Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Contact Form

  • This topic is empty.
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #33979
    Adman
    Participant

    So I’m trying to use Chris’ contact form so I can beautify my emails when someone sends me an email through my contact form. However I just can’t get it work! I tried turning off javascript to see if it is the javascript when it’s being sent ajax. However it’s saying it’s being sent but I’m not getting an email. Can someone mind to look at my code to see what I could possibly be doing wrong?

    PHP



    session_start();

    function getRealIp() {
    if (!empty($_SERVER)) { //check ip from share internet
    $ip=$_SERVER;
    } elseif (!empty($_SERVER)) { //to check ip is pass from proxy
    $ip=$_SERVER;
    } else {
    $ip=$_SERVER;
    }
    return $ip;
    }

    function writeLog($where) {

    $ip = getRealIp(); // Get the IP from superglobal
    $host = gethostbyaddr($ip); // Try to locate the host of the attack
    $date = date("d M Y");

    // create a logging message with php heredoc syntax
    $logging = << n
    << Start of Message >>
    There was a hacking attempt on your form. n
    Date of Attack: {$date}
    IP-Adress: {$ip} n
    Host of Attacker: {$host}
    Point of Attack: {$where}
    << End of Message >>
    LOG;
    // Awkward but LOG must be flush left

    // open log file
    if($handle = fopen('hacklog.log', 'a')) {

    fputs($handle, $logging); // write the Data to file
    fclose($handle); // close the file

    } else { // if first method is not working, for example because of wrong file permissions, email the data

    $to = '[email protected]';
    $subject = 'HACK ATTEMPT';
    $header = 'From: [email protected]';
    if (mail($to, $subject, $logging, $header)) {
    echo "Sent notice to admin.";
    }

    }
    }

    function verifyFormToken($form) {

    // check if a session is started and a token is transmitted, if not return an error
    if(!isset($_SESSION[$form.'_token'])) {
    return false;
    }

    // check if the form is sent with token in it
    if(!isset($_POST)) {
    return false;
    }

    // compare the tokens against each other if they are still the same
    if ($_SESSION[$form.'_token'] !== $_POST) {
    return false;
    }

    return true;
    }

    function generateFormToken($form) {

    // generate a token from an unique value, took from microtime, you can also use salt-values, other crypting methods...
    $token = md5(uniqid(microtime(), true));

    // Write the generated token to the session variable to check it against the hidden field when the form is sent
    $_SESSION[$form.'_token'] = $token;

    return $token;
    }

    // VERIFY LEGITIMACY OF TOKEN
    if (verifyFormToken('form1')) {

    // Building a whitelist array with keys which will send through the form, no others would be accepted later on
    $whitelist = array('token','name','phone','email','company','message');

    // Building an array with the $_POST-superglobal
    foreach ($_POST as $key=>$item) {

    // Check if the value $key (fieldname from $_POST) can be found in the whitelisting array, if not, die with a short message to the hacker
    if (!in_array($key, $whitelist)) {

    writeLog('Unknown form fields');
    die("Hack-Attempt detected. Please use only the fields in the form");

    }
    }
    // PREPARE THE BODY OF THE MESSAGE
    $message = '';
    $message .= '';
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "
    Name: " . strip_tags($_POST) . "
    Email: " . strip_tags($_POST) . "
    Phone: " . strip_tags($_POST) . "
    Company: " . strip_tags($_POST) . "
    Message: " . strip_tags($_POST) . "
    ";
    $message .= " ";

    // MAKE SURE THE "FROM" EMAIL ADDRESS DOESN'T HAVE ANY NASTY STUFF IN IT

    $pattern = "/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$/i";
    if (preg_match($pattern, trim(strip_tags($_POST)))) {
    $cleanedFrom = trim(strip_tags($_POST));
    } else {
    return "The email address you entered was invalid. Please try again!";
    }

    // CHANGE THE BELOW VARIABLES TO YOUR NEEDS
    $to = '[email protected]';
    $subject = 'Website Contact!';
    $headers = "From: " . $cleanedFrom . "rn";
    $headers .= "Reply-To: ". strip_tags($_POST) . "rn";
    $headers .= "MIME-Version: 1.0rn";
    $headers .= "Content-Type: text/html; charset=ISO-8859-1rn";

    if (mail($to, $subject, $message, $headers)) {
    echo 'Your message has been sent.';
    } else {
    echo 'There was a problem sending the email.';
    }

    // DON'T BOTHER CONTINUING TO THE HTML...
    die();

    } else {

    if (!isset($_SESSION[$form.'_token'])) {

    } else {
    echo "Hack-Attempt detected. Got ya!.";
    writeLog('Formtoken');
    }

    }

    ?>

    HTML Form



































    I appreciate your guidance!!

    #85269
    wolfcry911
    Participant

    Is this local? If so, does your server support and have enabled SMTP?

    #85270
    jamygolden
    Moderator

    Have you had a look at Wufoo before?

Viewing 3 posts - 1 through 3 (of 3 total)
  • The forum ‘Back End’ is closed to new topics and replies.