Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End help with php form email tutorial from css-tricks

  • This topic is empty.
Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #35553
    phendyr
    Member

    Hey all,
    I appreciate anyone’s ability to help point me in the right direction. I’ve tried modifying the form created at the tutorial for sending html emails with php, and have hit a bit of a hiccup.

    my dev page is here

    Upon submission of the form, I’m getting the ‘Hack-Attempt detected’ error message. I’ve combed through my field names and don’t see anything missing or mis-spelled. If someone would be able to point me in the right direction as to what is wrong in my code, I would really appreciate it.

    #92324
    phendyr
    Member


    session_start();

    function getRealIp() {
    if (!empty($_SERVER)) { //check ip from share internet
    $ip=$_SERVER;
    } elseif (!empty($_SERVER)) { //to check ip is pass from proxy
    $ip=$_SERVER;
    } else {
    $ip=$_SERVER;
    }
    return $ip;
    }

    function writeLog($where) {

    $ip = getRealIp(); // Get the IP from superglobal
    $host = gethostbyaddr($ip); // Try to locate the host of the attack
    $date = date("d M Y");

    // create a logging message with php heredoc syntax
    $logging = << n
    << Start of Message >>
    There was a hacking attempt on your form. n
    Date of Attack: {$date}
    IP-Adress: {$ip} n
    Host of Attacker: {$host}
    Point of Attack: {$where}
    << End of Message >>
    LOG;
    // Awkward but LOG must be flush left

    // open log file
    if($handle = fopen('hacklog.log', 'a')) {

    fputs($handle, $logging); // write the Data to file
    fclose($handle); // close the file

    } else { // if first method is not working, for example because of wrong file permissions, email the data

    $to = '[email protected]';
    $subject = 'HACK ATTEMPT';
    $header = 'From: [email protected]';
    if (mail($to, $subject, $logging, $header)) {
    echo "Sent notice to admin.";
    }

    }
    }

    function verifyFormToken($form) {

    // check if a session is started and a token is transmitted, if not return an error
    if(!isset($_SESSION[$form.'_token'])) {
    return false;
    }

    // check if the form is sent with token in it
    if(!isset($_POST)) {
    return false;
    }

    // compare the tokens against each other if they are still the same
    if ($_SESSION[$form.'_token'] !== $_POST) {
    return false;
    }

    return true;
    }

    function generateFormToken($form) {

    // generate a token from an unique value, took from microtime, you can also use salt-values, other crypting methods...
    $token = md5(uniqid(microtime(), true));

    // Write the generated token to the session variable to check it against the hidden field when the form is sent
    $_SESSION[$form.'_token'] = $token;

    return $token;
    }

    // VERIFY LEGITIMACY OF TOKEN
    if (verifyFormToken('form1')) {

    // CHECK TO SEE IF THIS IS A MAIL POST
    if (isset($_POST)) {

    // Building a whitelist array with keys which will send through the form, no others would be accepted later on
    $whitelist = array('token','req-name','req-company','req-email','phone','domino','hitachi','vldeo','markemimaje','diagraph','otherequipment','thermal','hotstamps','labels','inkjet','othercoding','upgrade','othervalues','codequality','price','integration','postsales','interest');

    // Building an array with the $_POST-superglobal
    foreach ($_POST as $key=>$item) {

    // Check if the value $key (fieldname from $_POST) can be found in the whitelisting array, if not, die with a short message to the hacker
    if (!in_array($key, $whitelist)) {

    writeLog('Unknown form fields');
    die("Hack-Attempt detected. Please use only the fields in the form");

    }
    }

    // PREPARE THE BODY OF THE MESSAGE

    $message = '';
    $message .= '

