// DON'T BOTHER CONTINUING TO THE HTML...
die();

}
} else {

if (!isset($_SESSION[$form.'_token'])) {

} else {
echo "Hack-Attempt detected. Got ya!.";
writeLog('Formtoken');
}

}

?>