Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Contact Form

  • This topic is empty.
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • August 19, 2011 at 2:35 pm #33979
    Historical Forums User
    Participant

    So I’m trying to use Chris’ contact form so I can beautify my emails when someone sends me an email through my contact form. However I just can’t get it work! I tried turning off javascript to see if it is the javascript when it’s being sent ajax. However it’s saying it’s being sent but I’m not getting an email. Can someone mind to look at my code to see what I could possibly be doing wrong?

    PHP


    


    
session_start();
    

    
function getRealIp() {
    
if (!empty($_SERVER)) {  //check ip from share internet
    
$ip=$_SERVER;
    
} elseif (!empty($_SERVER)) {  //to check ip is pass from proxy
    
$ip=$_SERVER;
    
} else {
    
$ip=$_SERVER;
    
}
    
return $ip;
    
}
    

    
function writeLog($where) {
    

    
$ip = getRealIp(); // Get the IP from superglobal
    
$host = gethostbyaddr($ip);    // Try to locate the host of the attack
    
$date = date("d M Y");
    

    
// create a logging message with php heredoc syntax
    
$logging = <<
n
    
<< Start of Message >>
    
There was a hacking attempt on your form. n
    
Date of Attack: {$date}
    
IP-Adress: {$ip} n
    
Host of Attacker: {$host}
    
Point of Attack: {$where}
    
<< End of Message >>
    
LOG;
    
// Awkward but LOG must be flush left
    

    
// open log file
    
if($handle = fopen('hacklog.log', 'a')) {
    

    
fputs($handle, $logging);  // write the Data to file
    
fclose($handle);           // close the file
    

    
} else {  // if first method is not working, for example because of wrong file permissions, email the data
    

    
$to = '[email protected]';
    
$subject = 'HACK ATTEMPT';
    
$header = 'From: [email protected]';
    
if (mail($to, $subject, $logging, $header)) {
    
echo "Sent notice to admin.";
    
}
    

    
}
    
}
    

    
function verifyFormToken($form) {
    

    
// check if a session is started and a token is transmitted, if not return an error
    
if(!isset($_SESSION[$form.'_token'])) {
    
return false;
    
}
    

    
// check if the form is sent with token in it
    
if(!isset($_POST)) {
    
return false;
    
}
    

    
// compare the tokens against each other if they are still the same
    
if ($_SESSION[$form.'_token'] !== $_POST) {
    
return false;
    
}
    

    
return true;
    
}
    

    
function generateFormToken($form) {
    

    
// generate a token from an unique value, took from microtime, you can also use salt-values, other crypting methods...
    
$token = md5(uniqid(microtime(), true));
    

    
// Write the generated token to the session variable to check it against the hidden field when the form is sent
    
$_SESSION[$form.'_token'] = $token;
    

    
return $token;
    
}
    

    
// VERIFY LEGITIMACY OF TOKEN
    
if (verifyFormToken('form1')) {
    

    
// Building a whitelist array with keys which will send through the form, no others would be accepted later on
    
$whitelist = array('token','name','phone','email','company','message');
    

    
// Building an array with the $_POST-superglobal
    
foreach ($_POST as $key=>$item) {
    

    
// Check if the value $key (fieldname from $_POST) can be found in the whitelisting array, if not, die with a short message to the hacker
    
if (!in_array($key, $whitelist)) {
    

    
writeLog('Unknown form fields');
    
die("Hack-Attempt detected. Please use only the fields in the form");
    

    
}
    
}
    
// PREPARE THE BODY OF THE MESSAGE
    
$message = '';
    
$message .= '';
    
$message .= "";
    
$message .= "";
    
$message .= "";
    
$message .=	"";
    
$message .= "";
    
$message .= "
    Name: " . strip_tags($_POST) . "
    Email: " . strip_tags($_POST) . "
    Phone: " . strip_tags($_POST) . "
    Company: " . strip_tags($_POST) . "
    Message: " . strip_tags($_POST) . "
    ";
    
$message .= "";
    

    
//  MAKE SURE THE "FROM" EMAIL ADDRESS DOESN'T HAVE ANY NASTY STUFF IN IT
    

    
$pattern = "/^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$/i";
    
if (preg_match($pattern, trim(strip_tags($_POST)))) {
    
$cleanedFrom = trim(strip_tags($_POST));
    
} else {
    
return "The email address you entered was invalid. Please try again!";
    
}
    

    
//   CHANGE THE BELOW VARIABLES TO YOUR NEEDS
    
$to = '[email protected]';
    
$subject = 'Website Contact!';
    
$headers = "From: " . $cleanedFrom . "rn";
    
$headers .= "Reply-To: ". strip_tags($_POST) . "rn";
    
$headers .= "MIME-Version: 1.0rn";
    
$headers .= "Content-Type: text/html; charset=ISO-8859-1rn";
    

    
if (mail($to, $subject, $message, $headers)) {
    
echo 'Your message has been sent.';
    
} else {
    
echo 'There was a problem sending the email.';
    
}
    

    
// DON'T BOTHER CONTINUING TO THE HTML...
    
die();
    

    
} else {
    

    
if (!isset($_SESSION[$form.'_token'])) {
    

    
} else {
    
echo "Hack-Attempt detected. Got ya!.";
    
writeLog('Formtoken');
    
}
    

    
}
    

    
?>

    HTML Form

    I appreciate your guidance!!

    August 19, 2011 at 3:18 pm #85269
    wolfcry911
    Participant

    Is this local? If so, does your server support and have enabled SMTP?

    August 19, 2011 at 3:22 pm #85270
    jamygolden
    Member

    Have you had a look at Wufoo before?

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • The forum ‘Back End’ is closed to new topics and replies.