    dominovseries.com Contest Submission

    ';
    $message .= '';
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "";
    $message .= "
    Contact Information
    Name: " . strip_tags($_POST) . "
    Company: " . strip_tags($_POST) . "
    Email: " . strip_tags($_POST) . "
    Phone: " . strip_tags($_POST) . "
    Survey Feedback
    Equipment Supplier: " . strip_tags($_POST) . "
    " . strip_tags($_POST) . "
    " . strip_tags($_POST) . "
    " . strip_tags($_POST) . "
    " . strip_tags($_POST) . "
    Other Equipment Suppliers: " . strip_tags($_POST) . "
    Coding Method: " . strip_tags($_POST) . "
    " . strip_tags($_POST) . "
    " . strip_tags($_POST) . "
    " . strip_tags($_POST) . "
    Other Coding Methods: " . strip_tags($_POST) . "
    Plans to Upgrade: " . strip_tags($_POST) . "
    Values in a Supplier: " . strip_tags($_POST) . "
    " . strip_tags($_POST) . "
    " . strip_tags($_POST) . "
    " . strip_tags($_POST) . "
    Other Values in a Supplier: " . strip_tags($_POST) . "
    Interested in Contact: " . strip_tags($_POST) . "
    ";
    $message .= "";

    // CHANGE THE BELOW VARIABLES TO YOUR NEEDS

    $to = '[email protected]';

    $subject = 'Contest Form Submission';

    $headers = "From: " . $cleanedFrom . "rn";
    $headers .= "Reply-To: ". strip_tags($_POST) . "rn";
    $headers .= "MIME-Version: 1.0rn";
    $headers .= "Content-Type: text/html; charset=ISO-8859-1rn";

    if (mail($to, $subject, $message, $headers)) {
    echo 'Your message has been sent.';
    } else {
    echo 'There was a problem sending the email.';
    }

    // DON'T BOTHER CONTINUING TO THE HTML...
    die();

    }
    } else {

    if (!isset($_SESSION[$form.'_token'])) {

    } else {
    echo "Hack-Attempt detected. Got ya!.";
    writeLog('Formtoken');
    }

    }

    ?>
    #92326
    phendyr
    Member

    honestly not sure, I’m admittedly pretty novice when it comes to php, so when I created this page, I removed all the fields from the tutorial I didn’t need, then added mine one by one…. testing making sure it worked, which it did… then I added the checkboxes and select inputs, and it broke, so I thought it would be in the ids used. guess I’ll go back and continue adding one at a time until I see the issue pop up.

    #92342
    phendyr
    Member

    I was able to get my form working successfully. I basically started from scratch and went one by one, testing. slow but it won the day :) Now the only issue I see is that upon successful submission, the confirmation statement is hidden by my page’s background image?

    #92348
    phendyr
    Member

    I’ll give that a shot, even better, how would I make redirect to a confirmation page? I tried changing the echo to location: below – it still submits the form, just doesn’t do anything.


    // CHANGE THE BELOW VARIABLES TO YOUR NEEDS

    $to = '[email protected]';

    $subject = 'Test form submission from form';

    $headers = "From: " . $cleanedFrom . "rn";
    $headers .= "Reply-To: ". strip_tags($_POST) . "rn";
    $headers .= "MIME-Version: 1.0rn";
    $headers .= "Content-Type: text/html; charset=ISO-8859-1rn";

    if (mail($to, $subject, $message, $headers)) {
    header("Location: thank-you.html");
    } else {
    echo 'There was a problem sending the email.';
    }

    // DON'T BOTHER CONTINUING TO THE HTML...
    die();
    #92349
    standuncan
    Member

    I think you can use something like this:



    if (mail($to, $subject, $message, $headers)) {
    echo '';
    } else {
    echo '

    There was a problem sending the email.

    ';
    }

    #92322
    phendyr
    Member

    Thanks TT_Mark & Standuncan for your help. the rewrite for redirecting to a confirmation page didn’t seem to work with the script in the echo. neither did applying a z-index to the basic confirmation statement.

    appreciate the effort though. Great site and forum!

    #92358
    standuncan
    Member

    It’s worked for me in the past so… but my mail function is a little different than yours. I’m not real fluent with php so sorry I can’t help more.

    #92360
    phendyr
    Member

    well I’ve been trying just about every variation of header or echo to make it redirect and nothing has been successful. if anyone has any ideas, I’m all ears :/

    Thanks

    #92361
    phendyr
    Member

    I certainly don’t doubt your code standuncan :) unfortunately I’m pretty much a novice at editing PHP…. if there was a way to modify the mail function, w/o requiring rewriting the whole thing I’d be open to it, but I just don’t know, lol.

    Thanks again.

Viewing 10 posts - 1 through 10 (of 10 total)
  • The forum ‘Back End’ is closed to new topics and replies.